Perform the tasks in this section if you are configuring Agent for SAP Enterprise Portal 7.0/Web Application Server 7.0 on SAP Enterprise Portal 7.0. This section includes a variety of short configuration tasks that are required for the agent to work on this specific deployment container. Complete all the tasks described in this section before performing the applicable tasks described in Conditional Post-Installation Steps for J2EE Agents in Policy Agent 2.2.
This is one of the post-installation tasks required when Agent for SAP Enterprise Portal 7.0/Web Application Server 7.0 has been installed on SAP Enterprise Portal 7.0.
This task description explains how to add a library reference from the sap.com/irj application to the newly deployed AmSAPAgent2.2 library.
Use the command line for this task.
Telnet to the J2EE telnet port by issuing a command such as the following:
$ telnet j2ee-engine-host instance-telnet-port
represents the machine that hosts the SAP Enterprise Portal 7.0 instance.
represents the port number of the telnet administration service of the SAP Enterprise Portal 7.0 instance.
The following example demonstrates the format of the telnet command to issue:
telnet saphost.example.com 50008 |
For a graphical representation of telnet administration as described in the steps that follow in this task, see the following figure.
Log in using Administrator as the user and the corresponding Administrator password.
Issue the following command:
$ jump 0
A message such as the following appears:
You jumped on node 4503950
Issue the following command:
$ add deploy
Issue the following command:
$ CHANGE_REF -m sap.com/irj library:AmSAPAgent2.2
The following message appears:
The reference between application sap.com/irj and library:AmSAPAgent2.2 was made!
Stop and start the SAP Enterprise Portal 7.0 instance.
This is one of the post-installation tasks required when Agent for SAP Enterprise Portal 7.0/Web Application Server 7.0 has been installed on SAP Enterprise Portal 7.0.
This task description explains how to add the new login module to the J2EE engine list of login modules.
(Conditional) If the SAP Enterprise Portal 7.0 is not running, start it now.
Start the Visual Administration tool.
The following example provides the path to the Visual Administration tool on UNIX systems:
/usr/sap/SID/instanceName/j2ee/admin/go
represents the SAP system ID.
represents the SAP Enterprise Portal 7.0 instance.
Log in to the Visual Administration tool.
For a graphical representation of the Visual Administration tool as described in the steps that follow in this task, see Figure 4–9.
Select the Security Provider service.
Select the User Management tab.
Switch to the edit mode by clicking the pencil icon in the far left corner of the right panel.
Click Manage Security Stores.
Click Add Login Module.
A dialog box appears.
Click OK.
In the Class Name text field, enter the following:
com.sun.identity.agents.sap.v70.AmSAPEP70LoginModule
In the Display Name text field, enter the following:
AmSAPEP70LoginModule
Click OK.
This is one of the post-installation tasks required when Agent for SAP Enterprise Portal 7.0/Web Application Server 7.0 has been installed on SAP Enterprise Portal 7.0.
This task description explains how to modify the ticket template in order to list the new login module that you just added to the J2EE engine list of login modules.
If necessary, start and log in to the Visual Administration tool as detailed in the preceding task description.
For a graphical representation of the Visual Administration tool as described in the steps in this task, see Figure 4–10.
Select the Security Provider service.
Select the Policy Configurations tab.
Switch to the edit mode by clicking the pencil icon in the far left corner of the right panel.
In the Components list, select the ticket authentication template.
Delete all login modules, except for the following:
com.sap.security.core.server.jaas.EvaluteTicketLoginModule com.sap.security.core.server.jaas.CreateTicketLoginModule
Click Add New.
From the list of modules, select AmSAPEP70LoginModule.
Click Modify.
Move AmSAPEP70LoginModule between the following two remaining login modules:
com.sap.security.core.server.jaas.EvaluteTicketLoginModule com.sap.security.core.server.jaas.CreateTicketLoginModule
The new ticket authentication template appears as such:
SUFFICIENT
REQUISITE
OPTIONAL
Ensure that the ticket authentication template resembles the preceding list in that it follows the same sequence (EvaluateTicketLoginModule, AmSAPEP70LoginModule, and CreateTicketLoginModule) with the same values (SUFFICIENT, REQUISITE, and OPTIONAL).
Save the ticket authentication template configuration.
This is one of the post-installation tasks required when Agent for SAP Enterprise Portal 7.0/Web Application Server 7.0 has been installed on SAP Enterprise Portal 7.0.
Start the J2EE Engine configuration tool.
The following example provides the path to the configuration tool on UNIX systems:
/usr/sap/SID/instanceName/j2ee/configtool/configtool.sh
represents the SAP system ID.
represents the SAP Enterprise Portal 7.0 instance.
For a graphical representation of the configuration tool as described in the steps that follow in this task, see Figure 4–11.
Click the pencil icon to switch to the configuration editor mode.
Click the pencil and glasses icon.
Select cluster_data -> server -> cfg -> services.
The UME service property sheet appears.
Double click the following property sheet: com.sap.security.core.ume.service
Add the following custom value to the property named ume.logoff.redirect.uri:
http://AMServices-host:AMServices-port/amserver/UI/Login?arg=newsession
represents the fully qualified host name of the server where Access Manager Services are installed.
represents the port number of the server where Access Manager Services are installed.
This task enables single logout between the Access Manager instance and the SAP Enterprise Portal 7.0 instance. Otherwise, single logout might fail, potentially creating a security risk.
Access the J2EE agent AMAgent.properties configuration file.
Change the following properties as shown:
com.sun.identity.agents.config.cookie.reset.enable = true
com.sun.identity.agents.config.cookie.reset.name[0] = MYSAPSSO2
com.sun.identity.agents.config.cookie.reset.domain[MYSAPSSO2] = EP–DomainName
where EP–DomainName represents the name of the domain of the machine where the SAP Enterprise Portal 7.0 instance is installed, such as .example.com.