Deployment Example 2: Federation Using SAML v2

14.2 Installing Web Server 3 and Web Policy Agent 3

For this part of the deployment, you must have the JES 5 installer and Web Policy Agent installer mounted on the host Protected Resource 1. See the section 2.2 Downloading and Mounting the Java Enterprise System 2005Q4 Installer in this manual.

Use the following as your checklist for installing Web Server 3 and Web Policy Agent 3:

To Install Web Server 3 on Protected Resource 3

As a root user, log into the Protected Resource 3 host.

Start the Java Enterprise System installer with the -nodisplay option.
# cd /mnt/Solaris_sparc # ./installer -nodisplay

When prompted, provide the following information:

Welcome to the Sun Java(TM) Enterprise System; 
serious software made  simple... 
<Press ENTER to Continue>

Press Enter.

<Press ENTER to display the Software 
License Agreement>

Press Enter.

Have you read, and do you accept, all of 
the termsof the preceding Software 
License Agreement [No]

Enter y.

Please enter a comma separated list of 
languages you would like supported with 
this installation [8]

Enter 8 for “English only.”

Enter a comma separated list of products to 
install,or press R to refresh the list  []

Enter 3 to select Web Server.

Press "Enter" to Continue or Enter a 
comma separated list of products to deselect... [1]

Press Enter.

Enter 1 to upgrade these shared components 
and 2 to cancel  [1]

You are prompted to upgrade shared components only if the installer detects that an upgrade is required.

Enter 1 to upgrade shared components.

Enter the name of the target 
installation directory for each product: 
Web Server [/opt/SUNWwbsvr] :

Accept the default value.

System ready for installation 
Enter 1 to continue [1]

Enter 1.

1. Configure Now - Selectively override defaults or 
express through  
2. Configure Later - Manually configure following 
installation 
 Select Type of Configuration [1]

Enter 1.

Common Server Settings  
Enter Host Name [ProtectedResource-3]

Accept the default value.

Enter DNS Domain Name [siroe.com]

Accept the default value.

Enter IP Address [192.18.72.151]

Accept the default value.

Enter Server admin User ID [admin]

Accept the default value.

Enter Admin User's Password 
(Password cannot be less than 8 characters) 
[]

For this example, enter 11111111.

Confirm Admin User's Password []

Enter the same password to confirm it.

Enter System User [root]

Accept the default value.

Enter System Group [root]

Accept the default value.

Enter  Server Admin User ID 
[admin]

Accept the default value.

Enter Admin User's Password []

For this example, enter 11111111.

Enter Host Name 
[ProtectedResource-3.siroe.com]

Accept the default value.

Enter Administration Port [8888]

Accept the default value.

Enter Administration Server User ID 
[root]

Accept the default value.

Enter System User ID [webservd]

Enter root.

Enter System Group [webservd]

Enter root.

Enter HTTP Port [80]

Enter 2080.

Enter content Root [/opt/SUNWwbsvr/docs]

Accept the default value.

Do you want to automatically start 
Web Serverwhen system re-starts.(Y/N)    [N]

Accept the default value.

Ready to Install
1. Install 2. Start Over 3. Exit Installation
What would you like to do [1]

First, see the next numbered (Optional) step. When ready to install, enter 1.

(Optional) During installation, you can monitor the log to watch for installation errors. Example:

# cd /var/sadm/install/logs

# tail —f Java_Enterprise_System_install.B xxxxxx

Upon successful installation, enter ! to exit.

Verify that the Web Server is installed properly.
1. Start the Web Server administration server to verify it starts with no errors.
  
  # cd /opt/SUNWwbsvr/https-admserv
  
  # ./stop; ./start
2. Run the netstat command to verify that the Web Server ports are open and listening.
  # netstat -an | grep 8888 *.8888 *.* 0 0 49152 0 LISTEN
3. Go to the Web Server URL.
  
  http://ProtectedResource-3.siroe.com:8888
4. Log in to the Web Server using the following information:
  
  Username
  
  admin
  
  Password
  
  11111111
  
  You should be able to see the Web Server console. You can log out of the console now.
5. Start the Protected Resource 3 instance.
  # cd /opt/SUNWwbsvr/https-ProtectedResource-3.siroe.com # ./stop; ./start
6. Run the netstat command to verify that the Web Server ports are open and listening.
  # netstat -an | grep 2080 *.2080 *.* 0 0 49152 0 LISTEN
7. Go to the instance URL.
  
  http://ProtectedResource-3.siroe.com:1080
  
  You should see the default Web Server index page.

To Install Web Policy Agent 3

Before You Begin

Caution –

If the Web Policy Agent installer is hosted on the same system where you are installing the Web Policy Agent, you can disregard this warning.

If the installer is hosted on a system other than the local system where you are installing the Web Policy Agent, you must start an X-display session on the system that hosts the installer. You must use an X-display program such as Reflections X or VNC even though you use the command-line installer. This is a known problem with this version of the Web Policy Agent. For more information about this known problem, see http://docs.sun.com/app/docs/doc/819-2796/6n52flfoq?a=view#adtcd.

As a root user, log into the Protected Resource 3 host.

Download the Java System Web Policy Agents 2.2 package from the following website:

http://www.sun.com/download/products.xml?id=434ed995

Unpack the downloaded package.

In this example, the package was downloaded into the directory /temp.

# cd /temp
# gunzip sun-one-policy-agent-2.2-es6-solaris_sparc.tar.gz
# tar —xvof sun-one-policy-agent-2.2-es6-solaris_sparc.tar

Start the Web Policy Agents installer.

# ./setup -nodisplay

When prompted, provide the following information:

When you are ready, press Enter to continue. 
<Press ENTER to Continue>

Press Enter.

Press ENTER to display the Sun Software 
License Agreement

Press Enter.

Have you read, and do you accept, all of 
the terms of the preceding Software License 
Agreement [no] y

Enter y.

Install the Sun Java(tm) System Access Manager 
Policy Agent in this directory [/opt] :

Accept the default value.

Enter information about the server instance this 
agent will protect. 
Host Name [ProtectedResource-3.siroe.com]:

Accept the default value.

Web Server Instance Directory []:

Enter

/opt/SUNWwbsvr/
https-ProtectedResource-9.siroe.com

Web Server Port [80]:    :

Enter 2080.

 Web Server Protocol [http]

Enter https.

Agent Deployment URI [/amagent]:

Accept the default value.

Enter the Sun Java(tm) System Access Manager
Information for this Agent.
Primary Server Host [ProtectedResource-3.siroe.com] :

For this example, enter the external-facing load balancer host name. Example: LoadBalancer-3.example.com

Primary Server Port [1080]

Enter the load balancer HTTP port number. For this example, enter 3443.

Primary Server Protocol [http]:

Enter https.

Primary Server Deployment URI [/amserver]:

Enter /federation.

Primary Console Deployment URI [/amconsole] :

Enter /federation.

Failover Server Host [] :

Accept the default value.

Agent-Access Manager Shared Secret:

Enter the amldapuser password that was entered when Access Manager was installed. For this example, enter 11111111 .

Re-enter Shared Secret:

Enter the 11111111 password again to confirm it.

CDSSO Enabled [false]:

Accept the default value.

Press "Enter" when you are ready to continue.

First, see the next (Optional) numbered step. When you are ready to start installation, press Enter.

(Optional) During installation, you can monitor the log to watch for installation errors. Example:

# cd /var/sadm/install/logs
# tail —f var/sadm/install/logs/
Sun_Java_tm__System_Access_Manager_Policy_Agent_install.Bxxxxxxxx

Restart the Web Server.

# cd /opt/SUNWwbsvr/https-ProtectedResource-3.siroe.com
# cd ./stop; ./start

Examine the Web Server log for startup errors.

# /opt/SUNWwbsvr/https-ProtectedResource-3.siroe.com/logs
# vi errors