WebSphere Application Server 7.0 is supported on Solaris, Linux, Windows, and IBM AIX 5.3 systems.
Complete the following steps:
Add genericJvmArguments and Security Permissions
Run the JSP compiler
Before making changes to any file described in this chapter, it a good practice to stop the web container and make a backup of the file.
Add the genericJvmArguments using the WebSphere Admin Console or by editing the server.xml file:
Open the following file:
install_root/IBM/WebSphere/AppServer/profiles/AppSrv01/config/cells/<cellName>/nodes/<nodeName>/servers/server/server.xml
Find the jvmEntries element.
Add the following JVM options to genericJVMArguments in server.xml and save the file:
genericJvmArguments="-Djava.awt.headless=true -DamCryptoDescriptor.provider=IBMJCE -DamKeyGenDescriptor.provider=IBMJCE -Djavax.management.builder.initial= / -Dcom.sun.management.jmxremote" |
If the Java Security Manager is enabled, add the following security permissions to the server.policy file, and then save the file:
grant { permission java.net.SocketPermission "*", "listen,connect,accept,resolve"; permission java.util.PropertyPermission "*", "read, write"; permission java.lang.RuntimePermission "modifyThreadGroup"; permission java.lang.RuntimePermission "setFactory"; permission java.lang.RuntimePermission "accessClassInPackage.*"; permission java.util.logging.LoggingPermission "control"; permission java.lang.RuntimePermission "shutdownHooks"; permission javax.security.auth.AuthPermission "getLoginConfiguration"; permission javax.security.auth.AuthPermission "setLoginConfiguration"; permission javax.security.auth.AuthPermission "modifyPrincipals"; permission javax.security.auth.AuthPermission "createLoginContext.*"; permission java.io.FilePermission "<<ALL FILES>>", "read,write,execute,delete"; permission java.util.PropertyPermission "java.util.logging.config.class", "write"; permission java.security.SecurityPermission "removeProvider.SUN"; permission java.security.SecurityPermission "insertProvider.SUN"; permission javax.security.auth.AuthPermission "doAs"; permission java.util.PropertyPermission "java.security.krb5.realm", "write"; permission java.util.PropertyPermission "java.security.krb5.kdc", "write"; permission java.util.PropertyPermission "java.security.auth.login.config", "write"; permission java.util.PropertyPermission "user.language", "write"; permission javax.security.auth.kerberos.ServicePermission "*", "accept"; permission javax.net.ssl.SSLPermission "setHostnameVerifier"; permission java.security.SecurityPermission "putProviderProperty.IAIK"; permission java.security.SecurityPermission "removeProvider.IAIK"; permission java.security.SecurityPermission "insertProvider.IAIK"; permission java.lang.RuntimePermission "setDefaultUncaughtExceptionHandler"; permission javax.management.MBeanServerPermission "newMBeanServer"; permission javax.management.MBeanPermission "*", "registerMBean"; permission java.lang.RuntimePermission "createClassLoader"; permission javax.security.auth.AuthPermission "getSubject"; permission javax.management.MBeanTrustPermission "register"; permission java.lang.management.ManagementPermission "monitor"; permission javax.management.MBeanPermission "*", "queryMBeans"; permission javax.management.MBeanServerPermission "createMBeanServer"; permission java.security.SecurityPermission "getProperty.authconfigprovider.factory"; permission java.security.SecurityPermission "setProperty.authconfigprovider.factory"; permission java.lang.RuntimePermission "createClassLoader"; permission java.lang.RuntimePermission "getClassLoader"; permission java.lang.RuntimePermission "setContextClassLoader"; permission java.lang.RuntimePermission "setFactory"; permission java.lang.RuntimePermission "setIO"; permission java.lang.RuntimePermission "modifyThread"; permission java.lang.RuntimePermission "stopThread"; permission java.lang.RuntimePermission "getProtectionDomain"; permission java.lang.RuntimePermission "readFileDescriptor"; permission java.lang.RuntimePermission "writeFileDescriptor"; permission java.lang.RuntimePermission "loadLibrary.*"; permission java.lang.RuntimePermission "accessClassInPackage.*"; permission java.lang.RuntimePermission "defineClassInPackage.*"; permission java.lang.RuntimePermission "accessDeclaredMembers"; permission java.lang.RuntimePermission "queuePrintJob"; permission java.io.FilePermission "<<ALL FILES>>", "read,write,execute,delete"; permission java.util.PropertyPermission "*", "read,write"; permission com.ibm.oti.shared.SharedClassPermission "*", "read,write"; permission com.ibm.websphere.security.WebSphereRuntimePermission "getSSLConfig", / "read,write,execute,delete"; permission java.lang.reflect.ReflectPermission "suppressAccessChecks"; permission javax.management.MBeanPermission "*", "isInstanceOf"; permission javax.management.MBeanPermission "*", "getAttribute"; permission java.net.NetPermission "getProxySelector"; }; |
Restart WebSphere Application Server 7.0.
After deploying OpenSSO on WebSphere Application Server 7.0, you can use the setup script in ssoAdminTools.zip to install the utilities and scripts. For information, see Chapter 3, Installing the OpenSSO Enterprise 8.0 Update 1 Admin Tools.
Before you run the setup script to install the utilities and scripts, modify the setup script. Before -cp... in the last line, insert:
-D"amCryptoDescriptor.provider=IBMJCE" -D"amKeyGenDescriptor.provider=IBMJCE" |
Before you run ssoadm, add the following items to the ssoadm script:
Add xalan.jar to the classpath after openfedlib.jar. For example:
$<TOOLS_HOME>/lib/xalan.jar |
Add the following items before com.sun.identity.cli.CommandManager and com.sun.identity.tools.bundles.Main
-D"amKeyGenDescriptor.provider=IBMJCE" -D"amCryptoDescriptor.provider=IBMJCE" |
Before you run ampassword, add the following items to the ampassword script before com.iplanet.services.ldap.ServerConfigMgr and com.sun.identity.tools.bundles.Main
-D"amCryptoDescriptor.provider=IBMJCE" -D"amKeyGenDescriptor.provider=IBMJCE" |
If the OpenSSO server is SSL-enabled, then you must add the IBM JAR files and set -D options in the ssoadm script.
Add the following IBM JAR files:
WAS_HOME/deploytool/itp/plugins/com.ibm.ast.ws.v7.jaxrpc.jee5_1.0.0.v200808141532/lib/emfwor / kbench.jar <WAS_HOME>/deploytool/itp/plugins/com.ibm.websphere.v7_7.0.0.v20080817/wasJars/bootstrap.jar <WAS_HOME>/deploytool/itp/plugins/com.ibm.websphere.v7_7.0.0.v20080817/wasJars/wsexception.jar <WAS_HOME>/dev/was_public.jar <WAS_HOME>/deploytool/itp/plugins/com.ibm.websphere.v7_7.0.0.v20080817/wasJars/ras.jar <WAS_HOME>/runtimes/com.ibm.jaxws.thinclient_7.0.0.jar |
Set the following -D options :
-D"java.protocol.handler.pkgs=com.ibm.net.ssl.www.protocol" -D"javax.net.ssl.trustStoreType=<storeType>" -D"javax.net.ssl.trustStore=<trustStore_with_path>" -D"javax.net.ssl.trustStorePassword=<password>" |