Installing the Web Server 7.0 Agent Using the agentadmin Program
Considering Specific Deployment Scenarios for the Web Server 7.0 Agent
The following table describes the information you will need to provide when you run the agentadmin program to install Web Server 7.0 agent. For some agentadmin prompts, you can accept the default value displayed by the program, if you prefer.
Table 1 Information Required to Install the Web Server 7.0 Agent
Prompt Request |
Description |
---|---|
Sun Java System Web Server Config Directory Path |
Complete path to the directory used by Web Server to store its configuration files. For example: /opt/sun/webserver7/https-agenthost/config |
OpenSSO Enterprise URL |
For example: http://openssohost.example.com:8080/opensso |
Agent URL |
For example: http://agent.example.com:8090 |
Agent Profile Name |
A policy agent communicates with OpenSSO Enterprise server using the name and password in the agent profile. For information, see Creating an Agent Profile. For example: WS7Agent |
Agent Profile Password File |
ASCII text file with only one line specifying the agent profile password. You create the agent profile password file as a pre-installation step. For information, see Creating a Password File. |
Option to create the agent profile The agentadmin program displays the following prompt if the agent profile previously specified for the Agent Profile Name prompt does not already exist in OpenSSO Enterprise: Enter true if the Agent Profile is being created into OpenSSO Enterprise by the installer. Enter false if it will be not be created by installer. |
To have the installation program create the agent profile, enter true. The program then prompts you for:
|
Login into the server where you want to install the agent.
Important: To install the agent, you must have write permission to the files and directories for the Web Server 7.0 instance.
Stop the Web Server 7.0 instance.
Change to the following directory:
PolicyAgent-base/bin
Start the agent installation. For example:
# ./agentadmin --custom-install
On Windows systems, run the agentadmin.bat program.
Enter information as requested by the agentadmin program, or accept the default values displayed by the program.
After you have made your choices, the agentadmin program displays a summary of your responses. For example:
----------------------------------------------- SUMMARY OF YOUR RESPONSES ----------------------------------------------- Sun Java System Web Server Config Directory : /opt/SUNWwbsvr7/https-agenthost/config OpenSSO server URL : http://openssohost.example.com:8080/opensso Agent URL : http://agenthost.example.com:8090 Agent Profile name : WS7Agent Agent Profile Password file name : /tmp/ws7agentpw Agent Profile will be created right now by agent installer : true Agent Administrator : amadmin Agent Administrator's password file name : /tmp/amadminpw Verify your settings above and decide from the choices below. 1. Continue with Installation 2. Back to the last interaction 3. Start Over 4. Exit Please make your selection [1]:
Verify your choices and either continue with the installation (selection 1, the default) , or make any necessary changes.
If you continue, the program installs the agent and displays a summary of the installation. For example:
SUMMARY OF AGENT INSTALLATION ----------------------------- Agent instance name: Agent_001 Agent Bootstrap file location: /opt/web_agents/sjsws_agent/Agent_001/config/OpenSSOAgentBootstrap.properties Agent Configuration Tag file location /opt/web_agents/sjsws_agent/Agent_001/config/OpenSSOAgentConfiguration.properties Agent Audit directory location: /opt/web_agents/sjsws_agent/Agent_001/logs/audit Agent Debug directory location: /opt/web_agents/sjsws_agent/Agent_001/logs/debug Install log file location: /opt/web_agents/sjsws_agent/installer-logs/audit/custom.log Thank you for using Sun OpenSSO Enterprise Policy Agent. INSTALL NOTE: Installer modifies obj.conf file in the config directory you specified. To make agent changes effective do Pull and deploy configuration using Web Server Admin Console or CLI. If there are multiple obj.conf files already present, then manually add agent settings to the required obj.conf files. UNINSTALL NOTE: Uninstall removes agent settings from obj.conf file in the config directory you specified. If there are multiple obj.conf files configured manually in the same config directory, then please remove them manually. For more information, please refer agent documentation.
All files are under the PolicyAgent-base directory.
After the installation finishes successfully, if you wish, check the installation log file in the following directory:
PolicyAgent-base/logs/audit
Restart the Web Server 7.0 instance that is being protected by the policy agent.
************************************************************************ Welcome to the Sun OpenSSO Enterprise Policy Agent for Sun Java System Web Server. ************************************************************************ Enter the complete path to the directory which is used by Sun Java System Web Server to store its configuration Files. This directory uniquely identifies the Sun Java System Web Server instance that is secured by this Agent. [ ? : Help, ! : Exit ] Enter the Sun Java System Web Server Config Directory Path [/var/opt/SUNWwbsvr7/https-agenthost.example.com/config]: /opt/SUNWwbsvr7/https-agenthost/config Enter the URL where the OpenSSO server is running. Please include the deployment URI also as shown below: (http://opensso.sample.com:58080/opensso) [ ? : Help, < : Back, ! : Exit ] OpenSSO server URL: http://openssohost.example.com:8080/opensso Enter the Agent URL as shown below: (http://agent1.sample.com:1234) [ ? : Help, < : Back, ! : Exit ] Agent URL: http://agenthost.example.com:8090 Enter the Agent profile name [ ? : Help, < : Back, ! : Exit ] Enter the Agent Profile name: WS7Agent Enter the path to a file that contains the password to be used for identifying the Agent. [ ? : Help, < : Back, ! : Exit ] Enter the path to the password file: /tmp/ws7agentpw Enter true if the Agent Profile is being created into OpenSSO by the installer. Enter false if it will be not be created by installer. [ ? : Help, < : Back, ! : Exit ] This Agent Profile does not exist in OpenSSO server, will it be created by the installer? (Agent Administrator's name and password are required) [true]: Agent Administrator is the Administrator user that can create, delete or update agent profile. [ ? : Help, < : Back, ! : Exit ] Enter the Agent Administrator's name: amadmin Enter the path to a file that contains the password of Agent Administrator [ ? : Help, < : Back, ! : Exit ] Enter the path to the password file that contains the password of Agent Administrator: /tmp/amadminpw ----------------------------------------------- SUMMARY OF YOUR RESPONSES ----------------------------------------------- Sun Java System Web Server Config Directory : /opt/SUNWwbsvr7/https-agenthost/config OpenSSO server URL : http://openssohost.example.com:8080/opensso Agent URL : http://agenthost.example.com:8090 Agent Profile name : WS7Agent Agent Profile Password file name : /tmp/ws7agentpw Agent Profile will be created right now by agent installer : true Agent Administrator : amadmin Agent Administrator's password file name : /tmp/amadminpw Verify your settings above and decide from the choices below. 1. Continue with Installation 2. Back to the last interaction 3. Start Over 4. Exit Please make your selection [1]: Creating directory layout and configuring Agent file for Agent_001 instance ...DONE. Reading data from file /tmp/ws7agentpw and encrypting it ...DONE. Generating audit log file name ...DONE. Creating tag swapped OpenSSOAgentBootstrap.properties file for instance Agent_001 ...DONE. Creating the Agent Profile WS7Agent ...DONE. Creating a backup for file /opt/SUNWwbsvr7/https-agenthost/config/obj.conf ...DONE. Creating a backup for file /opt/SUNWwbsvr7/https-agenthost/config/magnus.conf ...DONE. Adding Agent parameters to /opt/SUNWwbsvr7/https-agenthost/config/magnus.conf file ...DONE. Adding Agent parameters to /opt/SUNWwbsvr7/https-agenthost/config/obj.conf file ...DONE. SUMMARY OF AGENT INSTALLATION ----------------------------- Agent instance name: Agent_001 Agent Bootstrap file location: /opt/web_agents/sjsws_agent/Agent_001/config/OpenSSOAgentBootstrap.properties Agent Configuration Tag file location /opt/web_agents/sjsws_agent/Agent_001/config/OpenSSOAgentConfiguration.properties Agent Audit directory location: /opt/web_agents/sjsws_agent/Agent_001/logs/audit Agent Debug directory location: /opt/web_agents/sjsws_agent/Agent_001/logs/debug Install log file location: /opt/web_agents/sjsws_agent/installer-logs/audit/custom.log Thank you for using Sun OpenSSO Enterprise Policy Agent. INSTALL NOTE: Installer modifies obj.conf file in the config directory you specified. To make agent changes effective do Pull and deploy configuration using Web Server Admin Console or CLI. If there are multiple obj.conf files already present, then manually add agent settings to the required obj.conf files. UNINSTALL NOTE: Uninstall removes agent settings from obj.conf file in the config directory you specified. If there are multiple obj.conf files configured manually in the same config directory, then please remove them manually. For more information, please refer agent documentation.
Agent Instance Directory: The installation program creates the following directory for each Web Server 7.0 agent instance:
PolicyAgent-base/Agent_nnn
where nnn identifies the agent instance as Agent_001, Agent_002, and so on for each additional agent instance.
Each agent instance directory contains the following subdirectories:
/config contains the configuration files for the agent instance, including OpenSSOAgentBootstrap.properties and OpenSSOAgentConfiguration.properties.
/logs contains the following subdirectories
/audit contains local audit trail for the agent instance.
/debug contains the debug files for the agent instance when the agent runs in debug mode.
Installing the Web Server 7.0 Agent on Multiple Web Server 7.0 Instances
Installing Web Server 7.0 Agent on the OpenSSO Enterprise Host Server
After you install the Web Server 7.0 agent for a specific Web Server 7.0 instance, you can install the agent on another Web Server 7.0 instance by executing the agentadmin program again for that instance.
Installing the Web Server 7.0 agent on the OpenSSO Enterprise host server is not recommended in a production deployment because performance can be degraded.
However, if you do install the agent on the OpenSSO Enterprise host server on the same Web Server 7.0 instance, add the URLs related to OpenSSO Enterprise to the not enforced URL list. If you are installing the agent on a different Web Server 7.0 instance, configuration of the not enforced URL list is not required.
Login into the Administration Console as amAdmin.
Click Access Control, realm-name, Agents, Web, then the name of the agent you want to configure.
The Console displays the Edit page for the agent.
Click Application.
Under Not Enforced URL Processing, add the URLs related to OpenSSO Enterprise to the Not Enforced URLs list.
Click Save.