Sun Java System Access Manager Policy Agent 2.2 Guide for Apache HTTP Server 2.0.54

Previous: Chapter 2 About Policy Agent 2.2 for Apache HTTP Server
Next: Chapter 4 The Relationship Between the Agent Profile and Web Agents in Policy Agent 2.2

Chapter 3 Installing Policy Agent 2.2 for Apache HTTP Server

Policy Agent 2.2 works in tandem with Access Manager to control user access to deployment containers (such as web servers) in an enterprise.

This chapter explains how to install Policy Agent 2.2 for Apache HTTP Server on the supported platforms. For more information on the supported platforms, see Supported Platforms and Compatibility of Agent for Apache HTTP Server.

For this chapter, each platform-related section leads you through the pre—installation and installation steps. First, perform the pre-installation (preparation) steps. Then, perform the installation, itself. After you complete the installation, verify that the installation was successful.

Next, complete the required post-installation tasks described in Chapter 5, Post-Installation Configuration: Policy Agent 2.2 for Apache HTTP Server.

In this chapter, the section about verifying a successful installation describes a task that applies to all platform types. Each of the other sections of this chapter focuses on installing Apache HTTP Server on a specific platform type. The sections are as follows:

Solaris Systems: Agent Installation for Apache HTTP Server

This section describes the installation process on Solaris systems.

Preparing to Install Agent for Apache HTTP Server on Solaris Systems

Caution –

Do not use the version of Apache HTTP Server that comes bundled with Solaris^TM 9 Operating System or with Solaris 10 Operating System. The bundled Apache HTTP Server package is incomplete. Any attempt to Install Agent for Apache HTTP Server on a bundled version of Apache HTTP Server is likely to fail.

Therefore, download the desired version of Apache HTTP Server from the Apache web site at http://www.apache.org/ before attempting to install the agent.

Follow the specific steps outlined in this section before you install the web agent to reduce the chance of complications occurring during and after the installation.

To Prepare to Install Policy Agent 2.2 for Apache HTTP Server on Solaris Systems

Note –

You must have Java Runtime Environment (JRE) 1.3.1 or higher installed or available on a shared file system in order to run the graphical user interface (GUI) of the web agent installation program. Currently, JRE 1.3.1 or any version higher is certified for use with the web agent installation program.

Perform the following pre-installation tasks:

Ensure that Policy Agent 2.2 for Apache HTTP Server is supported on the desired platform as listed in Supported Platforms and Compatibility of Agent for Apache HTTP Server.

Install Apache HTTP Server if not already installed.

Refer to the Apache HTTP Server documentation for details on how best to install and configure this server for your platform.

Ensure that Apache HTTP Server has the latest patches available.

Set your JAVAHOME environment variable to a JDK version 1.3.1_04 or higher.

The installation requires that you set up your JAVAHOME variable correctly. However, if you have incorrectly set the JAVAHOME variable, the setup script will prompt you for supplying the correct JAVAHOME value:

Please enter JAVAHOME path to pick up java:

Installing Agent for Apache HTTP Server on Solaris Systems

The web agent installation program has two interfaces: the graphical user interface (GUI) and the command-line interface. The following sections present instructions to install the web agent using both of these interfaces:

GUI Installation of Agent for Apache HTTP Server on Solaris Systems

Use the following instructions to install a web agent using the GUI on Solaris systems.

To Install Agent for Apache HTTP Server on Solaris Systems Using the GUI

You must have root permissions when you run the web agent installation program.

Unpack the product binary in the directory of your choice using the following command:

# gunzip -dc binaryname.tar.gz| tar -xvof -

In the directory in which you unpack the binaries, issue the following command:

# ./setup

The Welcome page appears.

In the Welcome page, click Next.

Read the License Agreement. Click Yes to agree to the license terms.

In the Select Installation Directory panel, specify the directory where you would like to install the web agent.

Install the web agent in this directory: Enter the full path to the directory where you want to install the web agent. The default installation directory is /opt.

The directory you choose in which to install the web agent is referred to as the Policy Agent base directory, or PolicyAgent-base.

Click Next and provide the following information about the Apache HTTP Server instance the agent will protect:

Host Name: Enter the fully qualified domain name (FQDN) of the machine where the Apache HTTP Server instance is installed.

For example, if the host is host1, the subdomain is eng, and the domain is example.com, then the Host Name in this case is host1.eng.example.com.

Apache Binary Directory: Enter the full path to the directory where the Apache HTTP Server binary, therefore the httpd binary, is installed. An example pathname follows:
Apache-base/bin
where Apache-base represents the directory where Apache HTTP Server was installed. Refer to the Apache HTTP Server documentation for the specific path name.

Web Server Port: Enter the port number for the Apache HTTP Server instance that will be protected by the web agent.

Web Server Protocol: If the Apache HTTP Server instance has been configured for SSL, choose HTTPS; otherwise choose HTTP.

Agent Deployment URI: Enter a Universal Resource Identifier (URI) that will be used to access Agent for Apache HTTP Server. The default value is /amagent.

Note –
The web agent uses the value of the com.sun.am.policy.agents.config.agenturi.prefix property in the web agent AMAgent.properties configuration file to support some essential functions such as notification. Agent URI prefix is a configurable subset of Agent Deployment URI. It is important to set a valid URL for this property. Its value should be http://host.domain:port/agent-deployment-uri where host, domain and port are FQDN and port number of the Apache HTTP Server instance where the agent is installed and agent-deployment-uri is the URI where the Apache HTTP Server instance will look for web-agent related HTML pages. Its default value is amagent.

The following is an example of an Agent Deployment URI:
```
http://host1.example.com:80/amagent
```
Apache Config Directory: Enter the full path to the directory that contains the Apache HTTP Server configuration file httpd.conf. An example pathname follows:
```
Apache-base/conf
```
where Apache-base represents the directory where Apache HTTP Server was installed.

SSL Ready: Select this option if the Apache HTTP Server instance you are using has support for SSL. Your Apache HTTP Server instance is considered SSL ready if it has support for mod_ssl and its sources have been compiled using EAPI rule.

To find out if your Apache HTTP Server instance has been compiled with the EAPI flag, go to the bin directory of the Apache HTTP Server instance and type the following command:

# ./httpd -V

You can see various flags that the Apache HTTP Server instance was compiled with. If the flag -D EAPI is displayed in this list, it indicates that your Apache HTTP Server instance is SSL ready. However, if you do not see this flag, it does not necessarily indicate that the Apache HTTP Server instance does not have support for mod_ssl.

The supported configurations for Apache HTTP Server are:
- Apache HTTP Server without mod_ssl support
- Apache HTTP Server with mod_ssl and EAPI flag enabled.
Note –
Apache HTTP Server with mod_ssl support and EAPI flag disabled configuration is not supported by Policy Agent 2.2.

When you have entered all the information correctly, click Next.

Enter information about the Access Manager host.

The web agent will connect to this server.

Primary Server Host: Enter the FQDN of the primary Access Manager host.

For example, if the host is host3, the subdomain is eng, and the domain is example.com, then the Host Name in this case is host3.eng.example.com.

Primary Server Port: Enter the port number for the primary Access Manager host.

Primary Server Protocol: If the primary Access Manager host is SSL-enabled, select HTTPS. Otherwise select HTTP.

Primary Server Deployment URI: Enter the location that was specified when Access Manager was installed. The default URI for Access Manager is /amserver.

Primary Console Deployment URI: Enter the location that was specified when Access Manager Console was installed. The default URI for Access Manager is /amconsole.

Failover Server Host: Enter the FQDN of the secondary Access Manager host if the primary Access Manager host becomes unavailable. If no failover server host exists, then leave this field blank.

Failover Server Port: Enter the port number of the secondary Access Manager host. If no failover server host exists, then leave this field blank.

Failover Server Protocol: If the failover Access Manager host is SSL-enabled, select HTTPS. Otherwise select HTTP. If no failover server host exists, then leave this field blank.

Failover Server Deployment URI: Enter the location that was specified when Access Manager was installed. The default URI for Access Manager is /amserver. If no failover server host exists, then leave this field blank.

Failover Console Deployment URI: Enter the location that was specified when Access Manager Console was installed. The default URI for Access Manager is /amconsole. If no failover server host exists, then leave this field blank.

Agent Access Manager Shared Secret: Enter the password for the Access Manager internal LDAP authentication user. This user is also referred to as amldapuser.

For more information about the shared secret and its relationship with the Access Manager agent profile, see Chapter 4, The Relationship Between the Agent Profile and Web Agents in Policy Agent 2.2.

Re-enter Shared Secret: Re-enter the password for the Access Manager internal LDAP authentication user (amldapuser).

CDSSO Enabled: Check this box if you want to enable CDSSO.

After entering all the information, click Next.

Review the installation summary to ensure that the information you have entered is correct.

Note that it displays the CDCServlet URL if you have checked the CDSSO Enabled box in the previous panel.

If you want to make changes, click Back. If all the information is correct, click Next.

In the Ready to Install panel, click Install Now.

When the installation is complete, you can click Details to view details about the installation, or click Exit to end the installation program.

Restart the Apache HTTP Server instance on which you just installed the agent.

Next Steps

To ensure that the installation was successful, see All Systems: Verifying a Successful Installation on Policy Agent 2.2.

If you want to configure multiple instances of Apache HTTP Server, you must set up multiple Apache HTTP Server Virtual Hosts, as described in All Systems: Configuring Agent for Apache HTTP Server on Multiple Apache HTTP Server Virtual Hosts.

Command-Line Installation of Agent for Apache HTTP Server on Solaris Systems

The following instructions describe how to use the command-line interface of the installation program to install a web agent.

To Install Agent for Apache HTTP Server on Solaris Systems Using the Command Line

Installing a web agent on a deployment container using the command line requires that you perform the following steps:

Unpack the product binary in the directory of your choice using the following command:

# gunzip -dc binaryname.tar.gz| tar -xvof -

In the directory in which you unpack the binaries, issue the following command:

# ./setup -nodisplay

When prompted, provide the following information:

Have you read, and do you accept, all of the terms of the preceding Software License Agreement? Enter yes.

Install the web agent in this directory: Enter the full path to the directory in which you want to install the web agent.

The directory you choose in which to install the web agent is referred to as the Policy Agent base directory, or PolicyAgent-base.

Provide the following information about the Apache HTTP Server instance this agent will protect:
- Host Name
- Apache Binary Directory
- Web Server Port
- Web Server Protocol
- Agent Deployment URI
- Apache Config Directory
- SSL Ready
For a description of the information to enter for these prompts, see GUI Installation of Agent for Apache HTTP Server on Solaris Systems.

Provide the following information about the Access Manager host:
- Primary Server Host
- Primary Server Port
- Primary Server Protocol
- Primary Server Deployment URI
- Primary Console Deployment URI
- Failover Server Host
- Failover Server Port
- Failover Server Protocol
- Failover Server Deployment URI
- Failover Console Deployment URI
- Agent-Access Manager Shared Secret
- Re-enter Shared Secret
- CDSSO Enabled
  
  For a description of the information to enter for these prompts, see GUI Installation of Agent for Apache HTTP Server on Solaris Systems.
  
  The following text is displayed:
  Ready to Install 1. Install Now 2. Start Over 3. Exit Installation

When prompted, What would you like to do?, enter 1 to start the installation.

The following text is displayed:

Product                                             Result      More Information
1.  Sun Java(tm) System Access Manager Policy Agent Installed   Available
2.  Done

To see log information, enter 1. To exit the installation program, enter 2.

Restart the Apache HTTP Server instance on which you just installed the agent.

Next Steps

To ensure that the installation was successful, see All Systems: Verifying a Successful Installation on Policy Agent 2.2

AIX Systems: Agent Installation for Apache HTTP Server

This section describes the installation process on AIX systems.

Preparing to Install Agent for Apache HTTP Server on AIX Systems

Follow the specific steps outlined in this section before you install the web agent to reduce the chance of complications occurring during and after the installation.

To Prepare to Install Policy Agent 2.2 for Apache HTTP Server on AIX Systems

Note –

Perform the following pre-installation tasks:

Ensure that Policy Agent 2.2 for Apache HTTP Server is supported on the desired platform as listed in Table 2–1.

Install Apache HTTP Server if not already installed.

Refer to the Apache HTTP Server documentation for details on how best to install and configure this server for your platform.

Ensure that Apache HTTP Server has the latest patches available.

Set your JAVAHOME environment variable to a JDK version 1.3.1_04 or higher.

The installation requires that you set up your JAVAHOME variable correctly. However, if you have incorrectly set the JAVAHOME variable, the setup script will prompt you for supplying the correct JAVAHOME value:

Please enter JAVAHOME path to pick up java:

Installing Agent for Apache HTTP Server on AIX Systems

The web agent installation program for AIX systems has only a command-line interface. The instructions follow for installing this web agent:

Note –

Unlike the behavior on other UNIX based platforms, no packages specific to AIX systems are installed by the agent installer. The installation process involves extracting the compressed files and executing a configuration script, which configures specified properties in the web agent AMAgent.properties configuration file.

Installation of Agent for Apache HTTP Server on AIX Systems

The following instructions describe how to use the command-line interface of the installation program to install Agent for Apache HTTP Server on AIX Systems.

To Install Agent for Apache HTTP Server on AIX Systems Using the Command Line

Installing a web agent on a deployment container using the command line requires you to perform the following steps:

Unpack the product binary in the directory of your choice using the following command:

# gunzip -dc binaryname.tar.gz| tar -xvof -

Set LIBPATH to include the libpasswd.so file.

The libpasswd.so file is typically located in the directory in which the agent binaries are extracted. For example if libpasswd.so is in the directory /export/apache_agent , then LIBPATH should contain /export/apache_agent.

In this case, using the Bash UNIX shell, you could set LIBPATH as follows:
# LIBPATH=$LIBPATH:/export/apache_agent # export LIBPATH

In the directory in which you unpack the binaries, issue the following command:

# ./setup -nodisplay

When prompted, provide the following information:

Have you read, and do you accept, all of the terms of the preceding Software License Agreement? Enter yes.

Install the web agent in this directory: Enter the full path to the directory in which you want to install the web agent.

The directory you choose in which to install the web agent is referred to as the Policy Agent base directory, or PolicyAgent-base.

Provide the following information about the Apache HTTP Server instance this agent will protect:

Host Name: Enter the fully qualified domain name (FQDN) of the machine where the Apache HTTP Server instance is installed.

For example, if the host is host1, the subdomain is eng, and the domain is example.com, then the Host Name in this case is host1.eng.example.com.

Apache Binary Directory: Enter the full path to the directory where the Apache HTTP Server binary, therefore the httpd binary, is installed. An example pathname follows:
Apache-base/bin
where Apache-base represents the directory where Apache HTTP Server was installed. Refer to the Apache HTTP Server documentation for the specific path name.

Web Server Port: Enter the port number for the Apache HTTP Server instance that will be protected by the web agent.

Web Server Protocol: If the Apache HTTP Server instance has been configured for SSL, choose HTTPS; otherwise choose HTTP.

Agent Deployment URI: Enter a Universal Resource Identifier (URI) that will be used to access Agent for Apache HTTP Server. The default value is /amagent.

Note –
The web agent uses the value of the com.sun.am.policy.agents.config.agenturi.prefix property in the web agent AMAgent.properties configuration file to support some essential functions such as notification. Agent URI prefix is a configurable subset of Agent Deployment URI. It is important to set a valid URL for this property. Its value should be http://host.domain:port/agent-deployment-uri where host, domain and port are FQDN and port number of the Apache HTTP Server instance where the agent is installed and agent-deployment-uri is the URI where the Apache HTTP Server instance will look for web-agent related HTML pages. Its default value is amagent.

The following is an example of an Agent Deployment URI:
```
http://host1.example.com:80/amagent
```
SSL Ready: Select this option if the Apache HTTP Server instance you are using has support for SSL. Your Apache HTTP Server instance is considered SSL ready if it has support for mod_ssl and its sources have been compiled using EAPI rule.

To find out if your Apache HTTP Server instance has been compiled with the EAPI flag, go to the bin directory of the Apache HTTP Server instance and type the following command:

# ./httpd -V

You can see various flags that the Apache HTTP Server instance was compiled with. If the flag -D EAPI is displayed in this list, it indicates that your Apache HTTP Server instance is SSL ready. However, if you do not see this flag, it does not necessarily indicate that the Apache HTTP Server instance does not have support for mod_ssl.

The supported configurations for Apache HTTP Server are:
- Apache HTTP Server without mod_ssl support
- Apache HTTP Server with mod_ssl and EAPI flag enabled.
Note –
Apache HTTP Server with mod_ssl support and EAPI flag disabled configuration is not supported by Policy Agent 2.2.

Provide the following information about the Access Manager host:

The web agent will connect to this server.

Primary Server Host: Enter the FQDN of the primary Access Manager host.

For example, if the host is host3, the subdomain is eng, and the domain is example.com, then the Host Name in this case is host3.eng.example.com.

Primary Server Port: Enter the port number for the primary Access Manager host.

Primary Server Protocol: If the primary Access Manager host is SSL-enabled, select HTTPS. Otherwise select HTTP.

Primary Server Deployment URI: Enter the location that was specified when Access Manager was installed. The default URI for Access Manager is /amserver.

Primary Console Deployment URI: Enter the location that was specified when Access Manager Console was installed. The default URI for Access Manager is /amconsole.

Failover Server Host: Enter the FQDN of the secondary Access Manager host if the primary Access Manager host becomes unavailable. If no failover server host exists, then leave this field blank.

Failover Server Port: Enter the port number of the secondary Access Manager host. If no failover server host exists, then leave this field blank.

Failover Server Protocol: If the failover Access Manager host is SSL-enabled, select HTTPS. Otherwise select HTTP. If no failover server host exists, then leave this field blank.

Failover Server Deployment URI: Enter the location that was specified when Access Manager was installed. The default URI for Access Manager is /amserver. If no failover server host exists, then leave this field blank.

Failover Console Deployment URI: Enter the location that was specified when Access Manager Console was installed. The default URI for Access Manager is /amconsole. If no failover server host exists, then leave this field blank.

Agent Access Manager Shared Secret: Enter the password for the Access Manager internal LDAP authentication user. This user is also referred to as amldapuser.

For more information about the shared secret and its relationship with the Access Manager agent profile, see Chapter 4, The Relationship Between the Agent Profile and Web Agents in Policy Agent 2.2.

Re-enter Shared Secret: Re-enter the password for the Access Manager internal LDAP authentication user (amldapuser).

CDSSO Enabled: Check this box if you want to enable CDSSO.

When prompted, What would you like to do?, enter 1 to start the installation.

The following text is displayed:

Product                                             Result      More Information
1.  Sun Java(tm) System Access Manager Policy Agent Installed   Available
2.  Done

To see log information, enter 1. To exit the installation program, enter 2.

Restart the Apache HTTP Server instance on which you just installed the agent.

Next Steps

To ensure that the installation was successful, see All Systems: Verifying a Successful Installation on Policy Agent 2.2.

Linux Systems: Agent Installation for Apache HTTP Server

This section describes the installation process on Linux systems.

Preparing to Install Agent for Apache HTTP Server on Linux Systems

Follow the tasks outlined in this section before you install the web agent. The first pre-installation task applies specifically to Linux systems. The second pre-installation task involves general steps that are not Linux specific.

To Prepare to Install Agent for Apache HTTP Server Specifically on Linux Systems

If you are installing the agent for Apache HTTP Server on a Linux system, you must complete the following tasks in the order they are listed below, to ensure that Apache HTTP Server is configured with the POSIX Threads library. Failing to perform these steps might result in the application becoming unusable or might result in the entire system becoming unstable and unusable.

Get the Apache HTTP Server source (version 1.3.33 or 2.0.54) from http://httpd.apache.org/

Before you run configure, set an environment variable LIBS=-lpthread as shown in the table.

Shell	Environment Variable
sh	LIBS=-lpthread;export
bash	export LIBS=-lpthread
tcsh	setenv LIBS ’-lpthread’

Configure your version of Apache HTTP Server with the respective flags as follows:
- Apache HTTP Server 1.3.33
  Apache-source/configure --prefix=Apache-base \ --enable-rule=SHARED_CORE --enable-shared=max
- Apache HTTP Server 2.0.54
Apache-source/configure --prefix=Apache-base --enable-so
Apache-source

represents the directory where the Apache HTTP Server source was unpacked

Apache-base

represents the directory where Apache HTTP Server was installed

Rebuild and install Apache HTTP Server.

Refer to the Apache HTTP Server documentation for details on how best to install and configure this server.

Ensure that Apache HTTP Server has the latest patches available.

To Prepare to Install Agent for Apache HTTP Server on Linux Systems

Note –

Perform the following pre-installation tasks:

Ensure that Policy Agent 2.2 for Apache HTTP Server is supported on the desired platform as listed in Supported Platforms and Compatibility of Agent for Apache HTTP Server.

Set your JAVAHOME environment variable to a JDK version 1.3.1_04 or higher.

The installation requires that you set up your JAVAHOME variable correctly. However, if you have incorrectly set the JAVAHOME variable, the setup script will prompt you for supplying the correct JAVAHOME value:

Please enter JAVAHOME path to pick up java:

Installing Agent for Apache HTTP Server on Linux Systems

The web agent installation program has two interfaces: the graphical user interface (GUI) and the command-line Interface. The following sections present instructions to install the web agent using both of these interfaces:

GUI Installation of Agent for Apache HTTP Server on Linux Systems

Use the following instructions to install the web agent using the GUI on the Linux systems.

To Install Agent for Apache HTTP Server on Linux Systems Using the GUI

You must have root permissions when you run the agent installation program.

Unpack the product binaries.

Unpack the product binary in the directory of your choice using the following command:

# gunzip -dc binaryname.tar.gz| tar -xvof -

In the directory in which you unpack the binaries, issue the following command:

# ./setup

The Welcome page appears.

In the Welcome page, click Next.

Read the License Agreement. Click Yes to agree to the license terms.

To search for the directory where you would like to install the web agent, click Browse. To accept the default, click Next.

When prompted, provide the following information about the Apache HTTP Server instance this agent will protect:

Install Sun Java System Access Manager Policy Agent in this directory: Enter the full path to the directory where you want this agent to be installed, and then click Next.

The directory you choose in which to install the web agent is referred to as the Policy Agent base directory, or PolicyAgent-base.

Host Name: Enter the FQDN of the machine where the Apache HTTP Server instance is installed. For example, if the host is host1, the subdomain is eng, and the domain is example.com, then the Host Name in this case is host1.eng.example.com.

Apache Binary Directory: Enter the full path to the directory where the Apache HTTP Server binary, therefore the httpd binary, is installed. An example pathname follows:
Apache-base/bin
where Apache-base represents the directory where Apache HTTP Server was installed. Refer to the Apache HTTP Server documentation for the specific path name.

Web Server Port: Enter the port number for the Apache HTTP Server instance that will be protected by the agent.

Web Server Protocol: If the Apache HTTP Server instance has been configured for SSL, choose HTTPS; otherwise choose HTTP.

Agent Deployment URI: Enter a Universal Resource Identifier (URI) that will be used to access Agent for Apache HTTP Server. The default value is /amagent.

Note –
The web agent uses the value of the com.sun.am.policy.agents.config.agenturi.prefix property in the web agent AMAgent.properties configuration file to support some essential functions such as notification. Agent URI prefix is a configurable subset of Agent Deployment URI. It is important to set a valid URL for this property. Its value should be http://host.domain:port/agent-deployment-uri where host, domain and port are FQDN and port number of the Apache HTTP Server instance where the agent is installed and agent-deployment-uri is the URI where the Apache HTTP Server instance will look for web-agent related HTML pages. Its default value is amagent.

The following is an example of an Agent Deployment URI:
```
http://host1.example.com:80/amagent
```
Apache Config Directory: Enter the full path to the directory that contains the Apache HTTP Server configuration file httpd.conf. An example pathname follows:
```
Apache-base/conf
```
where Apache-base represents the directory where Apache HTTP Server was installed.

SSL Ready: Select this option if the Apache HTTP Server instance you are using has support for SSL. Your Apache HTTP Server instance is considered SSL ready if it has support for mod_ssl and its sources have been compiled using EAPI rule.

To find out if your Apache HTTP Server instance has been compiled with the EAPI flag, go to the bin directory of the Apache HTTP Server instance and type the following command:

# ./httpd -V

You can see various flags that the Apache HTTP Server instance was compiled with. If the flag -D EAPI is displayed in this list, it indicates that your Apache HTTP Server instance is SSL ready. However, if you do not see this flag, it does not necessarily indicate that the Apache HTTP Server instance does not have support for mod_ssl.

The supported configurations for Apache HTTP Server are:
- Apache HTTP Server without mod_ssl support
- Apache HTTP Server with mod_ssl and EAPI flag enabled.
Note –
Apache HTTP Server with mod_ssl support and EAPI flag disabled configuration is not supported by Policy Agent 2.2.

When you have entered all the information, click Next.

Enter information about the Access Manager host.

The web agent will connect to this server.

Primary Server Host: Enter the fully qualified domain name (FQDN) of the primary Access Manager host.

For example, if the host is host3, the subdomain is eng, and the domain is example.com, then the Host Name in this case is host3.eng.example.com.

Primary Server Port: Enter the port number for the primary Access Manager host.

Primary Server Protocol: If the primary Access Manager host is SSL-enabled, select HTTPS; otherwise select HTTP.

Primary Server Deployment URI: Enter the location that was specified when Access Manager was installed. The default URI for Access Manager is /amserver.

Primary Console Deployment URI: Enter the location that was specified when Access Manager Console was installed. The default URI for Access Manager is /amconsole.

Failover Server Host: Enter the FQDN of the secondary Access Manager host if the primary Access Manager host becomes unavailable. If no failover host exists, then leave this field blank.

Failover Server Port: Enter the port number of the secondary Access Manager host. If no failover host exists, then leave this field blank.

Failover Server Protocol: If the failover Access Manager host is SSL-enabled, select HTTPS. Otherwise select HTTP. If no failover server host exists, then leave this field blank.

Failover Server Deployment URI: Enter the location that was specified when Access Manager was installed. The default URI for Access Manager is /amserver. If no failover host exists, then leave this field blank.

Failover Console Deployment URI: Enter the location that was specified when console was installed. The default URI for Access Manager is /amconsole. If no failover host exists, then leave this field blank.

Agent Access Manager Shared Secret: Enter the password for the Access Manager internal LDAP authentication user. This user is also referred to as amldapuser.

For more information about the shared secret and its relationship with the Access Manager agent profile, see Chapter 4, The Relationship Between the Agent Profile and Web Agents in Policy Agent 2.2.

Re-enter Shared Secret: Re-enter the password for the Access Manager internal LDAP authentication user (amldapuser).

CDSSO Enabled: Check this box if you want to enable CDSSO feature.

After entering all the information, click Next.

Review the installation summary to ensure that the information you’ve entered is correct.

Note that it displays the CDCServlet URL if you have checked the CDSSO Enabled box in the previous panel. If you want to make changes, click Back. If all the information is correct, click Next.

In the Ready to Install page, click Install Now.

When the installation is complete, you can click Details to view details about the installation, or click Close to close the installation program.

Restart the Apache HTTP Server instance on which you just installed the agent.

Next Steps

To ensure that the installation was successful, see All Systems: Verifying a Successful Installation on Policy Agent 2.2.

Command Line Installation of Agent for Apache HTTP Server on Linux Systems

You must have root permissions when you run the agent installation program.

To Install Agent for Apache HTTP Server on Linux Systems Using the Command Line

Use the following instructions to install the web agent using the command line on Linux systems.

Unpack the product binary in the directory of your choice using the following command:

# gunzip -dc binaryname.tar.gz| tar -xvof -

In the directory in which you unpack the binaries, issue the following command:
# ./setup -nodisplay

When prompted, provide the following information:

Have you read, and do you accept, all of the terms of the preceding Software License Agreement? Enter yes.

Install the agent in this directory: Enter the full path to the directory in which you want to install the agent.

The directory you choose in which to install the web agent is referred to as the Policy Agent base directory, or PolicyAgent-base.

Provide the following information about the Apache HTTP Server instance this agent will protect:
- Host Name
- Apache Binary Directory
- Web Server Port
- Web Server Protocol
- Agent Deployment URI
- Apache Config Directory
- SSL Ready
For a description of the information to enter for these prompts, see GUI Installation of Agent for Apache HTTP Server on Linux Systems.

Provide the following information about the Access Manager host:
- Primary Server Host
- Primary Server Port
- Primary Server Protocol
- Primary Server Deployment URI
- Primary Console Deployment URI
- Failover Server Host
- Failover Server Port
- Failover Server Protocol
- Failover Server Deployment URI
- Failover Console Deployment URI
- Agent-Access Manager Shared Secret
- Re-enter Shared Secret
- CDSSO Enabled
  
  For a description of the information to enter for these prompts, see GUI Installation of Agent for Apache HTTP Server on Linux Systems.
  
  The following text is displayed:
  Ready to Install 1. Install Now 2. Start Over 3. Exit Installation

When prompted, What would you like to do?, enter 1 to start the installation.

The following text is displayed:

Product                                             Result      More Information
1.  Sun Java(tm) System Access Manager Policy Agent Installed   Available
2.  Done

To see log information, enter 1. To exit the Installation program, enter 2.

Next Steps

To ensure that the installation was successful, see All Systems: Verifying a Successful Installation on Policy Agent 2.2.

Windows Systems: Agent Installation for Apache HTTP Server

This section describes the installation process on Windows systems.

Preparing To Install Agent for Apache HTTP Server on Windows Systems

Follow the specific steps outlined in this section before you install the web agent to reduce the chance of complications occurring during and after the installation.

To Prepare To Install Agent for Apache HTTP Server on Windows Systems

Note –

Perform the following pre-installation tasks:

Ensure that Policy Agent 2.2 for Apache HTTP Server is supported on the desired platform as listed in Supported Platforms of Agent for Apache HTTP Server.

Install Apache HTTP Server if not already installed.

Refer to the Apache HTTP Server documentation for details on how best to install and configure this server for your platform.

Ensure that Apache HTTP Server has the latest patches available.

Set your JAVAHOME environment variable to a JDK version 1.3.1_04 or higher.

The installation requires that you set up your JAVAHOME variable correctly. However, if you have incorrectly set the JAVAHOME variable, the setup script will prompt you for supplying the correct JAVAHOME value:

Please enter JAVAHOME path to pick up java:

Installing Agent for Apache HTTP Server on Windows Systems

The installation program that installs Agent for Apache HTTP Server has one interface, a graphical user interface (GUI).

The installation performed by this installer is extremely basic. The installer performs the following:

Provides the license agreement
Distributes the agent files

Therefore, during the installation, you are not prompted for information about the Apache HTTP Server host or the Access Manager host, though this type of information is often prompted by installers. Instead, for this agent, such information is prompted as part of the configuration process described in Windows Systems: Installation-Related Configuration for Apache HTTP Server.

To Install Agent for Apache HTTP Server on Windows Systems

You must have administrator privileges to run the installation program.

Unzip the product binaries.
unzip binaryname.zip
Note –
On Microsoft Windows 2003, the zip file is not automatically unpacked. Therefore, after you download the agents zip file, be sure to extract the zip file to a directory first and then execute setup.exe. To extract the zip file, right click on the zip file in the File Manager and select Extract. After extracting to a directory, double click setup.exe to execute it.

Double-click setup.exe to run the installation program.

In the Welcome window, click Next.

Read the License Agreement and click Yes to accept it.

Select the directory in which you want to install the agent.

The default directory is C:\Sun\Access_Manager\Agents\2.2. The installation program will install the agent in this directory.

The directory in which you install the web agent is referred to as the Policy Agent base directory, or PolicyAgent-base.

(Conditional) Click Create Directory if this option is available.

If the directory does not exist, a dialog box appears giving you the option to create a directory.

Click Install Now.

The program installs the agent.

Click Yes when the program asks if you want to reboot the computer.

Once the installation is complete, you must create agent configuration files to configure the agent for web sites. The following section explains the procedure for creating the agent configuration file.

Windows Systems: Installation-Related Configuration for Apache HTTP Server

After you have performed the basic installation process, you must create a configuration file for the web site (or web sites) that is to be protected by the agent and then you must configure the agent for that web site (or web sites). These tasks are described in the following subsections:

Windows Systems: Creating Configuration Files, Agent for Apache HTTP Server

The agent for Apache HTTP Server provides a Visual Basic (VB) script to help you create agent configuration files. When you run it, the VB script prompts for information related to the Web Site Identifier, the agent you are installing, and Access Manager. The script creates an agent configuration file based on the information you provide.

Note –

When you are deploying the agent on multiple web sites, you must create a unique agent configuration file for each of the web sites. Use the following steps to create multiple agent configuration files. However, ensure that you give a unique file name to each of the configuration files.

Windows Systems: To Create Configuration Files, Agent for Apache HTTP Server

Change to the directory:
```
PolicyAgent-base\apache\bin
```
This directory stores the VB script required to create the agent configuration file

Run the following command:

cscript.exe ApacheCreateConfig.vbs defaultConfig

ApacheCreateConfig.vbs

is a VB script that saves your responses to prompts about the Apache HTTP Server host and the Access Manager host in a file. For this example, the file is represented by defaultConfig.

defaultConfig

represents the agent configuration file created by this command and for which you provide the actual name. This is a text file to which the output of the commands entered while running the script are written.

Note –

Give a unique name for this agent configuration file since you will need the same file to unconfigure the agent.

The script prompts for information as it progresses with the creation of the agent configuration file. All the script prompts are displayed, for example purposes, in this step. However, information about the responses is presented in the subsequent steps.

Microsoft (R) Windows Script Host Version 5.6
Copyright (C) Microsoft Corporation 1996-2001. All rights reserved.


Copyright c 2004 Sun Microsystems, Inc. All rights reserved
Use is subject to license terms
-------------------------------------------------
 Apache 2.0.x Server
-------------------------------------------------
Enter the Agent Resource File Name [ApacheResource.en] :

Fully Qualified Host Name :
agentHost.com

Apache Binary Directory :
c:\program files\apache group\apache2\bin

Web Server Protocol [http] :


Web Server Port [80] :


Agent Deployment URI [/amagent] :

------------------------------------------------
Sun Java (TM) Enterprise System Access Manager
------------------------------------------------
Primary Server Host :
amHost.com

Primary Server Protocol [http] :


Primary Server Port Number [58080] :


Primary Server Deployment URI [/amserver] :


Primary Server Console URI [/amconsole] :


Failover Server Host :


Agent-Access Manager Shared Secret :

Re-enter Shared Secret :

CDSSO Enabled [false] :

-----------------------------------------------
Agent Configuration file created ==>  agentConfig
Execute the below command for Agent Configuration :
      cscript.exe ApacheAdmin.vbs -config agentConfig
-----------------------------------------------

When prompted, provide the following information about the Apache HTTP Server instance that this agent will protect:

Agent Resource File Name: Accept the default for this prompt (ApacheResource.en).

Host Name: Enter the fully qualified domain name (FQDN) of the system on which Apache HTTP Server is installed.

For example, if the host is agentHost, the subdomain is eng, and the domain is example.com, then the Host Name in this case is agentHost.eng.example.com.

Server Protocol: If this instance of Apache HTTP Server has been configured for SSL, then select HTTPS; otherwise select HTTP.

Server Port: Enter the port number of the Apache HTTP Server instance that will be protected by the agent.

Agent Deployment URI: Enter a Universal Resource Identifier (URI) that will be used to access Agent for Apache HTTP Server. The default value is /amagent.

Note –
The web agent uses the value of the com.sun.am.policy.agents.config.agenturi.prefix property in the web agent AMAgent.properties configuration file to support some essential functions such as notification. Agent URI prefix is a configurable subset of Agent Deployment URI. It is important to set a valid URL for this property. Its value should be http://host.domain:port/agent-deployment-uri where host, domain and port are FQDN and port number of the Apache HTTP Server instance where the agent is installed and agent-deployment-uri is the URI where the Apache HTTP Server instance will look for web-agent related HTML pages. Its default value is amagent.

The following is an example of an Agent Deployment URI:
```
http://agentHost.example.com:80/amagent
```
where the host name is agentHost and the domain name is example.com.

When prompted, provide the following information about the Access Manager host:

Primary Server Host: Enter the FQDN of the primary Access Manager host.

For example, if the host is amHost, the subdomain is eng, and the domain is example.com, then the Host Name in this case is amHost.eng.example.com.

Primary Server Protocol: If the primary Access Manager host is SSL-enabled, select HTTPS. Otherwise select HTTP.

Primary Server Port: Enter the port number for the primary Access Manager host.

Primary Server Deployment URI: Enter the location that was specified when Access Manager was installed. The default URI for Access Manager is /amserver.

Primary Console Deployment URI: Enter the location that was specified when Access Manager Console was installed. The default URI for Access Manager is /amconsole.

Failover Server Host: Enter the FQDN of the secondary Access Manager host if the primary Access Manager host becomes unavailable. If no failover server host exists, then leave this field blank.

Failover Server Port: Enter the port number of the secondary Access Manager host. If no failover server host exists, then leave this field blank.

Failover Server Protocol: If the failover Access Manager host is SSL-enabled, select HTTPS. Otherwise select HTTP. If no failover server host exists, then leave this field blank.

Failover Server Deployment URI: Enter the location that was specified when Access Manager was installed. The default URI for Access Manager is /amserver. If no failover server host exists, then leave this field blank.

Failover Console Deployment URI: Enter the location that was specified when Access Manager Console was installed. The default URI for Access Manager is /amconsole. If no failover server host exists, then leave this field blank.

Agent Access Manager Shared Secret: Enter the password for the Access Manager internal LDAP authentication user. This user is also referred to as amldapuser.

For more information about the shared secret and its relationship with the Access Manager agent profile, see Chapter 4, The Relationship Between the Agent Profile and Web Agents in Policy Agent 2.2.

Re-enter Shared Secret: Re-enter the password for the Access Manager internal LDAP authentication user (amldapuser).

CDSSO Enabled: Check this box if you want to enable CDSSO.

With the information you provide, the script creates the agent configuration file for you to use to configure this agent as described in the following section.

Windows Systems: Configuring Agent for Apache HTTP Server for a Web Site

Configure Agent for Apache HTTP Server for a web site after you have created an agent configuration file. If you have not already created an agent configuration file, create one as explained in Windows Systems: Creating Configuration Files, Agent for Apache HTTP Server.

To configure the agent for a web site, follow these steps:

Windows Systems: To Configure Agent for Apache HTTP Server for a Web Site

Change to the directory:
```
PolicyAgent-base\apache\bin
```

Run the following command:

cscript.exe ApacheAdmin.vbs -config defaultConfig

ApacheAdmin.vbs: is a VB script that uses the output of the ApacheCreateConfig.vbs script. The output was saved to a configuration file, which for this example is represented by defaultConfig.
-config: is the option that allows the output to be used to configure the web site.
defaultConfig: represents the agent configuration file created previously as described in Windows Systems: To Create Configuration Files, Agent for Apache HTTP Server.

The script displays messages to indicate the progress of the configuration as shown in the following sample.

Microsoft (R) Windows Script Host Version 5.6
Copyright (C) Microsoft Corporation 1996-2001. All rights reserved.

Copyright c 2004 Sun Microsystems, Inc. All rights reserved
Use is subject to license terms

Enter the Agent Resource File Name [ApacheResource.en]:

Creating the AMAgent.properties File
Modifying httpd.conf
Completed Configuring the Agent for Apache 2.0.x. Re-start your server instance

Restart the web site.

Try accessing the web site (http://fqdn:port/index.html).

This link should take you to the Access Manager login page. After a successful authentication, if the policy is properly defined, you should be able to view the resource.

If you want to view the agent log file amAgent, do so at the following location:
PolicyAgent-base\debug\apache_port
where port is the port number of Apache HTTP Server.

Note –
If you want to configure the agent for multiple web sites, you must follow the preceding steps for each of the web sites.

Next Steps

The last step of this task addresses verification of the agent installation. See the section that follows (All Systems: Verifying a Successful Installation on Policy Agent 2.2) for an expanded explanation on verifying the agent installation.

All Systems: Verifying a Successful Installation on Policy Agent 2.2

After installing a web agent, ensure that the agent is installed successfully. Two methods are available for verifying a successful web agent installation. Perform both for best results.

To Verify a Successful Installation

Attempt to access a resource on the deployment container where the agent is installed.

If the web agent is installed correctly, accessing any resource should take you to the Access Manager login page. After a successful authentication, if the policy is properly defined, you should be able to view the resource.

Check the web agent AMAgent.properties configuration file.

Make sure that each property is set properly. For information on the properties in this file, see Appendix C, Web Agent AMAgent.properties Configuration File.