test

Sun Java System Access Manager Policy Agent 2.2 Guide for SAP Enterprise Portal 6.0 and Web Application Server 6.40

Post-Installation of Agent for SAP Portal 6.0/Server 6.40: SAP Enterprise Portal 6.0

Perform the tasks in this section if you are configuring Agent for SAP Portal 6.0/Server 6.40 on SAP Enterprise Portal 6.0. This section includes a variety of short configuration tasks that are required for the agent to work on this specific deployment container. Complete all the tasks described in this section before performing the applicable tasks described in Conditional Post-Installation Steps for J2EE Agents in Policy Agent 2.2.

ProcedureTo Deploy the Agent Software Delivery Archive for SAP Enterprise Portal 6.0

This is one of the post-installation tasks required when Agent for SAP Portal 6.0/Server 6.40 has been installed on SAP Enterprise Portal 6.0.

Before You Begin

The following file is the Software Delivery Archive for this agent: AMSAPAgent2.2.sda.

For this task, you must provide the full path name to this Software Delivery Archive, as such:

PolicyAgent-base/etc/AmSAPAgent2.2.sda

Therefore, locate this file and record the full path name for use as part of the task.

  1. (Conditional) If the SAP Enterprise Portal 6.0 is not running, start it now.

  2. Start the Software Deployment Manager (SDM) Remote GUI.

    The following example provides the path to the SDM Remote GUI on UNIX systems:

    /usr/sap/SID/instanceName/SDM/program/RemoteGui.sh
    SID

    represents the SAP system ID.

    instanceName

    represents the SAP Enterprise Portal 6.0 instance.

  3. Log in to the GUI.

  4. Select the Deployment tab.

  5. Add the full path name to the following file:

    PolicyAgent-base/etc/AmSAPAgent2.2.sda

  6. Click the icon of the clipboard with the plus sign.

  7. Click Next until you reach the deployment Start button.

  8. Click Start.

  9. (Conditional) If using the agent with Access Manager 6.3, configure the appropriate library.

    Note –

    This step is similar to the steps required for the general configuration of the agent for Access Manager 6.3. For more information, see To Configure a J2EE Agent With Access Manager 6.3.

    By default, the AmSAPAgent2.2.library library is configured specifically for Access Manager 7. To use the agent with Access Manager 6.3, perform the following substeps.

    1. Stop the J2EE Engine.

    2. Change to the following directory:


      /usr/sap/SID/instanceName/j2ee/cluster/server0/bin/ext/AmSAPAgent2.2
      SID

      represents the SAP system ID.

      instanceName

      represents the SAP Enterprise Portal 6.0 instance.

    3. Create a backup copy of the Access Manager 7 amclientsdk.jar file, giving the copy a name such as amclientsdk70.jar

    4. Copy the amclientsdk63.jar file to the same directory. Again, the directory is as follows:


      /usr/sap/SID/instanceName/j2ee/cluster/server0/bin/ext/AmSAPAgent2.2

      The following is the full path to the amclientsdk63.jar file:

      PolicyAgent-base/etc/amclientsdk63.jar

    5. Restart the J2EE engine.

ProcedureTo Add a Reference From sap.com/irj to the New AmSAPAgent2.2 Library for SAP Enterprise Portal 6.0

This is one of the post-installation tasks required when Agent for SAP Portal 6.0/Server 6.40 has been installed on SAP Enterprise Portal 6.0.

This task description explains how to add a library reference from the sap.com/irj application to the newly deployed AmSAPAgent2.2 library.

Use the command line for this task.

  1. Telnet to the J2EE telnet port by issuing a command such as the following:

    $ telnet j2ee-engine-host instance-port

    j2ee-engine-host

    represents the machine that hosts the SAP Enterprise Portal 6.0 instance.

    instance-port

    represents the port number of the SAP Enterprise Portal 6.0 instance.

    The following example demonstrates the format of the telnet command to issue:


    telnet saphost.example.com 50008

    After you issue a command similar to the preceding command, a message such as the following appears:

    Telnet Administration 
        [SAP J2EE Engine]

        Login:
        Password:

  2. Log in using Administrator as the user and the corresponding Administrator password.

  3. Issue the following command:

    $ jump 0

    A message such as the following appears:

    You jumped on node 56457550

  4. Issue the following command:

    $ add deploy

  5. Issue the following command:

    $ CHANGE_REF -m sap.com/irj library:AmSAPAgent2.2

    The following message appears:

    The reference between application sap.com/irj and 
library:AmSAPAgent2.2 was made!

  6. Stop and start the SAP Enterprise Portal 6.0 instance.

ProcedureTo Provide Access to the New Login Module for SAP Enterprise Portal 6.0

This is one of the post-installation tasks required when Agent for SAP Portal 6.0/Server 6.40 has been installed on SAP Enterprise Portal 6.0.

This task description explains how to add the new login module to the J2EE engine list of login modules.

  1. (Conditional) If the SAP Enterprise Portal 6.0 is not running, start it now.

  2. Start the Visual Administration tool.

    The following example provides the path to the Visual Administration tool on UNIX systems:

    /usr/sap/SID/instanceName/j2ee/admin/go
    SID

    represents the SAP system ID.

    instanceName

    represents the SAP Enterprise Portal 6.0 instance.

  3. Log in to the Visual Administration tool.

  4. Select the Security Provider service.

  5. Select the User Management tab.

  6. Click Manage Security Stores.

  7. Click Add Login Module.

    A dialog box appears.

  8. Click OK.

  9. In the Class Name text field, enter the following:

    com.sun.identity.agents.sap.v640.AmSAPEP6LoginModule

  10. In the Display Name text field, enter the following:

    AmSAPEP6LoginModule

ProcedureTo Modify the Ticket Template to Use the New Login Module for SAP Enterprise Portal 6.0

This is one of the post-installation tasks required when Agent for SAP Portal 6.0/Server 6.40 has been installed on SAP Enterprise Portal 6.0.

This task description explains how to modify the ticket template in order to list the new login module that you just added to the J2EE engine list of login modules.

Before You Begin

If necessary, start and log in to the Visual Administration tool as detailed in the preceding task description.

  1. Select the Security Provider service.

  2. Select the Policy Configurations tab.

  3. In the Components list, select the ticket authentication template.

  4. Delete all login modules, except for the following:

    com.sap.security.core.server.jaas.EvaluteTicketLoginModule
com.sap.security.core.server.jaas.CreateTicketLoginModule

  5. Click Add New.

  6. From the list of modules, select AmSAPEP6LoginModule.

  7. Click Modify.

  8. Move AmSAPEP6LoginModule between the following two remaining login modules:

    com.sap.security.core.server.jaas.EvaluteTicketLoginModule
com.sap.security.core.server.jaas.CreateTicketLoginModule

    The new ticket authentication template appears as such:

    EvaluateTicketLoginModule

    SUFFICIENT

    AmSAPEP6LoginModule

    REQUISITE

    CreateTicketLoginModule

    OPTIONAL

    Caution – Caution –

    Ensure that the ticket authentication template resembles the preceding list in that it follows the same sequence (EvaluateTicketLoginModule, AmSAPEP6LoginModule, and CreateTicketLoginModule) with the same values (SUFFICIENT, REQUISITE, and OPTIONAL).

Next Steps

Save the ticket authentication template configuration.

ProcedureTo Make a Class Loader Reference to the Login Module for SAP Enterprise Portal 6.0

This is one of the post-installation tasks required when Agent for SAP Portal 6.0/Server 6.40 has been installed on SAP Enterprise Portal 6.0.

Before You Begin

If necessary, start and log in to the Visual Administration tool as described in To Provide Access to the New Login Module for SAP Enterprise Portal 6.0.

  1. Select the Security Provider service.

  2. For the value of the LoginModuleClassLoaders property, enter the following:

    library:AmSAPAgent2.2

    If multiple entries are required in this field, separate the entries by commas.

ProcedureTo Modify the SAP Enterprise Portal 6.0 Class Path

This is one of the post-installation tasks required when Agent for SAP Portal 6.0/Server 6.40 has been installed on SAP Enterprise Portal 6.0.

This task description explains how to modify the SAP Enterprise Portal 6.0 class path by adding a locale directory and a config directory.

  1. Start the J2EE Engine configuration tool.

    The following example provides the path to the configuration tool on UNIX systems:

    /usr/sap/SID/instanceName/j2ee/configtool/configtool.sh
    SID

    represents the SAP system ID.

    instanceName

    represents the SAP Enterprise Portal 6.0 instance.

  2. Log in to the configuration tool.

  3. Highlight the SAP Enterprise Portal 6.0 instance server (SID).

  4. In the right panel, in the class path text field, add the locale directory and the config directory to the end of the class path as follows:

    ;PolicyAgent-base/locale;PolicyAgent-base/AgentInstance-Dir/config

    To simplify this step, you might want to access the agentclasspath.txt file within the config directory of the current agent instance. This file contains the exact class path that you must append to the class path of the SAP Enterprise Portal 6.0 instance.

ProcedureTo Modify the SAP Enterprise Portal 6.0 JVM Options (AIX Systems Only)

This task is specific to AIX systems and is necessary because AIX systems come with an IBM JDK which does not come with the Sun Microsystems JCE provider.

  1. Start the J2EE Engine configuration tool.

    The following example provides the path to the configuration tool on UNIX systems:

    /usr/sap/SID/instanceName/j2ee/configtool/configtool.sh
    SID

    represents the SAP system ID.

    instanceName

    represents the SAP Enterprise Portal 6.0 instance.

  2. Log in to the configuration tool.

  3. Highlight the SAP Enterprise Portal 6.0 instance server (SID).

  4. In the right panel, in the Java Parameters field, add the following lines:


    -DamKeyGenDescriptor.provider=IBMJCE
    		 

    -DamCryptoDescriptor.provider=IBMJCE

ProcedureTo Configure the ume.logoff.redirect.url Parameter for SAP Enterprise Portal 6.0

This is one of the post-installation tasks required when Agent for SAP Portal 6.0/Server 6.40 has been installed on SAP Enterprise Portal 6.0.

  1. Start the J2EE Engine configuration tool.

    The following example provides the path to the configuration tool on UNIX systems:

    /usr/sap/SID/instanceName/j2ee/configtool/configtool.sh
    SID

    represents the SAP system ID.

    instanceName

    represents the SAP Enterprise Portal 6.0 instance.

  2. Log in to the configuration tool.

  3. Click the pencil icon to switch to the configuration editor mode.

  4. Click the pencil and glasses icon.

  5. Select cluster_data -> server -> cfg -> services.

    The UME service property sheet appears.

  6. Double click the following property sheet: com.sap.security.core.ume.service.

  7. Add the following custom value to the property named ume.logoff.redirect.uri:

    http://AMServices-host:AMServices-port/amserver/UI/Login?arg=newsession

    AMServices-host

    represents the fully qualified host name of the server where Access Manager Services are installed.

    AMServices-port

    represents the port number of the server where Access Manager Services are installed.

ProcedureTo Deploy the agentapp.war file for SAP Enterprise Portal 6.0

This is one of the post-installation tasks required when Agent for SAP Portal 6.0/Server 6.40 has been installed on SAP Enterprise Portal 6.0.

  1. Start the J2EE engine deploy tool by issuing the following command:

    /usr/sap/SID/instanceName/j2ee.deploying/DeployTool
    SID

    represents the SAP system ID.

    instanceName

    represents the SAP Enterprise Portal 6.0 instance.

    Caution – Caution –

    Create a subdirectory for the agent application in DeployContainer-base. In this scenario, DeployContainer-base represents the directory within which the SAP Enterprise Portal 6.0 instance was installed. Creating a subdirectory ensures that no other directories are affected by the agent application. If you undeploy the agentapp.war file without creating this subdirectory, DeployTool removes other critical content in the DeployContainer-base directory.

  2. Create a new project.

  3. Load the agentapp.war file using the following full path name:

    PolicyAgent-base/etc/agentapp.war

ProcedureTo Add a Reference From sap.com/agentapp to the New AmSAPAgent2.2 Library for SAP Enterprise Portal 6.0

This is one of the post-installation tasks required when Agent for SAP Portal 6.0/Server 6.40 has been installed on SAP Enterprise Portal 6.0.

This task description explains how to add a library reference from the sap.com/agentapp application to the newly deployed AmSAPAgent2.2 library.

Use the command line for this task.

  1. Telnet to the J2EE telnet port by issuing a command such as the following:

    $ telnet j2ee-engine-host instance-port

    j2ee-engine-host

    represents the machine that hosts the SAP Enterprise Portal 6.0 instance.

    instance-port

    represents the port number of the SAP Enterprise Portal 6.0 instance.

    The following example demonstrates the format of the telnet command to issue:


    telnet saphost.example.com 50008

    After you issue a command similar to the preceding command, a message such as the following appears:

    Telnet Administration 
        [SAP J2EE Engine]

        Login:
        Password:

  2. Log in using Administrator as the user and the corresponding Administrator password.

  3. Issue the following command:

    $ jump 0

    A message such as the following appears:

    You jumped on node 56457550

  4. Issue the following command:

    $ add deploy

  5. Issue the following command:

    $ CHANGE_REF -m sap.com/agentapp library:AmSAPAgent2.2

    The following message appears:

    The reference between application sap.com/agentapp and 
library:AmSAPAgent2.2 was made!

  6. Stop and start the SAP Enterprise Portal 6.0 instance.