Chapter 4   Running the System

Once you've installed and configured, this chapter shows you how you can test your system is up and running correctly and processing payments requests as expected.

Starting the system

---

Before checking any particular component you must bring the individual components up and make sure that the system is actually running. Starting the system must be performed in a particular order otherwise components will fail to communicate properly. The order for starting the system is:

1. Oracle 8i

2. nCipher HSMs on all machines

3. iMQ for Java 2.0 on both the Buyer and Seller Bank machines

4. Bank in a Box and iWS 6.0 on the Buyer and Seller Bank machines

5. Bank in a Box administration tool server and iWS 6.0 on the Buyer and Seller Bank machines

6. iTPS on the Buyer and Seller machines
   1. iWS 4.1on both the Buyer and Seller Bank machines

   2. iAS 6.0 on both the Buyer and Seller Bank machines

   3. iTTM 2.2.1 on both the Buyer and Seller Bank machines

7. JMS Proxy on both the Buyer and Seller Bank machines

8. Buyer web site (BFI) web server

9. Tooledup Seller web site web server

The following sections provide instructions for checking that components are running, starting and stopping each component.

Oracle 8i

Oracle 8i is a complex product and the instructions are intended as a quick list of items that are useful when trying to determine the status of the Oracle installation.

Table 2:

Information Type	Example Set-up Value for Oracle 8i
Install directory	Oracle program files: /opt/oracle/app/product/8.1.7/bin Oracle data files: /identrusdb/orcl
Oracle user login	Username: oracle, Password: oracle
Sqlplus - dba admin	Username: sys, Password: change_on_install
Sqlplus - tbase user	Username: tbase, Password: tbase
Operational ports	Oracle ports: 1521
SID	orcl

Useful information to check on the installation and make a note of:

Useful commands for starting and stopping Oracle. Checking Oracle is running can be performed by looking at the running processes using the process grep or process list commands. If Oracle is not running then you will need to log in as the Oracle superuser and start the Oracle.

Table 3:

Action or check	Command or output
To start server	As oracle user: svrmgrl; connect internal; startup; exit lsnrctl; start; exit
To stop server	As oracle user: lsnrctl; stop; exit svrmgrl; connect internal; shutdown; exit
Processes grep	ps -ef | grep oracle
Process list - there will be an oracle orcl for each application connection.	oracle 9862 1 0 12:48:10 ? 0:00 orcl (DESCRIPTION=(LOCAL=no)(ADDRESS=(PROTOCOL=BEQ))) oracle 764 1 0 Mar 07 ? 0:01 /opt/oracle/bin/tnslsnr LISTENER -inherit oracle 751 1 0 Mar 07 ? 0:00 ora_pmon_orcl oracle 753 1 0 Mar 07 ? 0:00 ora_dbw0_orcl oracle 755 1 0 Mar 07 ? 0:00 ora_lgwr_orcl oracle 757 1 0 Mar 07 ? 0:22 ora_ckpt_orcl oracle 759 1 0 Mar 07 ? 0:02 ora_smon_orcl oracle 761 1 0 Mar 07 ? 0:00 ora_reco_orcl oracle 9771 1 0 12:47:58 ? 0:00 oracleorcl (DESCRIPTION=(LOCAL=no)(ADDRESS=(PROTOCOL=BEQ)))
Tables of interest	Auditdata: Contains internal audit information and indicates what the TC has processed. Error: Shows unexpected errors e.g. cannot communicate with Certificate Authority Error_support: Shows any java stack trace associated with the error table.

nCipher

To check that the nCipher is running perform a process list on each machine. If no nFast process is in the list you will need to start the nFast hard server using the appropriate command.

Table 4:

Information Type	Example Set-up Value nCipher
Install directory	/opt/nfast
Operational ports	9000
To start server	nfast start
To stop server	nfast stop
Processes grep	ps -ef | grep hard
Process list	nfast 4241 1 0 Mar 05 ? 0:22 ../sbin/hardserver -llogfile nfast 4246 4241 0 Mar 05 ? 0:10 ../sbin/hardserver -llogfile
Documentation	nCipher KeySafe 1.0 http://www.ncipher.com

iMQ for Java 2.0

iMQ for Java 2.0 needs to be started before iTPS can be run. The following illustrates this:

# cd /opt/SUNWjmq/bin

# ./jmqbroker

[06/Sep/2001:12:50:14 GMT]

==================================================================

iPlanet Message Queue for Java

Copyright 2001

Version: 2.0 SP1 (Build 321-b)

Sun Microsystems, Inc.

Compile: Fri Aug 3 10:30:43 PDT 2001

All Rights Reserved

This product includes code licensed from RSA Data Security.

==================================================================

Java Runtime Version: 1.3.0_02 Sun Microsystems Inc. /opt/SUNWjmq/jre

[06/Sep/2001:12:50:15 GMT] [B1060]: Loading persistent data...

[06/Sep/2001:12:50:16 GMT] [B1039]: Broker "jmqbroker@windstorm:7676" ready.

This will create a JMQ broker that was the default port 7676. If you want to specify a different port then use:

./jmqbroker -port <portnumber>

Bank in a Box

To run the Bank in a Box, run the biab script located in the scripts directory. The script accepts the following arguments, although none are required for normal operation

Table 5:

-verbose	verbose output
-debug	debug output
-quiet	only display warnings and errors
-logfile <file>	Specify the name of a file for log output
-admin	Enter user administration mode

If the server was started in admin mode, user management may be performed at the BiaB command line. The following commands are accepted:

Table 6:

adduser <username> <password>	Adds a user to the system
enableuser <username>	Enables a user account
disableuser <username>	Disables a user account
listusers	Displays a list of user accounts
version	Displays the version of the software

Bank in a Box Back End can be started as follows:

bash-2.03# ./scripts/biab -debug

[AUDIT] Starting BIAB [V1.0-1001500003703-18]

Bank in a Box administrator tool

The Bank in a Box administrator tool is a Web server application running on iAS 6.0. To check that the Web Server is running use the grep command given below. If the server is not running then start the admin server and use the tools within the adminserver to manage the web server

Table 7:

Information Type	Example Set-up Value iws6
Install directory	/opt/iws6
Administration logon	Username: iwsadmin, Password: identrus
Operational ports	Server: 80, Admin: 8888
To start server	/opt/iws6/https-<Host-Name>/start
To stop server	/opt/iws6/https-<Host-Name>/stop
To start admin server	/opt/iws6/https-admin/start
To stop admin server	/opt/iws6/https-admin/stop
Processes grep	ps -ef | grep iws
Process list	nobody 9876 1 0 12:52:08 0:00 ./uxwdog -d /opt/iws6/https-<Host-Name>/config nobody 9877 9876 0 12:52:08 0:01 ns-httpd -d /opt/iws6/https-<Host-Name>/config also /opt/iws6/https-admin/config if the admin is running
Install logs	/opt/iws6/setup/WebServer/
Log directory	/opt/iws6/https-<Host-Name>/logs
Document root	/opt/iws6/docs
Installation and Configuration Documents	http://docs.iplanet.com/docs/manuals/enterprise/50/ig/contents.htm http://docs.iplanet.com/docs/manuals/enterprise/50/ag/esgstart.htm#1003083

iTPS

The iTPS is reliant on three components running:

• iWS 4.1

• iAS 6.0

• iTTM 2.2.1.

If all these components have been started correctly then the iTPS component should be available. To check to ensure that the components are running, use the grep commands shown in the tables below. If iTTM is running, but iAS is not, shutdown the iTTM and restart the components starting with iAS 6.0 .

iWS 4.1

Table 8:

Information Type	Example Set-up Value for iWS4.1
Install directory	/opt/netscape/server4
Administration logon	Username: iwsadmin, Password: identrus
Operational ports	Server: 80, Admin: 8888
To start server	/opt/netscape/server4/https-<Host-Name>/start
To stop server	/opt/netscape/server4/https-<Host-Name>/stop
To start admin server	/opt/netscape/server4/https-admin/start
To stop admin server	/opt/netscape/server4/https-admin/stop
Processes grep	ps -ef | grep iws
Process list	nobody 9876 1 0 12:52:08 0:00 ./uxwdog -d /opt/netscape/server4/https-<Host-Name>/config nobody 9877 9876 0 12:52:08 0:01 ns-httpd -d /opt/netscape/server4/https-<Host-Name>/config also /opt/netscape/server4/https-admin/config if the admin is running
Install logs	/opt/netscape/server4/setup/WebServer/
Log directory	/opt/netscape/server4/https-<Host-Name>/logs
Document root	/opt/netscape/server4/docs
Installation and Configuration Documents	http://docs.iplanet.com/docs/manuals/fasttrak/41/ig/contents.htm http://docs.iplanet.com/docs/manuals/fasttrak/41/ag/esgstart.htm#998517

iAS 6.0

Table 9:

Information Type	Example Set-up Value for iAS6.0
Install directory	/opt/iplanet/ias6
Administration logon	Username: admin, Password: password
Operational ports	Directory Admin: 20000, kas admin:10817, Directory server: 389
To start server	/opt/Trustbase/TTM/Scripts/startias
To stop server	/opt/Trustbase/TTM/Scripts/stopias
Installation logs	/opt/iplanet/ias6/setup/
Processes grep	ps -ef | grep ias To get just the 'kiva' processes (the ones that do the jvm work) do a ps -ef | grep k.s
Process list	root 10066 10064 0 14:33:21 0:03 /opt/iplanet/ias6/ias/bin/.kjs -cset CCS0 root 10059 9504 0 14:33:16 pts/6 0:00 /opt/iplanet/ias6/ias/bin/.kas root 9504 1 0 12:47:38 pts/6 0:00 /bin/sh /opt/iplanet/ias6/ias/bin/kas root 10070 1 0 14:33:25 0:00 /bin/sh /opt/iplanet/ias6/ias/bin/kcs -cse t CCS0 -eng 2 root 10064 1 0 14:33:21 ? 0:00 /bin/sh /opt/iplanet/ias6/ias/bin/kjs -cset CCS0 -eng 1 root 1061 1 0 14:33:19 ? 0:00 /bin/sh /opt/iplanet/ias6/ias/bin/kxs -cset CCS0 -eng 0 root 10072 10070 0 14:33:25 ? 0:00 /opt/iplanet/ias6/ias/bin/.kcs -cset CCS0 -eng 2 root 10062 10061 0 14:33:19 ? 0:01 /opt/iplanet/ias6/ias/bin/.kxs -cset CCS0 -eng 0 nobody 8174 1 0 12:45:04 ? 0:04 ./ns-slapd -f /opt/iplanet/ias6/slapd-unix d02/config/slapd.conf -i /opt/iplanet/ias6/slapd-<Machine-name> (check?)
Logged processes	kxs_0_CCS0: Contains information about the incoming message and the plugin start and stop kjs_0_CCS0: Contains the standard out from any running java process - can contain some debug information.
Installation Document	http://www.iplanet.com/products/infrastructure/app_servers/index.html

iTTM 2.2.1

Table 10:

Information Type	Example Set-up Value for iTTM 2.2.1
Install directory	/opt/Trustbase
Administration logon via web	Username: administrator, Password: administrator
Certificate manager	/opt/Trustbase/TTM/Scripts/runcertmanager
Operational ports	Admin via web: 80 (http://10.211.20.50/NASAdapter/logon.html)
To start server	/opt/Trustbase/TTM/Scripts/starttbase
To stop server	/opt/Trustbase/TTM/Scripts/stoptbase
Property file location	/opt/Trustbase/TTM/<Host-Name>/
Processes grep	ps -ef | grep java
Process list	root 9658 1 0 12:47:48 pts/6 0:04 /usr/bin/../java/bin/../jre/bin/../bin/sparc/native_threads/java uk.co.jcp.app. root 9713 1 0 12:47:53 pts/6 0:08 /usr/bin/../java/bin/../jre/bin/../bin/sparc/native_threads/java uk.co.jcp.tbas root 9790 1 0 12:48:03 pts/6 0:12 /usr/bin/../java/bin/../jre/bin/../bin/sparc/native_threads/java uk.co.jcp.secu
Installation Document	http://docs.iplanet.com/docs/manuals/trustbase/221/install/contents.htm

Enabling the JMSProxy

1. If not already running, In a separate window start the iMQ message queue:

/opt/SUNWjmq/bin/jmqbroker -tty

2. To run the JMS proxy, run the jmsproxy script located in the scripts directory as

   <jms_install_directory>/jmsproxy/scripts/jmsproxy

Buyer and Seller web applications

These Web applications are both deployed on top of the iWS 6.0 installations on the Buyer and Seller Web site machines. In order to check that these applications are available, use a browser to go to the appropriate URL.

Table 11:

Information Type	Example Set-up Value iws6
Install directory	/opt/iws6
Administration logon	Username: iwsadmin, Password: identrus
Operational ports	Server: 80, Admin: 8888
To start server	/opt/iws6/https-<Host-Name>/start
To stop server	/opt/iws6/https-<Host-Name>/stop
To start admin server	/opt/iws6/https-admin/start
To stop admin server	/opt/iws6/https-admin/stop
Processes grep	ps -ef | grep iws
Process list	nobody 9876 1 0 12:52:08 0:00 ./uxwdog -d /opt/iws6/https-<Host-Name>/config nobody 9877 9876 0 12:52:08 0:01 ns-httpd -d /opt/iws6/https-<Host-Name>/config also /opt/iws6/https-admin/config if the admin is running
Install logs	/opt/iws6/setup/WebServer/
Log directory	/opt/iws6/https-<Host-Name>/logs
Document root	/opt/iws6/docs
Installation and Configuration Documents	http://docs.iplanet.com/docs/manuals/enterprise/50/ig/contents.htm http://docs.iplanet.com/docs/manuals/enterprise/50/ag/esgstart.htm#1003083

If the Web Servers are not running then use the process grep (on the host machine) to check that the web server is running. If the Web Server process is not running then start the webserver using the admin console.

Running the Models

---

We now describe how to run the system for each main kind of Payment Model

Running the Three Corner Model

In this situation the Buyer's Bank is the same as the Seller's Bank, i.e. the buyer and the seller have both been issued with certificates from the same Financial Institution.

1. User interfaces with the Seller's Website, in this case TooledUp, and initiates a payment

2. Payment Message gets sent to the iPlanet Trustbase Payment Services Server

3. iPlanet Trustbase Transaction Manager informs its backend system or in this example Bank in a Box.

4. Bank in a Box then sends confirmation of payment to TooledUp

5. The status of this payment initiation is returned back to the seller and hence buyer.

Running the Four Corner Model (SFIM)

1. Buyer interfaces with Seller's Website, in this particular instance TooledUp, and initiates a payment.

2. Payment Message gets sent to iPlanet Trustbase Payment Services Server at the Seller's Bank informs its back end systems that in turn informs the Buyers Bank.

3. Buyers Bank informs back end system, in this case Bank in a Box.

4. A response is returned to its financial institution

5. The SFI on receiving the response from the BFI informs its back end systems and response gets sent to the Sellers Website confirming payment.

Making a Payment via the Buyers Bank (BFIM)

1. If the Subscriber signed data is signed by the Buyer then
   1. Buyer initiates payment from the Buyers Bank Website

   2. Payment Message is sent to iPlanet Trustbase Payment Services that in turn informs the Buyers Bank back end systems.

   3. Response gets returned to Buyers Bank Website

2. If the seller has signed the subscriber signed data then
   1. Buyer initiates payment from the Buyers Bank Website

   2. Payment Message is sent to iPlanet Trustbase Payment Services that in turn informs the Buyers Bank back end systems.

   3. The BFI informs the seller's SFI

   4. The SFI informs its back end systems

   5. Response sent back to the BFI

   6. BFI responds back to the buyer

   
   

   ---

   Note	More Information about how each payment scheme defines its Models and Payment products can be found at http://www.identrus.com Example supported Schemes include: Eleanor Payment Reference Specification

   ---

   
   

Initiating Payment via Sellers Website TooledUp

---

You can test the system has been installed correctly by going to the Tooledup Website and initiating a payment as follows.

1. Go to TooledUp http://<server_name>:<port>/<uri_path>/tooledup

Figure 4-1    TooledUp Main Menu

2. Insert Your Smart Card and login. The following menu appears

Figure 4-2    TooledUp Ltd Catalogs

3. Select a product to purchase

Figure 4-3    TooledUp Category Selection

4. Add it to the Shopping Basket

Figure 4-4    Add to Shopping Basket

5. Shopping Basket Details

Figure 4-5    Shopping Bag Details

6. Make delivery Details

Figure 4-6   

Enter Delivery Details

7. Make payment. Select Submit at the bottom of the Delivery screen menu

8. Confirm Delivery Details and Payment type

Figure 4-7    Payment Type

9. Confirm Delivery Details

Figure 4-8    Confirm Delivery Details

10. Payment Accepted

Figure 4-9    Payment Accepted

11. Payment Confirmation

    The XML message from this transaction can be confirmed in a number of different ways:

    1. Via your API com.iplanet.trustbase.initiator.cpi

    2. Viewing the Identrus raw_data log (see your iPlanet Trustbase Transaction Manager Developer Guide http://docs.iplanet.com/docs/manuals/trustbase/221/dev/ittm22dn.htm#131923 )

    3. Editing IWS6 startup UNIX script

       <IWS6_ Install_Directory>/https-<Server_Name>start

    by adding a debug feature as follows:

    case $arg in

             -debug)

    ./ns-httpd -d $PRODUCT_SUBDIR/config

    exit 0

    ;;

    -start)

    ./$PRODUCT_BIN -d $PRODUCT_SUBDIR/config $@

    if test $? -ne 0 ; then

    exit 1

    fi

    then run the script as

    ./start -debug

12. Check Order List. Finally there is a Tooled Up screen to display confirmed payment requests.

Figure 4-10    Order List

Running Bank in a Box Back End

1. Once the classpath is correct and the queue properties are set, restart the server instance. For instance:

   /opt/iws6/https-admserv/start

   /usr/iplanet.servers/https-porsche.uk.sun.com/start

2. If not already running, In a separate window start the iMQ message queue:

   /opt/SUNWjmq/bin/jmqbroker -tty

3. If not already running, in a separate window start the jmsproxy

   /opt/iplanet/jmsproxy/scripts/jmsproxy

4. Start the bank in a box back end in a separate window:

   ./opt/iplanet/biab/scripts/biab

5. Once deployed successfully, the Web Site can be accessed from the browser with the following url.

   http://<hostname>:<port>/<uri_path>/Biab

Running Bank in a Box Admin Tool

The Bank in a Box (BiaB) has been expanded to allow it to present a user interface permitting examination of messages received, and sending of response messages. This allows a standard installation of iTPS to be used in a live system, by requiring manual intervention between the BiaB interface and the real bank back end infrastructure. Clearly, this approach is only feasible for very low transaction volumes, but does allow evaluation of the product prior to full scale integration with the existing back end infrastructure. The system also allows you to acknowledge Payments. The following provides a walkthrough of this operation

1. Make Sure your BiaB Backend Server is running and a username and password has been allocated to. This can be changed by starting the BiaB in Admin mode and typing

   adduser <username> <password>

2. Load the following URL in your browser:

   http://<hostname><port>/<uri_path>/Biab

Figure 4-11    Bank in a Box MainMenu

3. Type in the username and the password. The following menu appears

Figure 4-12    Bank in a Box Admin Tool Homepage

4. Select <messages in progress>

5. An example screen containing some messages now follows. Clearly the first time there will be no messages.

Figure 4-13    BiaB Message Screens

6. There are three options for viewing a message
   1. Select <re-sort> to reorder messages

   2. Select <Create Search> to restrict the number of messages displayed on the screen

Figure 4-14    BiaB message searching

1. Select an individual message to view and the following screen appears:

Figure 4-15    BiaB Message Details

7. Below are listed the acknowledgments that could be sent from the BiaB
   1. Complete

   2. Execution

   3. PayInst

   4. Cancellation

   5. Obligation

   6. Services

Figure 4-16    Acknowledging a message

Depending on the type of the request message some options may not be available. The precise definitions of each of these options can be found in the Eleanor Technical Specification

8. Each individual message can be viewed in more detail by selecting the <XML> tag

Figure 4-17    An XML Message

9. Options are available to sort and retrieve messages from an index.

Initiating Payment via Buyers Bank Website

---

This example is of a Web Site hosted by the Buyer's bank accessed by Buyers who belong to the Eleanor Payment Scheme. It provides the ability for the buyer to initiate payment requests and cancellations directly with its bank.

1. Type in the URL of the Buyer's Bank Website. For example

   http://<server_name>:<port>/<uri_path>/bfi

Figure 4-18    Buyers Bank Website Homepage

2. Select <Make Payment>

Figure 4-19    Initiate Payment

Details of what each of these fields mean can be found in your payment Scheme Specification

3. Check the details you have entered are correct and sign the payment using your buyers certificate you configured in the previous chapter

Figure 4-20    Sign Payment

4. Finally when the payment has been initiated a Payment message will be sent to the URL of the Buyers Bank in which you installed iPlanet Trustbase Payment Services on. The following steps take place:
   1. Buyer Website sends Payment to CPI Library located on the Buyers Website Webserver

   2. CPI Library forwards this to iPlanet Trustbase Payment Services

   3. iPlanet Trustbase Payment Services processes the message and forwards the reply to the Buyers CPI Library located on the Buyers Webserver

Figure 4-21    Payment Initiation completed successfully

5. Information appears on the Buyers Screen confirming payment. Select <List Payment> to check the information that you have entered has been processed as a payment.

Figure 4-22    List Payment

Running the CPI Test program

Please refer to "Installing the CPI API (step 5)"