Pre-Installation Tasks for the Apache HTTP Server 2.2.x Agent

• Meeting the Requirements for the Apache HTTP Server 2.2.x Agent

• Setting Your JAVA_HOME Environment Variable

• Downloading and Unzipping the Agent Distribution File

• Creating a Password File

• Creating an Agent Profile

• Setting the IBM JDK/JRE for IBM AIX Systems

• Creating an Agent Administrator (Optional)

Meeting the Requirements for the Apache HTTP Server 2.2.x Agent

Before you install the Apache HTTP Server 2.2.x agent, your deployment must meet these requirements:

• An Apache HTTP Server 2.2.x instance must be installed and configured on the platform where you plan to install the agent. For a list of supported platforms, see Supported Platforms for the Apache HTTP Server 2.2.x Agent.

• An Oracle OpenSSO server instance must be installed and accessible to the Apache HTTP Server 2.2.x instance.

Setting Your JAVA_HOME Environment Variable

The agent installation program requires the Java Runtime Environment (JRE) 1.5 or later. Before you install the agent , set your JAVA_HOME environment variable to point to the JDK installation directory for the JDK version you are using. If you have not set this variable (or if you set it incorrectly), the program will prompt you for the correct path.

Downloading and Unzipping the Agent Distribution File

To Download and Unzip the Agent Distribution File

1. Login into the server where you want to install the Apache HTTP Server 2.2.xagent.

2. Create a directory to unzip the agent distribution file.

3. Download and unzip the agent distribution file, depending on your platform:

   Platform	Distribution File
   Solaris SPARC systems, 64–bit	apache_v22_SunOS_sparc_64_agent_3.zip
   Solaris SPARC systems, 32–bit	apache_v22_SunOS_sparc_agent_3.zip
   Solaris x86 systems, 64–bit	apache_v22_SunOS_x86_64_agent_3.zip
   Solaris x86 systems, 32–bit	apache_v22_SunOS_x86_agent_3.zip
   Linux systems, 64–bit	apache_v22_Linux_64_agent_3.zip
   Linux systems, 32–bit	apache_v22_Linux_agent_3.zip
   Windows systems	apache_v22_WINNT_agent_3.zip
   IBM AIX systems	apache_v22_AIX_agent_3.zip
   HP-UX systems	apache_v22_HP-UX_agent_3.zip

   These distribution files are available from the Oracle E-Delivery Web site:

   http://edelivery.oracle.com/

   The following table shows the files and directories after you unzip the agent distribution file. These files are in the following directory:

   AgentHome/web_agents/apache22_agent, where AgentHome is where you unzipped the agent distribution file.

   For example: /opt/web_agents/apache22_agent

   File or Directory	Description
   README.txt and license.txt	Readme and license files
   /bin	UNIX, Linux, and AIX systems: agentadmin, certutil, and crypt_util Windows systems: agentadmin.bat, certutil.exe, and cryptit.exe
   /config	Template, properties, and XML files
   /data	license.log file (Do not edit this file.)
   /etc	dsame.template file
   /lib	Library and JAR files
   /locale	Properties files
   /installer-logs	Log files after you install the agent

Creating a Password File

A password file is an ASCII text file with only one line specifying the password in clear text. By using a password file, you are not forced to expose a password at the command line during the agent installation. When you install the Apache HTTP Server agent using the agentadmin program, you are prompted to specify paths to following password files:

• An agent profile password file is required for both the agentadmin default and custom installation options.

• An agent administrator password file is required if you use the custom installation option and have the agentadmin program automatically create the agent profile in Oracle OpenSSO server during the installation. If you prefer, you can use amadmin as the agent administrator

To Create a Password File

1. Create an ASCII text file for the password file. For example: /tmp/apache22agentpw

2. If you want the agentadmin program to automatically create the agent profile in Oracle OpenSSO server during the installation, create another password file for the agent administrator. For example: /tmp/agentadminpw

3. Using a text editor, enter the appropriate password in clear text on the first line in each file.

4. Secure each password file appropriately, depending on the requirements for your deployment.

Creating an Agent Profile

A web agent uses an agent profile to communicate with Oracle OpenSSO server. For a version 3.0 agent, however, you must create an agent profile using any of these three methods:

• Use the Oracle OpenSSO Console, as described in this section.

• Use the ssoadm command-line utility with the create-agent subcommand. For more information about the ssoadm command, see the Sun OpenSSO Enterprise 8.0 Administration Reference.

• Choose the “Option to create the agent profile in the server during installation” when you run the agentadmin program.

To Create an Agent Profile in the Oracle OpenSSO Console

1. Login into the Oracle OpenSSO Administration Console as amAdmin.

2. Click Access Control, realm-name, Agents, and Web.

3. Under Agent, click New.

4. In the Name field, enter the name for the new agent profile.

5. Enter and confirm the Password.

   Important: This password must be the same password that you enter in the agent profile password file that you specify when you run the agentadmin program to install the agent.

6. In the Configuration field, check the location where the agent configuration properties are stored:

   • Local: In the OpenSSOAgentConfiguration.properties file on the server where the agent is installed.

   • Centralized: In the Oracle OpenSSO server central configuration data repository.

7. In the Server URL field, enter the Oracle OpenSSO server URL.

   For example: http://openssohost.example.com:8080/opensso

8. In the Agent URL field, enter the URL for the agent.

   For example: http://agenthost.example.com:8090/

9. Click Create.

   The console creates the agent profile and displays the WebAgent page again with a link to the new agent profile.

   To do additional configuration for the agent, click this link to display the Edit agent page. For information about the agent configuration fields, see the Console online Help.

   If you prefer, you can also use the ssoadm command-line utility to edit the agent profile. For more information, see the Sun OpenSSO Enterprise 8.0 Administration Reference.

Setting the IBM JDK/JRE for IBM AIX Systems

To Set the IBM JDK/JRE for IBM AIX Systems

Perform this task only if you are installing the Apache HTTP Server 2.2.x agent on an IBM AIX system and you are using the IBM JDK/JRE.

1. After you download and unzip the Apache HTTP Server 2.2.x agent distribution file for AIX, locate the agentadmin script in the following directory:

   AgentHome/web_agents/apache22_agent/bin, where AgentHome is where you unzipped the agent distribution file.

2. In the agentadmin script, comment out the following line, which sets the regular JDK/JRE classpath:

   $JAVA_VM -classpath "$AGENT_CLASSPATH" 
   com.sun.identity.install.tools.launch.AdminToolLauncher $*

3. In the agentadmin script, uncomment the following line at the end of the file, which sets the IBM JDK/JRE classpath:

   #$JAVA_VM -DamKeyGenDescriptor.provider=IBMJCE -DamCryptoDescriptor.provider=IBMJCE 
   -DamRandomGenProvider=IBMJCE -classpath "$AGENT_CLASSPATH" 
   com.sun.identity.install.tools.launch.AdminToolLauncher $*

4. Save your changes.

Creating an Agent Administrator (Optional)

Creating an agent administrator is optional. An agent administrator can manage agents in Oracle OpenSSO, including:

• Agent management: Use the agent administrator to manage agents either in the Oracle OpenSSO Console or by executing the ssoadm utility.

• Agent installation: If you install the agent using the custom installation option (agentadmin --custom-install) and want to have the installation program create the agent profile, specify the agent administrator (and password file) when you are prompted.

To Create an Agent Administrator

1. Login to Oracle OpenSSO Console as amadmin.

2. Create a new agents administrator group:

   1. Click Access Control, realm-name, Subjects, and then Group.

   2. Click New.

   3. In ID, enter the name of the group. For example: agentadmingroup

   4. Click OK.

3. Create a new agent administrator user and add the agent administrator user to the agents administrator group:

   1. Click Access Control, realm-name, Subjects, and then User.

   2. Click New and provide the following values:

      • ID: Name of the agent administrator. For example: agentadminuser

        This is the name you will use to login to the Oracle OpenSSO Console .

      • First Name (optional), Last Name, and Full Name.

        For simplicity, use the same name for each of these values that you specified in the previous step for ID.

      • Password (and confirmation)

      • User Status: Active

   3. Click OK.

   4. Click the new agent administrator name.

   5. On the Edit User page, click Group.

   6. Add the agents administrator group from Available to Selected.

   7. Click Save.

4. Assign read and write access to the agents administrator group:

   1. Click Access Control, realm-name, Privileges and then on the new agents administrator group link.

   2. Check Read and write access to all configured Agents.

   3. Click Save.

Next Steps

Login into the Oracle OpenSSO Console as the new agent administrator. The only available top-level tab is Access Control. Under realm-name, you will see only the Agents tab and sub tabs.