Before you install the Web Server 7.0 agent, your deployment must meet these requirements:
A Web Server 7.0 instance must be installed and configured on the platform where you plan to install the agent. For a list of supported platforms, see Supported Platforms for the Web Server 7.0 Agent.
An OpenSSO Enterprise or OpenSSO Express server instance must be installed and accessible to the Web Server 7.0 instance.
The agent installation program requires the Java Runtime Environment (JRE) 1.5 or later. Before you install the agent , set your JAVA_HOME environment variable to point to the JDK installation directory for the JDK version you are using. If you have not set this variable (or if you set it incorrectly), the program will prompt you for the correct path.
Login into the server where you want to install the agent.
Create a directory to unzip the agent distribution file.
Download and unzip the agent distribution file, depending on your platform:
Solaris SPARC systems (32–bit): sjsws_v70_SunOS_sparc_agent_3.zip
Solaris SPARC systems (64–bit): sjsws_v70_SunOS_sparc_64_agent_3.zip
Solaris x86 systems (32–bit): sjsws_v70_SunOS_x86_agent_3.zip
Solaris x86 systems (64–bit): sjsws_v70_SunOS_x86_64_agent_3.zip
Linux systems: sjsws_v70_Linux_agent_3.zip
Windows systems: sjsws_v70_WINNT_agent_3.zip
These distribution files are available from the following sites:
Sun Downloads under Identity Management > Policy Agents: http://www.sun.com/download/index.jsp
OpenSSO project: https://opensso.dev.java.net/public/use/index.html
This agent was developed as part of the OpenSSO project.
The following table shows the files and directories after you unzip the agent distribution file. These files are in the following directory:
AgentHome/web_agents/sjsws_agent, where AgentHome is where you unzipped the agent distribution file.
PolicyAgent-base is the AgentHome/web_agents/sjsws_agent.
For example: /opt/web_agents/sjsws_agent
File or Directory |
Description |
---|---|
README.txt and license.txt |
Readme and license files |
/bin |
agentadmin and agentadmin.bat programs |
/config |
Template, properties, and XML files |
/data |
license.log file. Do not edit this file. |
/etc |
Empty |
/lib |
Required library and JAR files |
/locale |
Required properties files |
/logs |
Log files |
A password file is an ASCII text file with only one line specifying the password in clear text. By using a password file, you are not forced to expose a password at the command line during the agent installation. When you install the Web Server 7.0 agent using the agentadmin program, you are prompted to specify paths to following password files:
An agent profile password file is required for both the agentadmin default and custom installation options.
An agent administrator password file is required only if you use the custom installation option and have the agentadmin program automatically create the agent profile in OpenSSO Enterprise server during the installation.
Create an ASCII text file for the agent profile. For example: ws7agentpw
If you want the agentadmin program to automatically create the agent profile in OpenSSO Enterprise server during the installation, create another password file for the agent administrator. For example: /tmp/agentadminpw
Using a text editor, enter the appropriate password in clear text on the first line in each file.
Secure each password file appropriately, depending on the requirements for your deployment.
A web agent uses an agent profile to communicate with OpenSSO Enterprise server. A version 2.2 web agent can use the default agent profile (UrlAccessAgent). For a version 3.0 agent, however, you must create an agent profile using any of these three methods:
Use the OpenSSO Enterprise Console, as described in Creating an Agent Profile.
Use the ssoadm command-line utility with the create-agent subcommand. For more information about the ssoadm command, see the Sun OpenSSO Enterprise 8.0 Administration Reference.
Choose the “Option to create the agent profile in the server during installation” when you run the agentadmin program.
Login into the OpenSSO Enterprise Administration Console as amAdmin.
Click Access Control, realm-name, Agents, and Web.
Under Agent, click New.
In the Name field, enter the name for the new agent profile.
Enter and confirm the Password.
Important: This password must be the same password that you enter in the agent profile password file that you specify when you run the agentadmin program to install the agent.
In the Configuration field, check the location where the agent configuration properties are stored:
Local: In the OpenSSOAgentConfiguration.properties file on the server where the agent is installed.
Centralized: In the OpenSSO Enterprise server central configuration data repository.
In the Server URL field, enter the OpenSSO Enterprise server URL.
For example: http://openssohost.example.com:8080/opensso
In the Agent URL field, enter the URL for the agent.
For example: http://agenthost.example.com:8090/
Click Create.
The console creates the agent profile and displays the WebAgent page again with a link to the new agent profile.
To do additional configuration for the agent, click this link to display the Edit agent page. For information about the agent configuration fields, see the Console online Help.
If you prefer, you can also use the ssoadm command-line utility to edit the agent profile. For more information, see the Sun OpenSSO Enterprise 8.0 Administration Reference.
An agent administrator can manage agents in OpenSSO Enterprise, including:
Agent management: Use the agent administrator to manage agents either in the OpenSSO Enterprise Console or by executing the ssoadm utility.
Agent installation: If you install the agent using the custom installation option (agentadmin --custom-install) and want to have the installation program create the agent profile, specify the agent administrator (and password file) when you are prompted.
Login to OpenSSO Enterprise Console as amadmin.
Create a new agents administrator group:
Create a new agent administrator user and add the agent administrator user to the agents administrator group:
Click Access Control, realm-name, Subjects, and then User.
Click New and provide the following values:
ID: Name of the agent administrator. For example: agentadminuser
This is the name you will use to login to the OpenSSO Enterprise Console .
First Name (optional), Last Name, and Full Name.
For simplicity, use the same name for each of these values that you specified in the previous step for ID.
Password (and confirmation)
User Status: Active
Click OK.
Click the new agent administrator name.
On the Edit User page, click Group.
Add the agents administrator group from Available to Selected.
Click Save.
Assign read and write access to the agents administrator group:
Login into the OpenSSO Enterprise Console as the new agent administrator. The only available top-level tab is Access Control. Under realm-name, you will see only the Agents tab and sub tabs.