Chapter 6 Uninstalling Policy Agent 2.2 for SAP Enterprise Portal 7.0/Web Application Server 7.0

The agentadmin program is used for initiating the installation and uninstallation programs of Policy Agent 2.2 for SAP Enterprise Portal 7.0/Web Application Server 7.0. The difference is that the installation program is started with the --install option while the uninstallation program is started with the --uninstall option. For more information about the agentadmin program, see Key Features and Tasks Performed With the J2EE agentadmin Program. The uninstallation program is similar to the installation program in that it provides step by step explanations of the information you need to enter. However, the uninstallation program has fewer and simpler steps.

The uninstallation process follows a series of tasks similar to the installation process. First, perform the pre-uninstallation (preparation) steps. Then, perform the uninstallation, itself. Finally, remove the agent files unless you want to configure a new agent using the same files.

Removing the agent files varies depending upon the format of the deliverable files used during the initial installation of the agent. Package formatted deliverable files are removed differently than files that are not package formatted.

You must access the PolicyAgent-base directory for uninstallation-related tasks. For more information about this directory, see J2EE Agent Directory Structure in Policy Agent 2.2.

Preparing to Uninstall Agent for SAP Enterprise Portal 7.0/Web Application Server 7.0

Perform the applicable pre-uninstallation (preparation) tasks outlined in this section before uninstalling Policy Agent 2.2 for SAP Enterprise Portal 7.0/Web Application Server 7.0. The uninstallation tasks are different depending upon the deployment container from which the agent is being uninstalled, as follows:

• Pre-Uninstallation of Agent for SAP Enterprise Portal 7.0/Web Application Server 7.0: Both Deployment Containers

• Pre-Uninstallation of Agent for SAP Enterprise Portal 7.0/Web Application Server 7.0: SAP Enterprise Portal 7.0

• Pre-Uninstallation of Agent for SAP Enterprise Portal 7.0/Web Application Server 7.0: SAP Web Application Server 7.0

Perform the tasks that apply to the deployment container from which you want to uninstall the agent.

Pre-Uninstallation of Agent for SAP Enterprise Portal 7.0/Web Application Server 7.0: Both Deployment Containers

The tasks in this section apply to both of the deployment containers supported by Agent for SAP Enterprise Portal 7.0/Web Application Server 7.0. Complete the pre-uninstallation tasks provided in this section before performing the container-specific pre-uninstallation steps provided subsequently in this guide.

To Undeploy the Agent Software Delivery Archive for SAP Enterprise Portal 7.0/Web Application Server 7.0

The Software Delivery Archive for this agent was deployed as a post-installation task. For details about that post-installation task, see To Deploy the Agent Software Delivery Archive for SAP Enterprise Portal 7.0/Web Application Server 7.0.

1. (Conditional) If SAP Enterprise Portal 7.0/Web Application Server 7.0 is not running, start it now.

2. Start the Software Deployment Manager (SDM) Remote GUI.

   The following example provides the path to the SDM Remote GUI on UNIX systems:

   /usr/sap/SID/instanceName/SDM/program/RemoteGui.sh

   SID

   represents the SAP system ID.

   instanceName

   represents the SAP Enterprise Portal 7.0/Web Application Server 7.0 instance.

3. Log in to the GUI.

4. Select the Undeployment tab.

5. Select AmSAPAgent2.2.

6. Click undeploy.

To Undeploy Protected Applications from SAP Enterprise Portal 7.0/Web Application Server 7.0

1. Undeploy any protected applications from SAP Enterprise Portal 7.0.

   Refer to SAP Enterprise Portal 7.0/Web Application Server 7.0 documentation for more information.

To Remove the Agent Application from SAP Enterprise Portal 7.0/Web Application Server 7.0

This task involves removing the agentapp.war file from SAP Enterprise Portal 7.0/Web Application Server 7.0. This application is used by the agent to perform housekeeping tasks. This application was installed on the deployment container as a post-installation task. For more information, see To Deploy the agentapp.war file for SAP Enterprise Portal 7.0/Web Application Server 7.0.

1. (Conditional) If SAP Enterprise Portal 7.0/Web Application Server 7.0 is not running, start it now.

2. Start the Visual Administration tool.

   The following example provides the path to the Visual Administration tool on UNIX systems:

   /usr/sap/SID/instanceName/j2ee/admin/go

   SID

   represents the SAP system ID.

   instanceName

   represents the SAP Enterprise Portal 7.0/Web Application Server 7.0 instance.

3. Log in to the Visual Administration tool.

4. Expand the Services node.

5. Select the Deploy service.

6. Expand the servlet_jsp node under the node for SAP Enterprise Portal 7.0/Web Application Server 7.0 (Ensure that the SAP Enterprise Portal 7.0/Web Application Server 7.0 node is for the instance that you are preparing to uninstall).

7. Select the sap.com/agentapp application.

8. Click Remove.

To Remove the Class Loader Reference to the Login Module for SAP Enterprise Portal 7.0/Web Application Server 7.0

This pre-uninstallation task is required with Agent for SAP Portal 7.0/Web Application Server 7.0, regardless of which deployment container the agent is deployed on: SAP Enterprise Portal 7.0 or SAP Web Application Server 7.0. Creating the class loader reference to the login module was a required post-installation step. For more information, see To Make a Class Loader Reference to the Login Module for SAP Enterprise Portal 7.0/Web Application Server 7.0.

1. (Conditional) If SAP Enterprise Portal 7.0/Web Application Server 7.0 is not running, start it now.

2. Start the Visual Administration tool.

   The following example provides the path to the Visual Administration tool on UNIX systems:

   /usr/sap/SID/instanceName/j2ee/admin/go

   SID

   represents the SAP system ID.

   instanceName

   represents the SAP Enterprise Portal 7.0/Web Application Server 7.0 instance.

3. Log in to the Visual Administration tool.

4. Select the Security Provider service.

5. Switch to the edit mode by clicking the pencil icon in the far left corner of the right panel.

6. Select the Properties tab.

7. For the value of the LoginModuleClassLoaders property, remove the reference to the following library: AmSAPAgent2.2

To Remove the Agent Class Path From SAP Enterprise Portal 7.0/Web Application Server 7.0

This task involves removing the Agent class path from SAP Enterprise Portal 7.0/Web Application Server 7.0. The class path was modified as a post-installation task. For more information, see To Modify the SAP Enterprise Portal 7.0/Web Application Server 7.0 Class Path.

1. Start the J2EE Engine configuration tool.

   The following example provides the path to the configuration tool on UNIX systems:

   /usr/sap/SID/instanceName/j2ee/configtool/configtool.sh

   SID

   represents the SAP system ID.

   instanceName

   represents the SAP Enterprise Portal 7.0/Web Application Server 7.0 instance.

   For a graphical representation of the configuration tool as described in the steps that follow in this task, see Figure 6–1.

2. Highlight the SAP Enterprise Portal 7.0/Web Application Server 7.0 instance server (SID).

3. In the right panel, in the Classpath text field, remove the locale directory and the config directory of the agent instance from the class path text field.

   Figure 6–1 SAP Config Tool: Modifying the SAP Enterprise Portal 7.0/Web Application Server 7.0 Class Path

   
   

Next Steps

At this point you must continue with the pre-uninstallation tasks that are specific to the deployment container from which you are uninstalling the agent, as such:

• Pre-Uninstallation of Agent for SAP Enterprise Portal 7.0/Web Application Server 7.0: SAP Enterprise Portal 7.0

• Pre-Uninstallation of Agent for SAP Enterprise Portal 7.0/Web Application Server 7.0: SAP Web Application Server 7.0

Pre-Uninstallation of Agent for SAP Enterprise Portal 7.0/Web Application Server 7.0: SAP Enterprise Portal 7.0

If you are uninstalling Agent for SAP Enterprise Portal 7.0/Web Application Server 7.0 from SAP Enterprise Portal 7.0, after you have performed the pre-uninstallation tasks that apply to both deployment containers (as described in Pre-Uninstallation of Agent for SAP Enterprise Portal 7.0/Web Application Server 7.0: Both Deployment Containers), perform the tasks described in this section.

This section includes a variety of tasks that remove the configuration performed during the installation and post-installation processes.

To Remove the Login Module for SAP Enterprise Portal 7.0

The instructions that follow describe how to remove the AmSAPEP70LoginModule from the J2EE engine list of login modules. This module was added to the list as a required post-installation task. For more information, see To Provide Access to the New Login Module for SAP Enterprise Portal 7.0.

1. (Conditional) If the SAP Enterprise Portal 7.0 is not running, start it now.

2. Start the Visual Administration tool.

   The following example provides the path to the Visual Administration tool on UNIX systems:

   /usr/sap/SID/instanceName/j2ee/admin/go

   SID

   represents the SAP system ID.

   instanceName

   represents the SAP Enterprise Portal 7.0 instance.

3. Log in to the Visual Administration tool.

4. Select the Security Provider service.

5. Select the User Management tab.

6. Click Manage Security Stores.

7. Select AmSAPEPLoginModule.

8. Click remove.

To Restore the Ticket Template for SAP Enterprise Portal 7.0

This task description explains how to modify the ticket template of SAP Enterprise Portal 7.0 to the state it was in before it was modified during the post-installation of Agent for SAP Enterprise Portal 7.0/Web Application Server 7.0. For more information, see To Modify the Ticket Template to Use the New Login Module for SAP Enterprise Portal 7.0.

Before You Begin

If necessary, start and log in to the Visual Administration tool as detailed in the preceding task description.

1. Select the Security Provider service.

2. Select the Policy Configurations tab.

3. In the Components list, select the ticket authentication template.

4. Click Add New

5. Select BasicPasswordLoginModule.

6. Click Modify.

7. Move BasicPasswordLoginModule between the following two login modules:

   com.sap.security.core.server.jaas.EvaluteTicketLoginModule
   com.sap.security.core.server.jaas.CreateTicketLoginModule

   The new ticket authentication template appears as such:

   EvaluateTicketLoginModule

   SUFFICIENT

   BasicPasswordLoginModule

   REQUISITE

   CreateTicketLoginModule

   OPTIONAL

Next Steps

Before you uninstall Agent for SAP Enterprise Portal 7.0/Web Application Server 7.0, ensure that you stop and start the SAP Enterprise Portal 7.0/Web Application Server 7.0 instance protected by the agent.

To Restore the ume.logoff.redirect.url Parameter for SAP Enterprise Portal 7.0

This pre-uninstallation task is required when Agent for SAP Enterprise Portal 7.0/Web Application Server 7.0 has been installed on SAP Enterprise Portal 7.0. The instructions that follow explain how to modify the ume.logoff.redirect.url parameter to its original state before it was modified as a required post-installation step. For more information, see To Configure the ume.logoff.redirect.url Parameter for SAP Enterprise Portal 7.0.

1. Start the J2EE Engine configuration tool.

   The following example provides the path to the configuration tool on UNIX systems:

   /usr/sap/SID/instanceName/j2ee/configtool/configtool.sh

   SID

   represents the SAP system ID.

   instanceName

   represents the SAP Enterprise Portal 7.0 instance.

2. Click the pencil icon to switch to the configuration editor mode.

3. Click the pencil and glasses icon.

4. Select cluster_data>server>cfg>services.

   TheUMEservice property sheet appears.

5. Double click the following property sheet: com.sap.security.core.ume.service

6. Clear the value assigned to the following proper: ume.logoff.redirect.uri

Pre-Uninstallation of Agent for SAP Enterprise Portal 7.0/Web Application Server 7.0: SAP Web Application Server 7.0

If you are uninstalling Agent for SAP Enterprise Portal 7.0/Web Application Server 7.0 from SAP Web Application Server 7.0, after you have performed the pre-uninstallation tasks that apply to both deployment containers (as described in Pre-Uninstallation of Agent for SAP Enterprise Portal 7.0/Web Application Server 7.0: Both Deployment Containers), perform the tasks described in this section.

This section includes a variety of tasks that remove the configuration performed during the installation and post-installation processes.

To Restore the Application Login Configurations for SAP Web Application Server 7.0

This task description explains how to modify the application login configurations to their original state, therefore, their state prior to modification during the post-installation of Agent for SAP Enterprise Portal 7.0/Web Application Server 7.0, as described in To Configure Applications to Use the New Login Module for SAP Web Application Server 7.0.

1. (Conditional) If the SAP Web Application Server 7.0 is not running, start it now.

2. Start the Visual Administration tool.

   The following example provides the path to the Visual Administration tool on UNIX systems:

   /usr/sap/SID/instanceName/j2ee/admin/go

   SID

   represents the SAP system ID.

   instanceName

   represents the SAP Web Application Server 7.0 instance.

3. Log in to the Visual Administration tool.

4. Select the Security Provider service.

5. Select the User Management tab.

6. Switch to the edit mode by clicking the pencil icon in the far left corner of the right panel.

7. In the Components list, select the application for which you want to restore the original configuration.

8. In the right pane, remove BasicPasswordLoginModule as described in the substeps that follow:

   1. Select AmSAPWASLoginModule

   2. Click Remove

9. Ensure that no authentication template is being used at this time.

10. Click Add New.

11. From the list of modules, select BasicPasswordLoginModule.

12. Save the configuration.

Next Steps

For all of the applications protected by the agent, repeat the steps in the task from Step 7 forward.

To Remove the Login Module for SAP Web Application Server 7.0

The instructions that follow describe how to remove the AmSAPWASLoginModule from the J2EE engine list of login modules. This module was added to the list as a required post-installation task. For more information, see To Provide Access to the New Login Module for SAP Web Application Server 7.0.

1. (Conditional) If the SAP Web Application Server 7.0 is not running, start it now.

2. Start the Visual Administration tool.

   The following example provides the path to the Visual Administration tool on UNIX systems:

   /usr/sap/SID/instanceName/j2ee/admin/go

   SID

   represents the SAP system ID.

   instanceName

   represents the SAP Web Application Server 7.0 instance.

3. Log in to the Visual Administration tool.

4. Select the Security Provider service.

5. Select the User Management tab.

6. Switch to the edit mode by clicking the pencil icon in the far left corner of the right panel.

7. Click Manage Security Stores.

8. Select AmSAPWASLoginModule and click remove.

To Restore the Deployment Descriptors of Applications on SAP Web Application Server 7.0

1. Restore the web.xml file of each deployed application to its original state.

   If a backup copy of the web.xml file was created during post-installation of the agent, the same file can be used to restore the original configuration.

   For more information about how these deployment descriptors were configured during the post-installation of the agent, see To Install the Agent Filter for the Deployed Application on SAP Web Application Server 7.0.

All Systems: Uninstalling Agent for SAP Enterprise Portal 7.0/Web Application Server 7.0

This method of uninstalling Agent for SAP Enterprise Portal 7.0/Web Application Server 7.0 applies to all the supported platforms.

This uninstallation process involves two phases as described in the following subsections.

Launching the Uninstallation Program of Agent for SAP Enterprise Portal 7.0/Web Application Server 7.0

Perform the steps outlined in this section to launch the uninstallation program of Policy Agent 2.2 for SAP Enterprise Portal 7.0/Web Application Server 7.0.

To Launch the Uninstallation Program of Agent for SAP Enterprise Portal 7.0/Web Application Server 7.0

To launch the uninstallation program, perform the following steps:

1. Change to the following directory:

   PolicyAgent-base/bin

   This directory contains the agentadmin program, which is used for uninstalling a J2EE agent and for performing other tasks. For more information on the agentadmin program, see Key Features and Tasks Performed With the J2EE agentadmin Program.

2. Issue one of the following commands:

   ./agentadmin --uninstall

   or

   ./agentadmin --uninstallAll

   These two commands are different in that the --uninstallAll option removes all configured instances of the agent.

   After you issue one of the preceding commands, the uninstallation program launches and presents you with the first prompt as illustrated in the following section.

Using the Uninstallation Program of Agent for SAP Enterprise Portal 7.0/Web Application Server 7.0

The steps in the uninstallation program are displayed in the following example. The interaction process of this uninstallation program is similar to that of the installation program. One difference is that the uninstallation program does not present a license agreement. For a more detailed explanation of the interaction process, see Using the Installation Program of Agent for SAP Enterprise Portal 7.0/Web Application Server 7.0.

Example of Uninstallation Program Interaction in Agent for SAP Enterprise Portal 7.0/Web Application Server 7.0

************************************************************************
Welcome to the Access Manager Policy Agent for SAP WebAS and Enterprise
Portal

************************************************************************


Enter the complete path to the directory of your SAP server ID. This directory
uniquely identifies the SAP instance that is secured by this Agent.
[ ? : Help, ! : Exit ]
Enter the SAP Server <SID> Directory Path
[/usr/sap/J2E/JC00/j2ee/cluster/server0]:
-----------------------------------------------
SUMMARY OF YOUR RESPONSES
-----------------------------------------------
SAP <SID> Directory : /usr/sap/SSO/JC00/j2ee/cluster/server0
Verify your settings above and decide from the choices below.
1. Continue with Uninstallation
2. Back to the last interaction
3. Start Over
4. Exit
Please make your selection [1]:

All Systems: Removing Files of Agent for SAP Enterprise Portal 7.0/Web Application Server 7.0

Once all instances of Agent for SAP Enterprise Portal 7.0/Web Application Server 7.0 have been removed as part of the uninstallation process, you must then remove the agent files unless you want to configure a new agent using the same files.

To Remove Files of Agent for SAP Enterprise Portal 7.0/Web Application Server 7.0 on All Systems

1. Delete the PolicyAgent-base directory from the file system.