Sun Java logo     Previous      Contents      Next     

Sun logo
Sun Java System Identity Pack 2005Q4M3 Installation  

C

Configuring Data Sources for Identity Manager

This appendix provides procedures for creating data sources for Identity Manager in the following sections:

Configuring a WebSphere Data Source for Identity Manager

Servlet 2.3 Data Sources

As of the Identity Install Pack 2005Q4M3 release, the deployment descriptor in the WEB-INF/web.xml file refers to Servlet 2.3. Because of this, WebSphere Application Server 5 allows the Identity Manager web application to only work with a WebSphere 5 data source.

WebSphere 5 enforces the following:

Many deployments with WebSphere Application Server 5 continue to use Version 4 data sources. These deployments may continue to use the Version 4 data source with Identity Manager. If you want to use a Version 4 data source you must change one line in the WEB-INF/web.xml file.

Use the following steps to configure a WebSphere data source for Identity Manager:

  1. Configure a JDBC provider.
  2. Configure either a regular (version 5) or legacy (version 4) data source.
  3. Point the repository to the data source.

These steps are discussed in detail below.

Configuring a JDBC Provider

Use WebSphere's admin console to configure a new JDBC Provider.

  1. Click the Resources tab in the left pane to display a list of resource types.
  2. Click JDBC Providers to display a table of configured JDBC providers.
  3. Click the New button above the table of configured JDBC providers. The right pane displays a drop-down list of JDBC provider types.
  4. Select the appropriate type of JDBC provider from the drop-down list. If the kind you want to create is not in the list, then use “User-Defined JDBC Provider”.

    5. Oracle will be used for this example. Select Oracle JDBC Provider and click OK.

  5. Continue configuring general properties.
    • Specify the path to the JAR that contains the JDBC driver in the Classpath field. For example, to specify the Oracle thin driver specify a path similar to the following:

      • /usr/WebSphere/AppServer/installedApps/idm/idm.ear/idm.war/WEB- INF/lib/oraclejdbc.jar

    • Specify the fully-qualified name of the JDBC Driver class in the Implementation ClassName field. For the Oracle thin driver, this value is oracle.jdbc.pool.OracleConnectionPoolDataSource.
    • You may also change the name or description of the provider to anything you choose.

      • When you are finished, click the OK button at the bottom of the table. The right pane should display the provider you added.

To configure a regular DataSource that uses this JDBC provider, see Point the Identity Manager Repository to the Data Source.

To configure a Version 4 Data Source that uses this JDBC provider, see Configuring a Version 4 Data Source.

Configuring a Websphere 5 Data Source

If you want to use a regular Data Source, you must first change deployment descriptor for the application to refer to Servlet 2.3.

  1. Edit the idm/WEB-INF/web.xml file
  2. Change the first line from

    3. DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.2//EN" "http://java.sun.com/j2ee/dtds/web- app_2_2.dtd"

    to:

    DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN" "http://java.sun.com/dtd/web-app_2_3.dtd"

Next, use WebSphere's Administrative Console to define a data source with an existing JDBC Provider. If you need to define a new JDBC Provider for use with Identity Install Pack, see Configuring a JDBC Provider.

Before you can finish configuring the data source, you must configure authentication data. These aliases contain credentials that are used to connect to the DBMS.

Configure Authentication Data

  1. Click on the Security tab in the left pane to display a list of security configuration types.
  2. Click on the JAAS Configuration tab in the left pane to display a list of JAAS configuration types.
  3. Click on the J2C Authentication Data tab in the left pane. The right pane displays a table of authentication data entries.
  4. Click the New button above the table of authentication data entries. The right pane displays a table of general properties that can be configured.
  5. Configure the general properties for the new authentication data entry. Note the following:
    • Alias is the name that will be shown in the selection list whenever someone configures the DBMS credentials for a Data Source.
    • UserID is the name used to connect to the DBMS.
    • Password is the password used to connect to the DBMS.

Next, configure the data source.

Configure the Data Source

Note  If configuring a data source in a Websphere 5.x cluster see Configure the DataSource in a Websphere Cluster on page C-5 for more information.

  1. Click the Resources tab in the left pane to display a list of resource types.
  2. Click JDBC Providers to display a table of configured JDBC providers.
  3. Click on the name of a JDBC provider in the table. The right pane displays a table of general properties configured for the selected JDBC provider.
  4. Scroll down to a table of additional properties. Click on Data Sources. The right pane displays a table of (regular) data sources configured for use with this JDBC provider.

    5. Note  Be aware of the Scope field at the top of the frame in the WebSphere administration console. Ensure that Node and Server are blank so that the cell information is presented for configuration underneath the New and Delete buttons.

  5. Click the New button above the table of regular data sources. The right pane displays a table of general properties to configure.
  6. Configure the general properties for the new data source. Note the following:
    • The JNDI Name is the path to the DataSource object in the directory service.
      You must specify this same value as the -f argument in
      setRepo -tdbms -iinitCtxFac -ffilepath.
    • Container-managed persistence should be left unchecked. Identity Install Pack does not use Enterprise Java Beans (EJBs).
    • Component-managed Authentication Alias points to the credentials that will be used to access the DBMS (to which this DataSource points).

      • Select from the drop-down list the alias that contains the appropriate set of DBMS credentials. See Configure Authentication Data for more information.

    • Container-managed Authentication Alias is not used. Set this value to (none). Identity Install Pack makes its own connection to the DBMS (to which this DataSource points).

      • Click OK when you have configured this panel. The Data Sources page is displayed.

  7. Click the data source you created. Then scroll down to the table of Additional Properties near the bottom. Click the Custom Properties link.

    8. The right pane displays a table of DBMS-specific properties.

  8. Configure the custom properties for this data source. Click on the link for each property to set its value. Note the following:
    • URL is the only required property. This database URL identifies the database instance and contains driverType, serverName, portNumber and databaseName.You may also specify some of these as individual properties.
    • driverType in this example is thin.
    • serverName is a host name (or an IP address).
    • databaseName is usually a short database name.
    • portNumber is 1521 by default for Oracle.
    • preTestSQLString may be worth configuring to a value such as SELECT 1 FROM USEROBJ.
  9. From the table of Additional Properties, you may also click the Connection Pool link if you wish to configure these properties for performance tuning.

Configure the DataSource in a Websphere Cluster

When configuring the DataSource in clustered WebSphere environments, configure it at the cell level. This allows the DataSource to be accessed from all nodes in the cell.

To configure this use the -D $propertiesFilePath option where $propertiesFilePath contains:

java.naming.provider.url=iiop://localhost:jndi_port/

or:

-u iiop://localhost:jndi_port/

To determine the JNDI port to specify, examine the WebSphere configuration.

  1. In the WebSphere administration console, navigate to Application Servers > test_server1 > End Points.
  2. Look at the BOOTSTRAP_ADDRESS property. The port specified is what should be used in the java.naming.provider.url property.

    3. Note  The java.naming.provider.url uses localhost as the hostname. WebSphere 5.x replicates a JNDI server on each node in the cluster so that each application server has its own JNDI server to query. Specify localhost for the host so that each application server in the cluster is used as the JNDI server that Identity Manager queries when the DataSource is being located.

    If the application servers do not have the same port specified in the BOOTSTRAP_ADDRESS property, the java.naming.provider.url can specify multiple urls, for example:

    iiop://localhost:9812,iiop://localhost:9813.

Configuring a Version 4 Data Source

If you want to use a legacy (Version 4) data source, Identity Manager’s deployment descriptor must refer to Servlet 2.2.

  1. Edit the idm/WEB-INF/web.xml file
  2. Confirm that the first line contains:

    3. DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.2//EN" "http://java.sun.com/j2ee/dtds/web- app_2_2.dtd"

Next, use WebSphere's Administrative Console to define a Version 4 data source with an existing JDBC provider. If you need to define a new JDBC Provider for use with Identity Install Pack, see Configuring a JDBC Provider.

  1. Click the Resources tab in the left pane to display a list of resource types.
  2. Click JDBC Providers to display a table of configured JDBC providers.
  3. Click on the name of a JDBC provider in the table. The right pane displays a table of general properties configured for the selected JDBC provider.
  4. Scroll down to a table of additional properties. Click on Data Sources (Version 4). The right pane displays a table of (legacy) Data Sources configured for use with this JDBC provider.
  5. Click the New button above the table of legacy data sources. The right pane displays a table of general properties to configure.
  6. Configure the general properties for the new Version 4 data source. Note the following:
    • The JNDI Name is the path to the DataSource object in the directory service. You must specify this same value as the -f argument in
      setRepo -tdbms -iinitCtxFac -ffilepath.
    • The Database Name is the name of the database instance. It usually has a short name such as waveset or idm_db.
    • The Default User ID is the name that will be used to connect to the DBMS.
    • The Default Password is used to connect to the DBMS.

      • Click OK when you have configured this panel. The Data Sources (Version 4) page is displayed.

      Note  For information on DBMS recovery see Appendix G DBMS Recovery and the Repository.

  7. Click the data source you created. Then scroll down to the table of Additional Properties near the bottom. Click the Custom Properties link.

    8. The right pane displays a table of DBMS-specific properties.

  8. Configure the custom properties for this data source. Click on the link for each property to set its value. Note the following:
    • URL is the only required property. This database URL identifies the database instance and contains driverType, serverName, portNumber and databaseName.You may also specify some of these as individual properties.
    • driverType in this example is thin.
    • serverName is a host name (or an IP address)
    • portNumber is 1521 by default for Oracle.
  9. From the table of Additional Properties, you may also click the Connection Pool link if you wish to configure these properties for performance tuning.

Point the Identity Manager Repository to the Data Source

Use the following steps to point the repository to the newly created data source.

  1. Set the WSHOME environment variable to point to your Identity Install Pack installation; for example:

    2. export WSHOME=$WAS_HOME/installedApps/idm.ear/idm.war

    where $WAS_HOME is the WebSphere home directory, such as /usr/WebSphere/AppServer

  2. Make sure that the JAVA_HOME environment variable is set correctly; for example:

    3. export JAVA_HOME=$WAS_HOME/java

  3. Make sure that the Java executable is in your path; for example:

    4. export PATH=$JAVA_HOME/bin;$PATH

  4. Make sure the classpath is pointing to the WebSphere properties directory, for example

    5. export CLASSPATH=$WAS_HOME/properties

  5. Change to the $WSHOME/bin directory.
  6. (For SQLServer only): Install JTA support:
    1. Copy the sqljdbc.dll file located in the SQLServer JTA directory to the SQL_SERVER_ROOT/binn directory of the SQLServer database server.

      2. Note  The default location of the SQLServer JTA directory is C:\Program Files\Microsoft SQL Server 2000 Driver for JDBC\SQLServer JTA. The default location of SQL_SERVER_ROOT/binn is C:\Program Files\Microsoft SQL Server\MSSQL\Binn.

    2. From the database server, use the ISQL or OSQL utility to run the instjdbc.sql script, which is also found in the SQLServer JTA directory. The following examples illustrate the use of these utilities:

      3. isql -Usa -psa_password -Sserver_name
      -i      location\instjdbc.sql

      osql -E -i      location\instjdbc.sql

  7. Archive a copy of the existing ServerRepository.xml file, in case you need to revert. By default, this file is located in $WSHOME/WEB-INF.
  8. Point the repository to the new location. For example:

    9. lh -Djava.ext.dirs=$JAVA_HOME/jre/lib/ext:$WAS_HOME/lib setRepo -tdbms -iinitCtxFac -ffilepath-icom.ibm.websphere.naming.WsnInitialContextFactory /
    -f    DataSourcePath

    The -Djava.ext.dirs option adds all of the JAR files all of the JAR files in WebSphere's lib/ and java/jre/lib/ext/ directories to the CLASSPATH. This is necessary in order for the setRepo command to run normally.

    Change the -f option to match the value you specified for the JNDI Name field when configuring the data source. See Appendix F setRepo Reference for more information about this command.

  9. Add the following XML to the $WAS_HOME/properties/j2c.properties file within the <j2c-customizations> element.

    10. <cm-properties>

       <logMissingTranContext>false</logMissingTranContext>

    </cm-properties>

    <security-properties connectionFactoryJNDIName="jdbc/waveset">

       <secureMode>false</secureMode>

    </security-properties>

    The <secureMode> element allows the setRepo command to find the data source. The <logMissingTranContext> element prevents WebSphere from filling the SystemOut.log with warnings:

    See http://www-1.ibm.com/support/docview.wss?rs=180&context=SSEQTP&
    q=J2CA0075W&uid=swg21109248 for details about the logMissingTranContext element.

  10. Set the following property to true in the $WSHOME/config/Waveset.properties file:

    11. com.waveset.repository.ConnectionPoolDisable=true

    This setting prevents WebSphere from sending extraneous warnings to the SystemOut.log file. For more information, see http://www-1.ibm.com/support/docview.wss?uid=swg21121449

  11. Restart WebSphere to pick up changes. (This also restarts the system.)

Specifying Additional JNDI Properties to the setRepo Command

The setRepo command provides an option that allows you to specify an arbitrary set of properties. The -D $propertiesFilePath option allows you to specify any number of settings, including vendor-specific properties not specified by JNDI, by including them in a properties file that you create.

For example, to specify a different JNDI port number:

java.naming.provider.url=iiop://localhost:2909

Configuring a WebLogic Data Source for Identity Manager

Use the following procedure to update the repository configuration in Identity Manager to point to a WebLogic Data Source.

Create a WebLogic Data Source

This example procedure describes configuration steps to use an Oracle database driver. Specific entries you make will differ, depending on your database type.

Note  These steps assume that you have:

Create a Connection Pool

  1. Log in to the WebLogic Administrator Web console (by default, http://localhost:7001/console/).
  2. Expand the Services folder for the domain located in the navigation (left) pane.
  3. Expand the JDBC folder.
  4. Expand the Connection Pools folder.
  5. In the right pane (JDBC Connection Pools), click Configure a new JDBC Connection Pool.
  6. For Database Type select Oracle. You can use any of the applicable types. Note that drivers must be installed in order to use them.
  7. Select an applicable drive in the Database Driver selection box. In this example, select Oracle’s Driver (Thin).
  8. Click Continue.
  9. Configure the JDBC driver as follows:

    10. Name: Choose a unique name which identifies your connection pool. For example: myOraConnPool.

    Note  The following Connection Pool Settings are dependent on the driver that you select. The following options are for the Oracle driver and may not be applicable if you choose another kind of driver.

Value

Action

Database Name

Select the name of the oracle database that you wish to connect to. In this example myOraDB.

Host Name

Specify the host name of Oracle DB server.

Port

Specify the port (default is 1521) for the database server.

Database User Name

Specify the database account users name used in the connection.

Password

Specify the password for the account user.

  1. Click Continue.
  2. Test the database connection on this page or click Skip this step. You may need to add additional properties depending on your installation. See the administrator’s guide for your target database.

    3. Note  The JDBC drivers must be installed for this to succeed. Follow the instructions provided with your target driver.

  3. Click Create and deploy.
  4. Configure connection settings for this connection pool:

    5. Example Connection Settings:

    Initial Capacity:20

    Maximum Capacity:100

    Capacity Increment: 10

    Statement Cache Type: LRU

    Statement Cache Size: 20

Create a JDBC Data Source

  1. Expand the Services folder for the domain located in the navigation (left) pane.
  2. Expand the JDBC folder.
  3. Expand the Data Source folder.
  4. In the right pane (JDBC Data Sources), click Configure a new JDBC Data Source.
  5. Configure the JDBC Data Source as follows:

Value

Action

Name

Choose a unique name for this data source. This name is used as a reference throughout the Weblogic Console. For example, MyOraDataSource.

JNDI Name

Specify the JNDI name. This can be the same as the Data Source name. For example MyOraDataSource.

Honor Global Transactions  

Select this check box (selected by default) if you wish to enable global transactions using this data source (see weblogic online help for more information concerning this option). In this example we keep the default.

Emulate Two-Phase Commit for non-XA Driver  

See the WebLogic documentation for further information.

  1. Click Continue.
  2. Select the connection pool from part A. This allows an application to get a connection from the underlying connection pool.
  3. Click Continue.
  4. Select the servers on which you want deploy the new data source.
  5. Click Create.

    6. Note  The configuration steps are saved in your WebLogic config.xml file for a given domain. Changes to the XML file appear as:

    <JDBCConnectionPool DriverName="oracle.jdbc.driver.OracleDriver"

    Name="myOraConnPool" Password="{3DES}7Ne5r7/NaLfLyXYQGBHoYg=="

    Properties="user=myuser" Targets="myserver"

    TestTableName="SQL SELECT 1 FROM DUAL" URL="jdbc:oracle:thin:@my.hostname:1521:mydatabasename"/>

    <JDBCTxDataSource JNDIName="MyOraDataSource"

    Name="MyOraDataSource" PoolName="MyOraConnPool" Targets="myserver"/>

Point The Identity Manager Repository to the Datasource

  1. Set the WSHOME environment variable to point to your Identity Manager installation; for example:

    2. set WSHOME=C:\bea\user_projects\domains\mydomain\applications\idm

  2. Make sure that the JAVA_HOME environment variable is set correctly; for example:

    3. set JAVA_HOME=C:\j2sdk1.4.2_04

  3. Make sure that your chosen database drivers are installed for you Weblogic Server. See the Weblogic documentation for further information. In this example, the Oracle drivers and classes12.jar are installed in following directory:

    4. WebLogicHome\server\lib

    1. On Windows, set the class path to include these files:

      2. set CLASSPATH=%CLASSPATH%;WeblogicHome\server\lib\<MyDBLibrary>

    2. For Oracle, set the class path to include these files:

      3. set CLASSPATH=%CLASSPATH%;c:\bea\weblogic81\server\lib\classes12.zip

  4. Include weblogic.jar in your CLASSPATH. On Windows enter:

    5. set CLASSPATH=%CLASSPATH%;WeblogicHome\server\lib\weblogic.jar

    For example:

    set CLASSPATH=%CLASSPATH%;c:\bea\weblogic81\server\lib\weblogic.jar

  5. Change to the %WSHOME directory.
  6. Remove the j2ee.jar file from WEB-INF\lib\ after making a backup.

    7. Note  Removing the jars from WEB-INF/lib for WebSphere disables the BPE. Move those jars to a different location and create a CLASSPATH variable that points to those jars to re-enable the BPE.

  7. Change directory to the %WSHOME\bin directory
  8. Point the repository to the new location. For example:

    9. lh setRepo -v -tOracle -iweblogic.jndi.WLInitialContextFactory - fDatasourceName -u"t3:Server:Port" -U"Username" -P"Password"

    For example:

    lh setRepo -v -tOracle -iweblogic.jndi.WLInitialContextFactory - fMyOraDataSource -u"t3://localhost:7001/" -U"weblogic" - P"weblogic"

    Note  Change the -f option to match the value you selected for the JNDI Name field.

  9. If there are no reported errors, restart WebLogic to pick up the changes. (This also restarts the Identity Manager system.)


Previous      Contents      Next     

Copyright 2006 Sun Microsystems, Inc. All rights reserved.