Sun Java System Access Manager Policy Agent 2.2 Guide for Apache HTTP Server 2.0.54

Windows Systems: Agent Installation for Apache HTTP Server

This section describes the installation process on Windows systems.

Preparing To Install Agent for Apache HTTP Server on Windows Systems

Follow the specific steps outlined in this section before you install the web agent to reduce the chance of complications occurring during and after the installation.

To Prepare To Install Agent for Apache HTTP Server on Windows Systems

Note –

You must have Java Runtime Environment (JRE) 1.3.1 or higher installed or available on a shared file system in order to run the graphical user interface (GUI) of the web agent installation program. Currently, JRE 1.3.1 or any version higher is certified for use with the web agent installation program.

Perform the following pre-installation tasks:

Ensure that Policy Agent 2.2 for Apache HTTP Server is supported on the desired platform as listed in Supported Platforms of Agent for Apache HTTP Server.

Install Apache HTTP Server if not already installed.

Refer to the Apache HTTP Server documentation for details on how best to install and configure this server for your platform.

Ensure that Apache HTTP Server has the latest patches available.

Set your JAVAHOME environment variable to a JDK version 1.3.1_04 or higher.

The installation requires that you set up your JAVAHOME variable correctly. However, if you have incorrectly set the JAVAHOME variable, the setup script will prompt you for supplying the correct JAVAHOME value:

Please enter JAVAHOME path to pick up java:

Installing Agent for Apache HTTP Server on Windows Systems

The installation program that installs Agent for Apache HTTP Server has one interface, a graphical user interface (GUI).

The installation performed by this installer is extremely basic. The installer performs the following:

Provides the license agreement
Distributes the agent files

Therefore, during the installation, you are not prompted for information about the Apache HTTP Server host or the Access Manager host, though this type of information is often prompted by installers. Instead, for this agent, such information is prompted as part of the configuration process described in Windows Systems: Installation-Related Configuration for Apache HTTP Server.

To Install Agent for Apache HTTP Server on Windows Systems

You must have administrator privileges to run the installation program.

Unzip the product binaries.
unzip binaryname.zip
Note –
On Microsoft Windows 2003, the zip file is not automatically unpacked. Therefore, after you download the agents zip file, be sure to extract the zip file to a directory first and then execute setup.exe. To extract the zip file, right click on the zip file in the File Manager and select Extract. After extracting to a directory, double click setup.exe to execute it.

Double-click setup.exe to run the installation program.

In the Welcome window, click Next.

Read the License Agreement and click Yes to accept it.

Select the directory in which you want to install the agent.

The default directory is C:\Sun\Access_Manager\Agents\2.2. The installation program will install the agent in this directory.

The directory in which you install the web agent is referred to as the Policy Agent base directory, or PolicyAgent-base.

(Conditional) Click Create Directory if this option is available.

If the directory does not exist, a dialog box appears giving you the option to create a directory.

Click Install Now.

The program installs the agent.

Click Yes when the program asks if you want to reboot the computer.

Once the installation is complete, you must create agent configuration files to configure the agent for web sites. The following section explains the procedure for creating the agent configuration file.

Windows Systems: Installation-Related Configuration for Apache HTTP Server

After you have performed the basic installation process, you must create a configuration file for the web site (or web sites) that is to be protected by the agent and then you must configure the agent for that web site (or web sites). These tasks are described in the following subsections:

Windows Systems: Creating Configuration Files, Agent for Apache HTTP Server

The agent for Apache HTTP Server provides a Visual Basic (VB) script to help you create agent configuration files. When you run it, the VB script prompts for information related to the Web Site Identifier, the agent you are installing, and Access Manager. The script creates an agent configuration file based on the information you provide.

Note –

When you are deploying the agent on multiple web sites, you must create a unique agent configuration file for each of the web sites. Use the following steps to create multiple agent configuration files. However, ensure that you give a unique file name to each of the configuration files.

Windows Systems: To Create Configuration Files, Agent for Apache HTTP Server

Change to the directory:
```
PolicyAgent-base\apache\bin
```
This directory stores the VB script required to create the agent configuration file

Run the following command:

cscript.exe ApacheCreateConfig.vbs defaultConfig

ApacheCreateConfig.vbs

is a VB script that saves your responses to prompts about the Apache HTTP Server host and the Access Manager host in a file. For this example, the file is represented by defaultConfig.

defaultConfig

represents the agent configuration file created by this command and for which you provide the actual name. This is a text file to which the output of the commands entered while running the script are written.

Note –

Give a unique name for this agent configuration file since you will need the same file to unconfigure the agent.

The script prompts for information as it progresses with the creation of the agent configuration file. All the script prompts are displayed, for example purposes, in this step. However, information about the responses is presented in the subsequent steps.

Microsoft (R) Windows Script Host Version 5.6
Copyright (C) Microsoft Corporation 1996-2001. All rights reserved.


Copyright c 2004 Sun Microsystems, Inc. All rights reserved
Use is subject to license terms
-------------------------------------------------
 Apache 2.0.x Server
-------------------------------------------------
Enter the Agent Resource File Name [ApacheResource.en] :

Fully Qualified Host Name :
agentHost.com

Apache Binary Directory :
c:\program files\apache group\apache2\bin

Web Server Protocol [http] :


Web Server Port [80] :


Agent Deployment URI [/amagent] :

------------------------------------------------
Sun Java (TM) Enterprise System Access Manager
------------------------------------------------
Primary Server Host :
amHost.com

Primary Server Protocol [http] :


Primary Server Port Number [58080] :


Primary Server Deployment URI [/amserver] :


Primary Server Console URI [/amconsole] :


Failover Server Host :


Agent-Access Manager Shared Secret :

Re-enter Shared Secret :

CDSSO Enabled [false] :

-----------------------------------------------
Agent Configuration file created ==>  agentConfig
Execute the below command for Agent Configuration :
      cscript.exe ApacheAdmin.vbs -config agentConfig
-----------------------------------------------

When prompted, provide the following information about the Apache HTTP Server instance that this agent will protect:

Agent Resource File Name: Accept the default for this prompt (ApacheResource.en).

Host Name: Enter the fully qualified domain name (FQDN) of the system on which Apache HTTP Server is installed.

For example, if the host is agentHost, the subdomain is eng, and the domain is example.com, then the Host Name in this case is agentHost.eng.example.com.

Server Protocol: If this instance of Apache HTTP Server has been configured for SSL, then select HTTPS; otherwise select HTTP.

Server Port: Enter the port number of the Apache HTTP Server instance that will be protected by the agent.

Agent Deployment URI: Enter a Universal Resource Identifier (URI) that will be used to access Agent for Apache HTTP Server. The default value is /amagent.

Note –
The web agent uses the value of the com.sun.am.policy.agents.config.agenturi.prefix property in the web agent AMAgent.properties configuration file to support some essential functions such as notification. Agent URI prefix is a configurable subset of Agent Deployment URI. It is important to set a valid URL for this property. Its value should be http://host.domain:port/agent-deployment-uri where host, domain and port are FQDN and port number of the Apache HTTP Server instance where the agent is installed and agent-deployment-uri is the URI where the Apache HTTP Server instance will look for web-agent related HTML pages. Its default value is amagent.

The following is an example of an Agent Deployment URI:
```
http://agentHost.example.com:80/amagent
```
where the host name is agentHost and the domain name is example.com.

When prompted, provide the following information about the Access Manager host:

Primary Server Host: Enter the FQDN of the primary Access Manager host.

For example, if the host is amHost, the subdomain is eng, and the domain is example.com, then the Host Name in this case is amHost.eng.example.com.

Primary Server Protocol: If the primary Access Manager host is SSL-enabled, select HTTPS. Otherwise select HTTP.

Primary Server Port: Enter the port number for the primary Access Manager host.

Primary Server Deployment URI: Enter the location that was specified when Access Manager was installed. The default URI for Access Manager is /amserver.

Primary Console Deployment URI: Enter the location that was specified when Access Manager Console was installed. The default URI for Access Manager is /amconsole.

Failover Server Host: Enter the FQDN of the secondary Access Manager host if the primary Access Manager host becomes unavailable. If no failover server host exists, then leave this field blank.

Failover Server Port: Enter the port number of the secondary Access Manager host. If no failover server host exists, then leave this field blank.

Failover Server Protocol: If the failover Access Manager host is SSL-enabled, select HTTPS. Otherwise select HTTP. If no failover server host exists, then leave this field blank.

Failover Server Deployment URI: Enter the location that was specified when Access Manager was installed. The default URI for Access Manager is /amserver. If no failover server host exists, then leave this field blank.

Failover Console Deployment URI: Enter the location that was specified when Access Manager Console was installed. The default URI for Access Manager is /amconsole. If no failover server host exists, then leave this field blank.

Agent Access Manager Shared Secret: Enter the password for the Access Manager internal LDAP authentication user. This user is also referred to as amldapuser.

For more information about the shared secret and its relationship with the Access Manager agent profile, see Chapter 4, The Relationship Between the Agent Profile and Web Agents in Policy Agent 2.2.

Re-enter Shared Secret: Re-enter the password for the Access Manager internal LDAP authentication user (amldapuser).

CDSSO Enabled: Check this box if you want to enable CDSSO.

With the information you provide, the script creates the agent configuration file for you to use to configure this agent as described in the following section.

Windows Systems: Configuring Agent for Apache HTTP Server for a Web Site

Configure Agent for Apache HTTP Server for a web site after you have created an agent configuration file. If you have not already created an agent configuration file, create one as explained in Windows Systems: Creating Configuration Files, Agent for Apache HTTP Server.

To configure the agent for a web site, follow these steps:

Windows Systems: To Configure Agent for Apache HTTP Server for a Web Site

Change to the directory:
```
PolicyAgent-base\apache\bin
```

Run the following command:

cscript.exe ApacheAdmin.vbs -config defaultConfig

ApacheAdmin.vbs: is a VB script that uses the output of the ApacheCreateConfig.vbs script. The output was saved to a configuration file, which for this example is represented by defaultConfig.
-config: is the option that allows the output to be used to configure the web site.
defaultConfig: represents the agent configuration file created previously as described in Windows Systems: To Create Configuration Files, Agent for Apache HTTP Server.

The script displays messages to indicate the progress of the configuration as shown in the following sample.

Microsoft (R) Windows Script Host Version 5.6
Copyright (C) Microsoft Corporation 1996-2001. All rights reserved.

Copyright c 2004 Sun Microsystems, Inc. All rights reserved
Use is subject to license terms

Enter the Agent Resource File Name [ApacheResource.en]:

Creating the AMAgent.properties File
Modifying httpd.conf
Completed Configuring the Agent for Apache 2.0.x. Re-start your server instance

Restart the web site.

Try accessing the web site (http://fqdn:port/index.html).

This link should take you to the Access Manager login page. After a successful authentication, if the policy is properly defined, you should be able to view the resource.

If you want to view the agent log file amAgent, do so at the following location:
PolicyAgent-base\debug\apache_port
where port is the port number of Apache HTTP Server.

Note –
If you want to configure the agent for multiple web sites, you must follow the preceding steps for each of the web sites.

Next Steps

The last step of this task addresses verification of the agent installation. See the section that follows (All Systems: Verifying a Successful Installation on Policy Agent 2.2) for an expanded explanation on verifying the agent installation.

If you want to configure multiple instances of Apache HTTP Server, you must set up multiple Apache HTTP Server Virtual Hosts, as described in All Systems: Configuring Agent for Apache HTTP Server on Multiple Apache HTTP Server Virtual Hosts.