Installation Issues

Information about Java System Enterprise installation issues is contained in the Java Enterprise System 5 Release Notes. See the section Access Manager Installation Issues in Sun Java Enterprise System 5 Release Notes for UNIX.

This section contains the following Known Issues:

• Access Manager single WAR deployment on WebLogic requires JAX-RPC 1.0 JAR files to communicate with client SDK (6555040)

• Additional .jar file is required for single WAR generated by the Java Enterprise System 5 installer for Websphere 5.1 (6550261)

• Single WAR deployment for Webshpere requires changes to server.xml to communicate with client SDK (6554379)

• Changes required for Distributed Authentication to work with Access Manager single War for Weblogic and Webshpere (6554372)

• Single WAR Configurator fails against DS (6562076)

• Multi-server configuration of AM Single WAR on same host throws exception (6490150)

Access Manager single WAR deployment on WebLogic requires JAX-RPC 1.0 JAR files to communicate with client SDK (6555040)

There is a known issue with the single WAR deployed on Weblogic 8.1, with JAX-RPC initialization. In order for Access Manager to communicate with the client SDK, you need to replace the JAX-RCP 1.1 jar files with JAX-RPC 1.0 jar files.

Workaround:

There are two ways to obtain the WAR file. One is through the Java Enterprise System 5 installer with Access Manager set to the Configure Later option, the other is from Sun's download site.

If you have generated the WAR file through the Java Enterprise System 5 installer with the Configure Later option:

1. Remove the following JAXRPC 1.1 .jar files from AccessManager-base/SUNWam/web-src/WEB-INF/lib:

   • jaxrpc-api.jar

   • jaxrpc-spi.jar

   • jaxrpc-impl.jar

2. Copy the following .jar files from their respective locations to AccessManager-base/SUNWam/web-src/WEB-INF/lib:

   • jaxrpc-api.jar from /opt/SUNWam/lib/jaxrpc 1.0

   • jaxrpc_ri.jar from /opt/SUNWam/lib/jaxrpc 1.0

   • commons-logging.jar from /opt/SUNWmfwk/lib

3. Goto AccessManager-base/SUNWam/bin/ and run the following command:

   amconfig —s samplesilent

   For more information on configuring Access Manager using the amconfig script, see Running the Access Manager amconfig Script in the Access Manager Post Installation Guide.

If you have obtained the WAR file through the Oracle download site (http://www.oracle.com/technetwork/indexes/downloads/index.html):

1. Acquire the ZIP_ROOT/applications/jdk14/amserver.war file and explode it into a staging area, such as /tmp/am-staging.

2. Remove the following JAXRPC 1.1 .jar files from /tmp/am-staging/WEB-INF/lib:

   • jaxrpc-api.jar

   • jaxrpc-spi.jar

   • jaxrpc-impl.jar

3. Copy the following JAXRPC 1.0 .jar files and the commons logging .jar file, located in the ZIP_ROOT/applications/jdk14/jarFix directory to /tmp/am-staging/WEB-INF/lib:

   • jaxrpc-api.jar

   • jaxrpc-ri.jar

   • commons-logging.jar

4. Recreate and deploy the Access Manager WAR. For more information, see Deploying Access Manager as a Single WAR File in the Access Manager Post Installation Guide.

Additional .jar file is required for single WAR generated by the Java Enterprise System 5 installer for Websphere 5.1 (6550261)

If the Access Manager single WAR is generated using the Java Enterprise System 5 installer with the Configure Later option, additional .jar files are required before you deploy Websphere 5.1.

Workaround:

1. Copy jsr173_api.jar from /usr/share/lib to the AcessManager-base/opt/SUNWam/web-src/WEB-INF/lib directory.

2. Goto AccessManager-base/SUNWam/bin/ and run the following command:

   amconfig —s samplesilent

   For more information on configuring Access Manager using the amconfig script, see Running the Access Manager amconfig Script in the Access Manager Post Installation Guide.

Single WAR deployment for Webshpere requires changes to server.xml to communicate with client SDK (6554379)

In order for the Access Manager single WAR deployment with Websphere 5.1 to successfully communicate with the client SDK, you must make changes to the server.xml file.

Workaround:

To correctly change the server.xml file, see the following steps:

1. Acquire the amserver.war file. There are two ways to get the single WAR file; through the Java Enterprise System 5 installer with the Configure Later option, or through the sun download site.

   ---

   Note –

   If you have generated the WAR file through the Java Enterprise System 5 installer, make sure that you complete the steps outlined in Known Issue #6550261.

   ---

2. Explode the Access Manager WAR into a staging area, for instance /tmp/am-staging.

3. Copy the following shared .jar files from /tmp/am-staging/WEB-INF/lib to a shared location, such as/export/jars:

   jaxrpc-api.jar         jaxrpc-spi.jar                jaxrpc-impl.jar              saaj-api.jar
   saaj-impl.jar           xercesImpl.jar               namespace.jar                xalan.jar
   dom.jar                     jax-qname.jar               jaxb-api.jar                     jaxb-impl.jar
   jaxb-libs.jar            jaxb-xjc.jar                    jaxr-api.jar                     jaxr-impl.jar
   xmlsec.jar                swec.jar                          acmecrypt.jar                  iaik_ssl.jar
   iaik_jce_full.jar       mail.jar                             activation.jar                   relaxngDatatype.jar
   xsdlib.jar                   mfwk_instrum_tk.jar   FastInfoset.jar                jsr173_api.jar

4. Remove the same .jar files from the /tmp/am-staging/WEB-INF/lib in the staging area.

5. Update the Webshpere instance's server.xml. Make the changes to jvmEntries in server.xml if your default instance location is/opt/WebSphere/AppServer/config/cells/node-name/nodes/node-name/servers/server1, as shown below:

            <classpath>/export/jars/jaxrpc-api.jar:/export/jars/jaxrpc-spi.jar:
           /export/jars/jaxrpc-impl.jar:/export/jars/saaj-api.jar:
           /export/jars/saaj-impl.jar:/export/jars/xercesImpl.jar:
           /export/jars/namespace.jar:/export/jars/xalan.jar:/export/jars/dom.jar:
           /export/jars/jax-qname.jar:/export/jars/jaxb-api.jar:/export/jars/jaxb-impl.jar:
           /export/jars/jaxb-libs.jar:/export/jars/jaxb-xjc.jar:/export/jars/jaxr-api.jar:
           /export/jars/jaxr-impl.jar:/export/jars/xmlsec.jar:/export/jars/swec.jar:
           /export/jars/acmecrypt.jar:/export/jars/iaik_ssl.jar:
           /export/jars/iaik_jce_full.jar:/export/jars/mail.jar:
           /export/jars/activation.jar::/export/jars/relaxngDatatype.jar:
           /export/jars/xsdlib.jar:/export/jars/mfwk_instrum_tk.jar:
           /export/jars/FastInfoset.jar:/export/jars/jsr173_api.jar</classpath>

6. Restart the container.

7. Recreate and deploy the Access Manager WAR from /tmp/am-staging. For more information, see Deploying Access Manager as a Single WAR File in the Access Manager Deployment Planning Guide.

Changes required for Distributed Authentication to work with Access Manager single War for Weblogic and Webshpere (6554372)

The Distributed Authentication WAR requires additional jar files for parsing for both Weblogic 8.1 and Websphere 5.1 because the container is version JDK14. The JDK14 .jar files are located in the following directory of the .zip file:

ZIP-ROOT/applications/jdk14/jarFix

Workaround:

For Weblogic 8.1:

1. Configure Distributed Authentication using the setup scripts. See Deploying a Distributed Authentication UI Server in the Access Manager Post Installation Guide.

2. Explode the updated Distributed Authentication WAR into a temporary location, such as /tmp/dist-auth.

3. Copy xercesImpl.jar, dom.jar and xalan.jar to the /tmp/dist_auth/WEB-INF/lib directory from ZIP-ROOT/applications/jdk14/jarFix.

4. Regenerate the Distributed Authentication WAR from the temporary location and deploy it. For more information, see Deploying a Distributed Authentication UI Server WAR File in the Access Manager Post Installation Guide.

For Websphere 5.1:

1. Configure Distributed Authentication using the setup scripts. See Deploying a Distributed Authentication UI Server in the Access Manager Post Installation Guide.

2. Explode the updated Distributed Authentication WAR into a temporary location, such as /tmp/dist_auth/.

3. Copy xercesImpl.jar, dom.jar and xalan.jar to the /tmp/dist_auth/WEB-INF/lib directory from ZIP-ROOT/applications/jdk14/jarFix.

4. Edit theWEB-INF/web.xml file and replace jar://web-app_2_3.dtd with http://java.sun.com/dtd/web-app_2_3.dtd.

5. Regenerate the Distributed Authentication WAR from the temporary location and deploy it. For more information, see Deploying a Distributed Authentication UI Server WAR File in the Access Manager Post Installation Guide.

Single WAR Configurator fails against DS (6562076)

Access Manager deployed as a single WAR fails to configure on Directory Server 6 with a single component root suffix, for example. dc=example. However, it works with multi component root suffix, for example dc=example,dc=com. After running the configurator with configuration datastore as Sun Java System Directory server, it is always advised to go and edit the serverconfig.xml to replace the cn=directory manager with less privileged user, such as cn=dsameuser. This user should be available in the directory server with proper access permissions to the Access Manager service tree.

Workaround: Use the multi component root suffix, for example dc=example,dc=com.

Multi-server configuration of AM Single WAR on same host throws exception (6490150)

When configuring the second instance of Access Manager single WAR on the same host against Directory Server, it throws an exception while updating the Organization Alias. This issue does not occur if the second instance configured is on a different host.