Installing Identity Manager Service Provider Edition

10 Installing Identity Manager Service Provider Edition

Use the following information and procedures to install Identity Manager Service Provider Edition from Identity Install Pack 2005Q3M3. Identity Manager and Identity Manager Service Provider Edition must be installed on separate servers.

Before You Begin

During installation, you need to know:

Your deployment plan. Read the Planning chapter in Service Provider Edition Deployment before proceeding.

Your directory server access information.

JDK 1.4.2.

Your license key.

The configuration objects you intend to export to your directory server.

Schema changes and attributes used for Identity Manager Service Provider Edition.

Installation Steps

Follow these installation and configuration steps, located in this chapter and following chapters:

Step 1: Install the Identity Install Pack software on the machine to be your Identity Manager server.

Step 2: Install the Identity Install Pack software on the machine to be your Service Provider Edition server.

Step 3. Perform the Bootstrap configuration.

Step 4: Export Identity Manager configurations to the directory server.

Step 5: Set up a transaction database.

Step 1: Install the Identity Install Pack Software on Your Identity Manager Server

Install the Identity Install Pack software on your server by referring to Before You Install on page 1-1 and the appropriate installation chapter in this guide.

Step 2: Install the Identity Install Pack Software on Your Service Provider Edition server

You may install the software using one of two methods:

Using the installer GUI

Run the install.bat (for Windows) or install (for UNIX) command to launch the installation process.

The installer displays the Welcome panel.

Using the nodisplay option (UNIX)

Change directory to the Identity Install Pack software location. Enter the following command to activate the installer in nodisplay mode:

install -nodisplay

The installer displays the Welcome text. The installer then presents a list of questions to gather installation information in the same order as the GUI installer in these procedures.

Click Next to display the Install or Upgrade? panel.

Leave the New Installation option selected, and then click Next.

The installer displays the Select Installation Directory panel.

You may also upgrade from Identity Manager 5.0 through 5.0 SP5.

Replace the displayed directory location with the location where you want to install Identity Install Pack. This could be a staging location or a specific folder. Enter the location (or click Browse to locate it), and then click Next.

Unless you plan to create a new context (virtual directory) in Tomcat's server.xml directory, install Identity Manager in %TOMCAT_HOME%\webapps\idm.

If the directory you enter does not exist, the installer prompts for confirmation, and then creates the directory.

Click Next to begin installation.

After installing files, the installer displays the Launch Setup panel.

Click DONE on the Setup Wizard panel.

Getting More Information

When installation completes, the installer displays the Installation Summary panel. For detailed information about the installation, click Details.

Depending on the amount of information captured during the installation process, not all messages may not be displayed here. View the log file identified on the Details panel for more information.

When finished, click Close to exit the installer.

To enable the Service Provider Edition server, uncomment the following line in the $Install/config/Waveset.Properties file:

spe.enableServer=true

Step 3: Perform the Bootstrap Configuration

Service Provider Edition requires a directory for the storage of configuration objects and managed user accounts. Access information for this directory must be stored in a file called the bootstrap configuration file. Once this file is read and a connection to the directory is established, further configuration is read from the directory.

The SpeConfiguration.xml file is found in the config subdirectory of the Service Provider Edition installation directory. This file is encrypted, and must be edited using the speconfig utility. This file is similar to the ServerRepository.xml file which contains the bootstrap connection information for the IDM repository.

From a command line, change to the Identity Manager installation directory.

Set environment variables with these commands:

set WSHOME=<Path_to_idm_directory>
set JAVA_HOME=<path_to_jdk>

export WSHOME JAVA_HOME

To edit the bootstrap configuration file enter the following:

cd $WSHOME/bin
lh speconfig

Under the Main tab enter the following connection parameters for you directory server installation.

Host - The name of the host where the directory server is running

Port - The number of the TCP port on which the directory server is listening

SSL - Select if SSL is to be used when opening the connection

User - The name of a directory server account to be used by Service Provider Edition for managing configuration and user data.

Password - The password of the specified user

Base DN - The base distinguished name (DN) for the connection

Configuration Object DN - The path relative to Base DN under which Service Provider Edition configuration objects are stored

Click the Test button to connect to the directory server with the current set of parameters.

If appropriate, click on the Configuration Object Classes tab.

Enter or edit any object classes you wish to configure at this time.

If appropriate, click on the Configuration Schema Map.

Enter or edit any Schema information you wish to configure at this time.

Save your information by clicking Save. If you click on Exit all of the changes are discarded.

Step 4: Exporting Configuration Properties

You must export the desired configuration properties from your Identity Manager server to your directory server. This is done either using the configurator user interface or by using the speconsole utility. See Chapter 2 Initial Configuration in the Identity Manager Service Provider Edition Administration Addendum for further details.

Step 5: Set Up a Transaction Database

A database must be set up to store the transaction data. If you plan to do this, use the general procedures in this section as guidelines when setting up the transaction database. Your database administrator may choose to customize the provided scripts to suit your site-specific configuration and standards.

WARNING If you store the transaction data in a local file system, you should select a location outside of the application or Web server directory structure. The dynamic directories created for the transaction data cannot be protected from intruders who might use a Web browser to scan directories serviced by the Web server.

Note You must configure your database with a character set that supports the characters that you want to store. If you need to store multi-byte characters, you should use a character set (such as UTF-8) that supports Unicode.

About the Sample Database Scripts

Identity Install Pack provides sample database scripts that you can modify and use to create tables and indexes. You may choose to use an alternate method to create equivalent tables and indexes, but must meet these requirements:

Tables (or views) must exist with the names specified in the sample DDL.

Each named table (or view) must be owned by (or aliased to) the proxy user that is represented as “waveset” in the sample DDL.

Each named table (or view) must contain all of the columns specified for that table in the sample DDL.

Each named column must have a data type that is consistent with the data type specified for that column in the sample DDL.

Sample files that create tables for Service Provider Edition are in:

create_spe_tables.oracle

create_spe_tables.db2

You can modify the sample scripts to suit your environment. Common changes include:

Specifying a different proxy user

Specifying different tablespaces, or separate tablespaces for tables and indexes

Changing a data type. This is acceptable if a view or the JDBC driver makes the change transparent.

Adding columns. This is acceptable if each column is nullable or defaulted.

Removing or renaming columns. This is acceptable if a view makes this transparent.

Renaming indexes

If you choose to set up Index data in regular files in a file system, skip to the chapter detailing Identity Install Pack installation. Otherwise, go to one of the sections in this chapter to set up:

Oracle

IBM DB2 Universal Database for Linux, UNIX, or Windows

Setting Up Oracle

Follow these steps to set up Oracle for use with the application.

Note See Supported Software and Environments for supported database server versions, and for download or product locations.

Install Oracle or confirm the connection to an Oracle database.

Connect to the Oracle instance as a user with privileges to create users and tables.

Create the database. To do this:

Copy the create_SPE_tables.oracle script from the db_scripts directory on the installation CD (or from the idm\sample directory if you have already installed) to a temporary location.

Modify the create_SPE_tables.oracle script:

Change the user password.

Change the path for DATAFILE to point to the location for your waveset.dbf data file.

Create the new tables by using the following command:

On Windows

sqlplus dbausername/dbapassword @create_SPE_tables.oracle

On UNIX

sqlplus dbausername/dbapassword @create_SPE_tables.oracle

Setting Up DB2

Before setting up DB2, you should decide how DB2 will provide JDBC access.

JDBC Access Considerations

DB2 offers two types of JDBC access, each of which requires a different URL format. The setup process allows you to select a preferred driver and automatically displays the corresponding URL template.

The application driver (COM.ibm.db2.jdbc.app.DB2Driver) requires local client software and a local database instance. Since DB2 runs on a separate (often dedicated) host in most production environments, the local database instance usually contains an alias to the remote database instance. In this configuration, the local database instance uses a DB2-specific protocol to communicate with the remote database instance.

The network driver (COM.ibm.db2.jdbc.net.DB2Driver) does not require local client software or a local database. It does require that the DB2 Java Daemon (db2jd) be running on the target server. (In most production environments, the target server is a separate host, but the network driver works as well with a local database instance.) This daemon is not started by default, but the database administrator can start it manually or configure it to start automatically when the database instance starts.

The DB2 driver connects to the db2jd daemon over the network. It also connects with a DB2 proxy.

DB2 Setup

Follow these steps to set up DB2.

Note See Supported Software and Environments for supported database server versions, and for download or product locations.

Install DB2 or confirm the connection to a DB2 database.

Connect to the DB2 instance as a user with privileges to create users and tables.

Create the database. To do this:

Copy the create_SPE_tables.db2 script from the db_scripts directory on the installation CD (or from the idm\sample directory if you have already installed) to a temporary location.

Modify the create_SPE_tables.db2 script:

Change the user password.

Change the path for the CREATE_TABLESPACE command to a location appropriate for your environment.

Create the new tables by using the following command:

On Windows

db2 -tvf create_SPE_tables.db2

On UNIX

db2 -tvf create_SPE_tables.db2

Previous Contents Next

Previous Contents Next
Sun Java System Identity Pack 2005Q4M3 Installation