Perform the tasks in this section if you are configuring Agent for SAP Portal 6.0/Server 6.40 on SAP Enterprise Portal 6.0. This section includes a variety of short configuration tasks that are required for the agent to work on this specific deployment container. Complete all the tasks described in this section before performing the applicable tasks described in Conditional Post-Installation Steps for J2EE Agents in Policy Agent 2.2.
This is one of the post-installation tasks required when Agent for SAP Portal 6.0/Server 6.40 has been installed on SAP Enterprise Portal 6.0.
The following file is the Software Delivery Archive for this agent: AMSAPAgent2.2.sda.
For this task, you must provide the full path name to this Software Delivery Archive, as such:
PolicyAgent-base/etc/AmSAPAgent2.2.sda
Therefore, locate this file and record the full path name for use as part of the task.
(Conditional) If the SAP Enterprise Portal 6.0 is not running, start it now.
Start the Software Deployment Manager (SDM) Remote GUI.
The following example provides the path to the SDM Remote GUI on UNIX systems:
/usr/sap/SID/instanceName/SDM/program/RemoteGui.sh
represents the SAP system ID.
represents the SAP Enterprise Portal 6.0 instance.
Log in to the GUI.
Select the Deployment tab.
Add the full path name to the following file:
PolicyAgent-base/etc/AmSAPAgent2.2.sda
Click the icon of the clipboard with the plus sign.
Click Next until you reach the deployment Start button.
Click Start.
(Conditional) If using the agent with Access Manager 6.3, configure the appropriate library.
This step is similar to the steps required for the general configuration of the agent for Access Manager 6.3. For more information, see To Configure a J2EE Agent With Access Manager 6.3.
By default, the AmSAPAgent2.2.library library is configured specifically for Access Manager 7. To use the agent with Access Manager 6.3, perform the following substeps.
Stop the J2EE Engine.
Change to the following directory:
/usr/sap/SID/instanceName/j2ee/cluster/server0/bin/ext/AmSAPAgent2.2 |
represents the SAP system ID.
represents the SAP Enterprise Portal 6.0 instance.
Create a backup copy of the Access Manager 7 amclientsdk.jar file, giving the copy a name such as amclientsdk70.jar
Copy the amclientsdk63.jar file to the same directory. Again, the directory is as follows:
/usr/sap/SID/instanceName/j2ee/cluster/server0/bin/ext/AmSAPAgent2.2 |
The following is the full path to the amclientsdk63.jar file:
PolicyAgent-base/etc/amclientsdk63.jar
Restart the J2EE engine.
This is one of the post-installation tasks required when Agent for SAP Portal 6.0/Server 6.40 has been installed on SAP Enterprise Portal 6.0.
This task description explains how to add a library reference from the sap.com/irj application to the newly deployed AmSAPAgent2.2 library.
Use the command line for this task.
Telnet to the J2EE telnet port by issuing a command such as the following:
$ telnet j2ee-engine-host instance-port
represents the machine that hosts the SAP Enterprise Portal 6.0 instance.
represents the port number of the SAP Enterprise Portal 6.0 instance.
The following example demonstrates the format of the telnet command to issue:
telnet saphost.example.com 50008 |
After you issue a command similar to the preceding command, a message such as the following appears:
Telnet Administration [SAP J2EE Engine] Login: Password:
Log in using Administrator as the user and the corresponding Administrator password.
Issue the following command:
$ jump 0
A message such as the following appears:
You jumped on node 56457550
Issue the following command:
$ add deploy
Issue the following command:
$ CHANGE_REF -m sap.com/irj library:AmSAPAgent2.2
The following message appears:
The reference between application sap.com/irj and library:AmSAPAgent2.2 was made!
Stop and start the SAP Enterprise Portal 6.0 instance.
This is one of the post-installation tasks required when Agent for SAP Portal 6.0/Server 6.40 has been installed on SAP Enterprise Portal 6.0.
This task description explains how to add the new login module to the J2EE engine list of login modules.
(Conditional) If the SAP Enterprise Portal 6.0 is not running, start it now.
Start the Visual Administration tool.
The following example provides the path to the Visual Administration tool on UNIX systems:
/usr/sap/SID/instanceName/j2ee/admin/go
represents the SAP system ID.
represents the SAP Enterprise Portal 6.0 instance.
Log in to the Visual Administration tool.
Select the Security Provider service.
Select the User Management tab.
Click Manage Security Stores.
Click Add Login Module.
A dialog box appears.
Click OK.
In the Class Name text field, enter the following:
com.sun.identity.agents.sap.v640.AmSAPEP6LoginModule
In the Display Name text field, enter the following:
AmSAPEP6LoginModule
This is one of the post-installation tasks required when Agent for SAP Portal 6.0/Server 6.40 has been installed on SAP Enterprise Portal 6.0.
This task description explains how to modify the ticket template in order to list the new login module that you just added to the J2EE engine list of login modules.
If necessary, start and log in to the Visual Administration tool as detailed in the preceding task description.
Select the Security Provider service.
Select the Policy Configurations tab.
In the Components list, select the ticket authentication template.
Delete all login modules, except for the following:
com.sap.security.core.server.jaas.EvaluteTicketLoginModule com.sap.security.core.server.jaas.CreateTicketLoginModule
Click Add New.
From the list of modules, select AmSAPEP6LoginModule.
Click Modify.
Move AmSAPEP6LoginModule between the following two remaining login modules:
com.sap.security.core.server.jaas.EvaluteTicketLoginModule com.sap.security.core.server.jaas.CreateTicketLoginModule
The new ticket authentication template appears as such:
SUFFICIENT
REQUISITE
OPTIONAL
Ensure that the ticket authentication template resembles the preceding list in that it follows the same sequence (EvaluateTicketLoginModule, AmSAPEP6LoginModule, and CreateTicketLoginModule) with the same values (SUFFICIENT, REQUISITE, and OPTIONAL).
Save the ticket authentication template configuration.
This is one of the post-installation tasks required when Agent for SAP Portal 6.0/Server 6.40 has been installed on SAP Enterprise Portal 6.0.
If necessary, start and log in to the Visual Administration tool as described in To Provide Access to the New Login Module for SAP Enterprise Portal 6.0.
Select the Security Provider service.
For the value of the LoginModuleClassLoaders property, enter the following:
library:AmSAPAgent2.2
If multiple entries are required in this field, separate the entries by commas.
This is one of the post-installation tasks required when Agent for SAP Portal 6.0/Server 6.40 has been installed on SAP Enterprise Portal 6.0.
This task description explains how to modify the SAP Enterprise Portal 6.0 class path by adding a locale directory and a config directory.
Start the J2EE Engine configuration tool.
The following example provides the path to the configuration tool on UNIX systems:
/usr/sap/SID/instanceName/j2ee/configtool/configtool.sh
represents the SAP system ID.
represents the SAP Enterprise Portal 6.0 instance.
Log in to the configuration tool.
Highlight the SAP Enterprise Portal 6.0 instance server (SID).
In the right panel, in the class path text field, add the locale directory and the config directory to the end of the class path as follows:
;PolicyAgent-base/locale;PolicyAgent-base/AgentInstance-Dir/config
To simplify this step, you might want to access the agentclasspath.txt file within the config directory of the current agent instance. This file contains the exact class path that you must append to the class path of the SAP Enterprise Portal 6.0 instance.
This task is specific to AIX systems and is necessary because AIX systems come with an IBM JDK which does not come with the Sun Microsystems JCE provider.
Start the J2EE Engine configuration tool.
The following example provides the path to the configuration tool on UNIX systems:
/usr/sap/SID/instanceName/j2ee/configtool/configtool.sh
represents the SAP system ID.
represents the SAP Enterprise Portal 6.0 instance.
Log in to the configuration tool.
Highlight the SAP Enterprise Portal 6.0 instance server (SID).
In the right panel, in the Java Parameters field, add the following lines:
-DamKeyGenDescriptor.provider=IBMJCE |
-DamCryptoDescriptor.provider=IBMJCE |
This is one of the post-installation tasks required when Agent for SAP Portal 6.0/Server 6.40 has been installed on SAP Enterprise Portal 6.0.
Start the J2EE Engine configuration tool.
The following example provides the path to the configuration tool on UNIX systems:
/usr/sap/SID/instanceName/j2ee/configtool/configtool.sh
represents the SAP system ID.
represents the SAP Enterprise Portal 6.0 instance.
Log in to the configuration tool.
Click the pencil icon to switch to the configuration editor mode.
Click the pencil and glasses icon.
Select cluster_data -> server -> cfg -> services.
The UME service property sheet appears.
Double click the following property sheet: com.sap.security.core.ume.service.
Add the following custom value to the property named ume.logoff.redirect.uri:
http://AMServices-host:AMServices-port/amserver/UI/Login?arg=newsession
represents the fully qualified host name of the server where Access Manager Services are installed.
represents the port number of the server where Access Manager Services are installed.
This is one of the post-installation tasks required when Agent for SAP Portal 6.0/Server 6.40 has been installed on SAP Enterprise Portal 6.0.
Start the J2EE engine deploy tool by issuing the following command:
/usr/sap/SID/instanceName/j2ee.deploying/DeployTool
represents the SAP system ID.
represents the SAP Enterprise Portal 6.0 instance.
Create a subdirectory for the agent application in DeployContainer-base. In this scenario, DeployContainer-base represents the directory within which the SAP Enterprise Portal 6.0 instance was installed. Creating a subdirectory ensures that no other directories are affected by the agent application. If you undeploy the agentapp.war file without creating this subdirectory, DeployTool removes other critical content in the DeployContainer-base directory.
Create a new project.
Load the agentapp.war file using the following full path name:
PolicyAgent-base/etc/agentapp.war
This is one of the post-installation tasks required when Agent for SAP Portal 6.0/Server 6.40 has been installed on SAP Enterprise Portal 6.0.
This task description explains how to add a library reference from the sap.com/agentapp application to the newly deployed AmSAPAgent2.2 library.
Use the command line for this task.
Telnet to the J2EE telnet port by issuing a command such as the following:
$ telnet j2ee-engine-host instance-port
represents the machine that hosts the SAP Enterprise Portal 6.0 instance.
represents the port number of the SAP Enterprise Portal 6.0 instance.
The following example demonstrates the format of the telnet command to issue:
telnet saphost.example.com 50008 |
After you issue a command similar to the preceding command, a message such as the following appears:
Telnet Administration [SAP J2EE Engine] Login: Password:
Log in using Administrator as the user and the corresponding Administrator password.
Issue the following command:
$ jump 0
A message such as the following appears:
You jumped on node 56457550
Issue the following command:
$ add deploy
Issue the following command:
$ CHANGE_REF -m sap.com/agentapp library:AmSAPAgent2.2
The following message appears:
The reference between application sap.com/agentapp and library:AmSAPAgent2.2 was made!
Stop and start the SAP Enterprise Portal 6.0 instance.