| Sun ONE Identity Server 6.0 Installation and Configuration Guide |
Chapter 3
The Identity Server Installation ProgramThis chapter provides an overview of the options presented by the installation program, as well as some pointers on determining the installation tasks you’ll need to perform. The instructions provided here and in the subsequent chapters are meant for installing Sun ONE Identity Server on the Solaris and the Windows platforms.
Topics in this chapter include:
Before You BeginYou must resolve the following issues before you start the Installation program:
- You must log in as root on Solaris or as Administrator on Windows 2000 to run the Installation program.
- The domain name of the host machine is set. If it is not set, follow the instructions in the section "Setting the Domain Name".
- On UNIX, be sure that your DISPLAY variable is set appropriately and that you have authorization to connect to the computer system where you are installing Identity Server or its components.
Installation MethodsDepending upon your use of Identity Server and your installation needs, choose the installation method that best suits your needs. Instructions for installing using these methods are provided in the next chapters.
The three installation methods are:
- Run the setup program to launch the Identity Server Installation wizard. This is the recommended and the easiest installation method.
- Run the setup program in the nodisplay mode. This launches a character-based Installation program that you use at the command line. When you run this command-line interface, you are presented with the same questions as those presented in the Installation Wizard.
- Use silent installation. For detailed information, see Chapter 9, "Silent Installation" of this manual.
Installation Program OptionsWhen you run the installation program, it displays a number of options. Determine the installation option you want to choose by first identifying your scenario in Table 3-1, and then follow the detailed instructions that correspond to that scenario.
Table 3-1 Where To Find Identity Server Installation Instructions For Specific Scenarios
Common Installation Scenarios
Where to Find Detailed Installation Instructions
1. Install and deploy Identity Server and Directory Server for the first time or for evaluation purposes; you have no existing user data to work with.
Chapter 4, "Installing Identity Server with a New Directory Server".
2. Install Identity Server to work with an existing Directory Server 5.1 that is provisioned with user data.
Chapter 5, "Installing Identity Server Against an Existing Directory Server".
3. Install multiple instances of Identity Server against a single Directory Server for agent failover. Identity Server and the master Directory Server are already installed; the directory may or may not be already provisioned with users.
"Installing Multiple Identity Server Instances Against the Same Directory Server".
4. Configure an existing Directory Server 5.1 to be used with Identity Server.
"Installing Identity Server Against an Existing Directory Server".
5. Install and configure the cross-domain single sign-on (CDSSO) component.
6. Install Common Domain Services
7. Uninstall Identity Server.
The following is a brief summary of what happens when you choose each of the main installation options.
Option 1) Sun ONE Identity Server Management and Policy Services
When you choose this option, the following are installed for you:
The optional components listed above are installed depending on your affirmation to the installation queries. When the installation program is done, the complete product is installed, and you can immediately log into Identity Server. No user data will be present in the directory.
Option 2) Sun ONE Identity Server Admin Console
A graphical user interface (GUI) that consolidates Identity, Service and Policy Management, the Identity Server Console allows users—administrators as well as non-administrators—to create and manage user accounts, service attributes, and access rules in Directory Server using one interface and without having to know LDAP.
Option 3) Configure an Existing Directory Server
When you choose this option, you are prompted for the host and port number of your existing Directory Server. Only the Identity Server schema is installed on the server where the Directory Server is installed. The schema file ds_remote_schema.ldif is loaded to your Directory Server schema directory. No new Directory Server is installed; no existing data is overwritten. Choose this option only if you plan to use Identity Server with an existing Directory Server 5.1 instance that’s already provisioned with user data.
Option 4) Sun ONE Identity Server Cross-Domain Single Sign-On
The Cross-domain Single Sign-on feature makes it possible for users to authenticate in one domain, and then to use applications in many other domains without having to re-authenticate. When you choose this option, only the Cross-Domain Single Sign-On (CDSSO) component is installed. You can install this as part of the existing Identity Server, install on Web Server, or install this by installing Web server. For more information, see "The Cross-Domain Single Sign-On Component".
Option 5) Common Domain Services for Federation
Common Domain Services enable machines hosting a common domain to read and write cookies based on parameters passed within redirect URLs. When a user authenticates with an IDP, the IDP would redirect the user’s browser to the common domain with a parameter indicating that the user is using that IDP. The server in the common domain writes a cookie that identifies this IDP as the preferred IDP and redirects the user’s browser back to the IDP.
Setting the Domain NameBefore you install Identity Server, make sure that the domain name of the machine on which the Identity Server is going to be installed is set. If it is not set, follow these instructions to set the domain name.
On UNIX
- View your host name setting by running the following command:
# uname -n
The short format of the host name is returned.
- To set the domain name, do one of the following:
- If the file /etc/resolv.conf exists, then enter the domain name in the domain configuration entry. Example: domain madisonparc.com
- If the file /etc/resolv.conf does not exist, then enter the following command:
# domainname domainname
Example:
# domainname madisonparc.com
where madisonparc.com is the domain to which this computer system belongs.
- To verify that the host name and domain name are set properly, you can enter the following command:
# ping hostname.domainname
If the host name is not returned, contact your network Administrator.
On Windows 2000
- Go to the desktop.
- Right-click My Computer and then click Properties. Alternatively, you can go to Control Panel and click System. Either of these actions opens the System Properties window.
- In the System Properties window, click the Network Identification tab.
- Click the Properties button to open the Identification Changes window.
- In the Computer Name field, type a name for your machine if it’s not already present.
- Click More. In the Primary DNS Suffix of this computer field, type the domain name to which this computer belongs. The Primary DNS Suffix combined with the computer name forms the FQDN for this computer.
- Run setup.exe. You’ll find the program in the root directory of the CD-ROM. If you’ve downloaded the product binaries, you’ll find the program in the directory where you unzipped the binary files.
Double-click setup.exe.
The installation program begins with a Welcome panel.
