3.1 Installing and Configuring Federation Manager 1

Use the following as your checklist for installing and configuring Federation Manager 1:

1. Install the Web Server for Federation Manager 1.

2. Install Federation Manager Server 1.

3. Deploy the Federation Manager 1 WAR file.

4. Install the SAMLv2 Plug-In on Federation Manager 1.

5. Install SAMLv2 Patch 2 on Federation Manager 1.

To Install the Web Server for Federation Manager 1

Before You Begin

The Java ES installer must be mounted on the host computer system where you will install Web Server. See the section 2.2 Downloading and Mounting the Java Enterprise System 2005Q4 Installer in this manual.

1. As a root user, log into the Web Server host.

2. Start the Java Enterprise System installer with the -nodisplay option.

   # cd /mnt/Solaris_sparc # ./installer -nodisplay

3. When prompted, provide the following information:

   Welcome to the Sun Java(TM) Enterprise System; serious software made simple... <Press ENTER to Continue>	Press Enter.
   <Press ENTER to display the Software License Agreement>	Press Enter.
   Have you read, and do you accept, all of the termsof the preceding Software License Agreement [No]	Enter y.
   Please enter a comma separated list of languages you would like supported with this installation [8]	Enter 8 for “English only.”
   Enter a comma separated list of products to install,or press R to refresh the list []	Enter 3 to select Web Server.
   Press "Enter" to Continue or Enter a comma separated list of products to deselect... [1]	Press Enter.
   Enter 1 to upgrade these shared components and 2 to cancel [1]	You are prompted to upgrade shared components only if the installer detects that an upgrade is required.  Enter 1 to upgrade shared components.
   Enter the name of the target installation directory for each product: Web Server [/opt/SUNWwbsvr] :	Accept the default value.
   System ready for installation Enter 1 to continue [1]	Enter 1.
   1. Configure Now - Selectively override defaults or express through 2. Configure Later - Manually configure following installation Select Type of Configuration [1]	Enter 1.
   Common Server Settings Enter Host Name [FederationManager-1]	Accept the default value.
   Enter DNS Domain Name [siroe.com]	Accept the default value.
   Enter IP Address [192.18.87.180]	Accept the default value.
   Enter Server admin User ID [admin]	Enter admin.
   Enter Admin User's Password (Password cannot be less than 8 characters) []	For this example, enter admin123.
   Confirm Admin User's Password []	Enter the same password to confirm it.
   Enter System User [root]	Accept the default value.
   Enter System Group [root]	Accept the default value.
   Enter Server Admin User ID [admin]	Accept the default value.
   Enter Admin User's Password []	For this example, enter admin123.
   Enter Host Name [FederationManager-1.siroe.com]	Accept the default value.
   Enter Administration Port [8888]	Accept the default value.
   Enter Administration Server User ID [root]	Accept the default value.
   Enter System User ID [webservd]	Enter root.
   Enter System Group [webservd]	Enter root.
   Enter HTTP Port [80]	Enter 8080.
   Enter content Root [/opt/SUNWwbsvr/docs]	Accept the default value.
   Do you want to automatically start Web Serverwhen system re-starts.(Y/N) [N]	Accept the default value.
   Ready to Install 1. Install 2. Start Over 3. Exit Installation What would you like to do [1]	First, see the next numbered (Optional) step. When ready to install, enter 1.

4. (Optional) During installation, you can monitor the log to watch for installation errors. Example:

   # cd /var/sadm/install/logs

   # tail —f Java_Enterprise_System_install.B xxxxxx

5. Upon successful installation, enter ! to exit.

6. Verify that the Web Server is installed properly.

   1. Start the Web Server administration server to verify it starts with no errors.

      # cd /opt/SUNWwbsvr/https-admserv

      # ./stop; ./start

   2. Run the netstat command to verify that the Web Server ports are open and listening.

      # netstat -an | grep 8888 *.8888 *.* 0 0 49152 0 LISTEN

   3. Start a browser, and go to the Web Server administration URL.

      http://FederationManager-1.siroe.com:8888

   4. Log in to the Web Server console.

      Username

      admin

      Password

      admin123

      You should be able to see the Web Server console. You can log out of the console now.

   5. Start the Web Server instance.

      # cd /opt/SUNWwbsvr/https-FederationManager-1.siroe.com # ./stop; ./start

   6. Go to the Web Server instance URL.

      http://FederationManager-1.siroe.com:8080

      You should see the default Web Server index page.

To Install Federation Manager Server 1

Before You Begin

If you have installed Solaris 10 using a distribution package other than the Solaris Enterprise distribution package, then you must remove the SUNWjas and SUNWjato packages that were automatically installed for you. These packages are different versions than the SUNWjas and SUNWjato packages used by Federation Manager. The appropriate packages will be installed when you run the Federation Manager installer.

1. Download the Sun Java System Federation Manager program from the following page on the Sun Microsystems website: http://www.sun.com/download/products.xml?id=44a5bbb5

2. Unpack the Federation Manager installer.

   # tar -xvf fm-7.0-domestic-us.sparc-sun-solaris2.8.tar # ls LICENSE.TXT README.TXT SUNWamfm common fm-7.0-domestic-us.sparc-sun-solaris2.8.tar fmsetup fmsilent-template

3. Edit the download_directory/fmsilent-template file.

   Make a backup of the fmsilent-template file, and then set the following properties in the file:

   FM_PROCESS_USER=root FM_PROCESS_GROUP=root INST_ORGANIZATION=o=siroe.com SERVER_HOST=FederationManager-1.siroe.com SERVER_PORT=8080 ADMINPASSWD=11111111

4. Save the file as /export/fmsilent.

5. (Optional) For online help regarding the Federation Manager installer options, enter the following with no options:

   # ./fmsetup

6. To start the Federation Manager installer, run the following command:

   # ./fmsetup install -s /export/fmsilent

Next Steps

The Federation Manager installer creates the following web archive (WAR) file:

/var/opt/SUNWam/fm/war_staging/federation.war

You usually customize the Federation Manager WAR file for the environment before the WAR file can be deployed. In a deployment where SAMLv2 is not used, you could customize and deploy the Federation Manager WAR file now. However in this deployment example, you will install the SAMLv2 plug-in and the SAMLv2 patch before you customize the Federation Manager WAR file. So proceed directly to the next task, To Deploy the Federation Manager 1 WAR File.

To Deploy the Federation Manager 1 WAR File

1. Go to the Web Server directory that contains the wdeploy command:

   # cd /opt/SUNWwbsvr/bin/https/bin

2. Run the wdeploy command:

   # ./wdeploy deploy -u /federation -i FederationManager-1.siroe.com -v https-FederationManager-1.siroe.com /var/opt/SUNWam/fm/war_staging/federation.war

3. Verify that the WAR file was successfully deployed.

   1. Verify that a directory has been created with the same name you specified during Federation Manager installation as the URI. In this deployment example, the directory is named federation.

      # cd /opt/SUNWwbsvr/https-FederationManager-1.siroe.com/ webapps/https-FederationManager-1.siroe.com/federation # ls META-INF config docs html js WEB-INF console fed_css images saml2 com_sun_web_ui css fed_images index.html samples

   2. Restart the Federation Manager server, and verify that you can successfully access it.

      # cd /opt/SUNWwbsvr/https-FederationManager-1.siroe.com # ./stop; ./start

   3. In a browser, go to the following URL:

      http://FederationManager-1.siroe.com:8080/federation/UI/Login

   4. Log in to the Federation Manager console:

      User Name:

      amadmin

      Password:

      11111111

      If you can successfully log in, then the Federation Manager WAR file has been successfully deployed.

To Install the SAMLv2 Plug-In on Federation Manager 1

Before You Begin

You must download the SAMLv2 Plug-In and the SAMLv2 Patch 2 onto the Federation Manager 1 host.

To download the SAMLv2 Plug-In, go to the following URL and follow instructions for downloading the plug-in:

http://www.sun.com/download/products.xml?id=43e00414

1. As a root user, log in to the Federation Manager 1 host.

   Change to the directory where you unpacked the SAMLv2 installation files. Example:

   # cd /tmp/saml2 # ls ./ SUNWsaml2/ ../ saml2setup* ENTITLEMENT.TXT saml2silent LICENSE.TXT samlv2-1.0-solaris-sparc.tar README.TXT version

2. In a different directory, make a copy of the saml2silent file.

   For this deployment example, no changes are made to the saml2silent file. All default values contained in the saml2silent file are used during installation. If you changed anything in the fmsilent other than the changes described in the section To Install Federation Manager Server 1, you should reflect the same changes in the saml2silent file.

3. Run the SAMLv2 installer.

   # cd /tmp/saml2 # ./saml2setup install -s saml2silent

   When installation is complete, you will see the following message:

   To complete the installation of SAML2 you must deploy the war file. Refer to the web container documentation or the release notes for directions on deploying a war file.

   Do not deploy the Federation Manager WAR file as instructed in the onscreen message. Instead, complete the following step and then proceed directly to the next task, To Install SAMLv2 Patch 2 on Federation Manager 1.

4. Restart the Federation Manager server, and verify that you can successfully access it.

   # /opt/SUNWwbsvr/https-FederationManager-1.siroe.com # ./stop; ./start

To Install SAMLv2 Patch 2 on Federation Manager 1

Before You Begin

To download the SAMLv2 Patch 2, go to one of the following URLs and follow instructions for downloading the patch for your operating system:

• Solaris (sparc) 122983-02

  http://sunsolve.sun.com/search/document.do?assetkey=1-21-122983-02-1

• Solaris (x86) 122984-02

  http://sunsolve.sun.com/search/document.do?assetkey=1-21-122984-02-1

• Linux 122985-02

  http://sunsolve.sun.com/search/document.do?assetkey=1-21-122985-02-01

1. Go to the directory where you downloaded and upacked the SAMLv2 patch installation file.

   #cd /temp/saml2patch/122983-02 #ls LEGAL_LICENSE.TXT LICENSE.TXT patchinfo postbackout postpatch prebackout prepatch README.122983-02 rel_notes.html SUNWsaml2

2. Run the SAMLv2 patch installer.

   The —G option in the following example is for Solaris 10 zones. The option is not necessary if you are not using the Solaris 10 platform.

   # cd /temp/saml2patch # patchadd -G 122983-02

   When installation is complete, you will see the following message:

   Patch packages installed: SUNWsaml2

3. Go to the directory where the saml2silent file is located.

   # cd /opt/SUNWam/saml2/bin

4. Run the update command.

   # ./saml2setup update -s /opt/SUNWam/saml2/bin/saml2silent

   Any updates required because of the newly-installed patch are made in SAMLv2.

5. Redeploy the Federation Manager 1 WAR file.

   At this point, the Federation Manager WAR file has been updated with SAMLv2 and SAMLv2 patch configurations. Once the WAR file is updated, you must deploy the WAR file.

   See To Regenerate and Redeploy the Federation Manager 1 WAR File.