Sun OpenSSO Enterprise Policy Agent 3.0 Guide for Apache Tomcat 6.0

Procedure To Install the Tomcat 6.0 Version 3.0 Agent Using the agentadmin Program

  1. Login into the server where you want to install the agent.

    Important: To install the agent, you must have write permission to the Tomcat 6.0 instance files and directories.

  2. If necessary, shut down the Tomcat 6.0 instance.

  3. Change to the following directory:

    PolicyAgent-base/bin

  4. On Solaris and Linux systems, set the permissions for the agentadmin program as follows, if needed:

    # chmod 755 agentadmin

  5. Start the agent installation:

    Default install: # ./agentadmin --install

    or

    Custom install: # ./agentadmin --custom-install

    On Windows systems, run the agentadmin.bat program.

  6. Enter information as requested by the agentadmin program, or accept the default values displayed by the program.

    After you have made your choices, the agentadmin program displays a summary of your responses. For example, for a custom installation:

    -----------------------------------------------
    SUMMARY OF YOUR RESPONSES
    -----------------------------------------------
    Tomcat Server Config Directory : /opt/apache-tomcat-6.0.18/conf 
    $CATALINA_HOME environment variable : /opt/apache-tomcat-6.0.18 
    OpenSSO server URL : http://opensso-host.example.com:8080/opensso 
    Agent URL : http://agent-host.example.com:8090/agentapp 
    Encryption Key : oyFk4DYaNB2kc6MeJ2xnK4hbWtFhabsZ 
    Agent Profile name : Tomcat6AgentProfile
    Agent Profile Password file name : /tmp/tomcat6agentpw
    Agent Profile will be created right now by agent installer : true 
    Agent Administrator : amadmin 
    Agent Administrator's password file name : /opt/amadminpw
  7. Verify your choices and either continue with the installation (selection 1, the default) , or make any necessary changes.

    If you continue, the program installs the agent and displays a summary of the installation. For example, for a custom installation:

    SUMMARY OF AGENT INSTALLATION
    -----------------------------
    Agent instance name: Agent_001
    Agent Bootstrap file location:
    /opt/agents/j2ee_agents/tomcat_v6_agent/
       Agent_001/config/OpenSSOAgentBootstrap.properties
    Agent Configuration file location
    /opt/agents/j2ee_agents/tomcat_v6_agent/
       Agent_001/config/OpenSSOAgentConfiguration.properties
    Agent Audit directory location:
    /opt/agents/j2ee_agents/tomcat_v6_agent/Agent_001/logs/audit
    Agent Debug directory location:
    /opt/agents/j2ee_agents/tomcat_v6_agent/Agent_001/logs/debug
    
    Install log file location:
    /opt/agents/j2ee_agents/tomcat_v6_agent/installer-logs/audit/custom.log
  8. After the installation finishes successfully, if you wish, check the installation logs in the following directory:

    installer-logs/audit

  9. Restart the Tomcat 6.0 instance that is being protected by the agent.


    Note –

    After you install the Tomcat 6.0 version 3.0 agent for a specific domain, you cannot use that same agent on the same host for a different domain. To use the Tomcat 6.0 version 3.0 agent for another domain on the same host, you must install the agent specifically for that domain.



Example 1 Sample agentadmin Program Installation for the Tomcat 6.0 Version 3.0 Agent

************************************************************************
Welcome to the OpenSSO Policy Agent for Apache Tomcat 6.0 Servlet/JSP
Container
************************************************************************
Enter the complete path to the directory which is used by Tomcat Server to
store its configuration Files. This directory uniquely identifies the
Tomcat Server instance that is secured by this Agent.
[ ? : Help, ! : Exit ]
Enter the Tomcat Server Config Directory Path
[/opt/apache-tomcat-6.0.18/conf]: 

$CATALINA_HOME environment variable is the root of the tomcat
installation.
[ ? : Help, < : Back, ! : Exit ]
Enter the $CATALINA_HOME environment variable: /opt/apache-tomcat-6.0.18    

Enter the URL where the OpenSSO server is running. Please include the
deployment URI also as shown below:
(http://opensso.sample.com:58080/opensso)
[ ? : Help, < : Back, ! : Exit ]
OpenSSO server URL: http://opensso-host.example.com:8080/opensso

Enter the Agent URL. Please include the deployment URI also as shown below:
(http://agent1.sample.com:1234/agentapp)
[ ? : Help, < : Back, ! : Exit ]
Agent URL: http://agent-host.example.com:8090/agentapp

Enter a valid Encryption Key.
[ ? : Help, < : Back, ! : Exit ]
Enter the Encryption Key [oyFk4DYaNB2kc6MeJ2xnK4hbWtFhabsZ]: 

Enter the Agent profile name
[ ? : Help, < : Back, ! : Exit ]
Enter the Agent Profile name: Tomcat6AgentProfile

Enter the path to a file that contains the password to be used for identifying
the Agent.
[ ? : Help, < : Back, ! : Exit ]
Enter the path to the password file: /tmp/tomcat6agentpw

WARNING:
Agent profile/User: tomcat30-agent-custom does not exist in OpenSSO
server! Either "Hit the Back button, and re-enter the correct agent profile
name/user name", or "Create this agent profile when asked(available only in
custom-install)", or "Continue without validating it because agent
profile is in sub realm", or "Continue without validating/creating it, and
manually validate/create it in OpenSSO server after installation".

Enter true if the Agent Profile is being created into OpenSSO server by the
installer. Enter false if it will be not be created by installer.
[ ? : Help, < : Back, ! : Exit ]
This Agent Profile does not exist in OpenSSO server, will it be created by the
installer? (Agent Administrator's name and password are required) [true]:         

Agent Administrator is the Administrator user that can create, delete or
update agent profile.
[ ? : Help, < : Back, ! : Exit ]
Enter the Agent Administrator's name: amadmin

Enter the path to a file that contains the password of Agent Administrator
[ ? : Help, < : Back, ! : Exit ]
Enter the path to the password file that contains the password of Agent
Administrator: /opt/amadminpw

-----------------------------------------------
SUMMARY OF YOUR RESPONSES
-----------------------------------------------
Tomcat Server Config Directory : /opt/apache-tomcat-6.0.18/conf 
$CATALINA_HOME environment variable : /opt/apache-tomcat-6.0.18 
OpenSSO server URL : http://opensso-host.example.com:8080/opensso 
Agent URL : http://agent-host.example.com:8090/agentapp 
Encryption Key : oyFk4DYaNB2kc6MeJ2xnK4hbWtFhabsZ 
Agent Profile name : Tomcat6AgentProfile
Agent Profile Password file name : /tmp/tomcat6agentpw
Agent Profile will be created right now by agent installer : true 
Agent Administrator : amadmin 
Agent Administrator's password file name : /opt/amadminpw 
Verify your settings above and decide from the choices below.
1. Continue with Installation
2. Back to the last interaction
3. Start Over
4. Exit
Please make your selection [1]: 
Updating the /opt/apache-tomcat-6.0.18/bin/setclasspath.sh script
with the Agent classpath ...DONE.
Creating directory layout and configuring Agent file for Agent_001
instance ...DONE.
Reading data from file /tmp/tomcat6agentpw and encrypting it ...DONE.
Generating audit log file name ...DONE.
Creating tag swapped OpenSSOAgentBootstrap.properties file for instance
Agent_001 ...DONE.
Creating a backup for file /opt/apache-tomcat-6.0.18/conf/server.xml
...DONE.
Creating a backup for file /opt/apache-tomcat-6.0.18/conf/web.xml ...DONE.
Adding OpenSSO Tomcat Agent Realm to Server XML file :
/opt/apache-tomcat-6.0.18/conf/server.xml ...DONE.
Adding filter to Global deployment descriptor file :
/opt/apache-tomcat-6.0.18/conf/web.xml ...DONE.
Adding OpenSSO Tomcat Agent Filter and Form login authentication to
selected Web applications ...DONE.
SUMMARY OF AGENT INSTALLATION
-----------------------------
Agent instance name: Agent_001
Agent Bootstrap file location:
/opt/agents/j2ee_agents/tomcat_v6_agent/
  Agent_001/config/OpenSSOAgentBootstrap.properties
Agent Configuration file location
/opt/agents/j2ee_agents/tomcat_v6_agent/
  Agent_001/config/OpenSSOAgentConfiguration.properties
Agent Audit directory location:
/opt/agents/j2ee_agents/tomcat_v6_agent/Agent_001/logs/audit
Agent Debug directory location:
/opt/agents/j2ee_agents/tomcat_v6_agent/Agent_001/logs/debug

Install log file location:
/opt/agents/j2ee_agents/tomcat_v6_agent/installer-logs/audit/custom.log
Thank you for using OpenSSO Policy Agent