Friday, October 30, 2009

Siteminder 6 Web Agent Installation for Suno ONE 6.1


Overview

This document describes the installation and configuration of SiteMinder 6 QMR3 HF01 webagent on iPlanet 6.1 SP2 webserver in accordance with WID Sign-On Services standards. SM 6 QMR4 HF01 is the latest webagent version available at the time of the creation of this document. The installation and configuration process remains the same for the latest version.

Prerequisites

1) Solaris 8 or AIX 5.2

2) iPlanet 6.1 SP 2 Web Server software should be installed successfully on the server.

Only for Solaris based web servers, the following shared memory settings should be set in /etc/system file:
shmsys:shminfo_shmmax 33554432
shmsys:shminfo_shmmin 1
shmsys:shminfo_shmmni 200
shmsys:shminfo_shmseg 24
semsys:seminfo_semmni 200
semsys:seminfo_semmns 400
semsys:seminfo_semmnu 400

It is assumed that the user iwsadmin has been created on the Solaris server. It is further assumed that the SiteMinder agent installation image has been placed on the server for installation, and that all appropriate permissions to the installation image exist.
The following Policy Server information is needed during the configuration and is provided by a SOS.

Policy Server IPs :
Trusted Hostadmin username/password :
Trusted Hostname:
Host Conf Object (HCO):
Agent Conf Object (ACO):

SiteMinder Webagent Installation (Console Mode)

Note: This step is needed when a web server is to be updated to SiteMinder webagent 6. It is performed once per server.

1) Change directory to where the installation zip file has been unzipped and run ./nete-wa-6qmr4-cr001-aix.bin -i console

2) Press “Enter” key until “DO YOU ACCEPT THE TERMS ….” is displayed.

3) When prompted for “DO YOU ACCEPT THE TERMS OF THIS LICENSE AGREEMENT?
(Y/N):”, enter “Y”
4) Press “Enter” key until “Default Install Folder:” is displayed.

5) When prompted for “Default Install Folder:”, enter /opt/netegrity/siteminder6/webagent

6) When prompted for “IS THIS CORRECT? (Y/N):”, enter Y

7) Verify settings and press “Enter” key when prompted for “PRESS TO CONTINUE::”.

8) Installation will start and will prompt with “PRESS TO EXIT THE INSTALLER:” when
complete. When prompted , press “Enter”

SiteMinder webagent Configuration (Console Mode)

Note: This step is needed when a web instance needs to be SiteMinder enabled. The host registration is needed only the first time and has to be skipped for the subsequent webagent configurations. The option “No, I would like “ should be selected for subsequent configurations.


1) Cd /opt/netegrity/siteminder6/webagent

2) ./nete-wa-config.sh -i console

3) When prompted for “ENTER A COMMA-SEPARATED LIST OF NUMBERS REPRESENTING THE DESIRED CHOICES, OR PRESS TO ACCEPT THE DEFAULT:” Enter 1 to select registration of host .

4) When prompted for “Admin User Name (DEFAULT: ):”, enter Hostadmin.

5) When prompted for “Admin Password (DEFAULT: ):”, enter password provided SOS.

6) When prompted for “Confirm Admin Password (DEFAULT:):”, confirm password

7) When prompted for “Enable Shared Secret Rollover (y/n) (DEFAULT: n):”. Enter “Y”

8) When prompted for “Trusted Host Name (DEFAULT: ):” enter Trusted Host name in the form _THST__ENV.

9) When prompted for “Host Configuration Object (DEFAULT: ):” , enter HCO provided SOS

10 ) When prompted for “Policy Server IP Address (DEFAULT: ): Enter comma separated policy server IP addresses provided by SOS.

11) When prompted for “Enter file name (DEFAULT: SmHost.conf):”. Press “Enter” to accept default.

12) When prompted for “Enter location (DEFAULT: /opt/netegrity/siteminder6/webagent/config)”. Press “Enter” to accept default.

13) When prompted for “ENTER A COMMA-SEPARATED LIST OF NUMBERS REPRESENTING THE DESIRED CHOICES, OR PRESS TO ACCEPT THE DEFAULT:”.Enter 3 to select iPlanet or Sun ONE Web Ser

14) When prompted for “Please enter path (DEFAULT: ):” . Enter iPlanet install directory.

15) When prompted for “Select which web server(s) you wish to preserve…:”Enter number corresponding to web server instance.

16) When prompted for “Agent Configuration Object (DEFAULT: AgentObj):”. Enter ACO provided by SOS

17) When prompted for “ENTER THE NUMBER FOR YOUR CHOICE, OR PRESS TO ACCEPT THE DEFAULT:”.Enter 1 to select HTTP Basic over SSL.

18) When prompted for “ENTER THE NUMBER FOR YOUR CHOICE, OR PRESS TO ACCEPT THE DEFAULT:”.Enter 2 to select No.

19) Verify settings and enter 1 to select “Continue” when prompted for “ENTER THE NUMBER OF THE DESIRED CHOICE, OR PRESS TO ACCEPT THE DEFAULT:”

20) When prompted for “Please select a choice.:”.Enter 1 for OK.

21) When prompted for “PRESS TO EXIT THE INSTALLER:”.Press “Enter”

22) Cd to the web server instance config directory and set EnableWebAgent="YES" in WebAgent.conf

23) If you are configuring an agent that has been using a 5x version of the agent, update the magnus.conf and obj.conf as mentioned below, else continue to next step:

Magnus.conf updates:

Delete the following lines used by the 5x Agent version
Init fn="load-modules" shlib="/<5x>/webagent/lib/NSAPIWebAgent.so" funcs="SmInitAgent,SiteMinderAgent,SmRequireAuth,S
mLoginFcc,smGetCred,smMakeCookie,SmSSLLoginFcc" LateInit="no"
Init fn="SmInitAgent" config="/opt/netscape/server61/https-/config/WebAgent.conf" LateInit="no"

Obj.conf updates:

Delete the following entries:
NameTrans fn="pfx2dir" from="/siteminderagent/pwcgi" dir="/<5x>/webagent/pw" name="cgi"
NameTrans fn="pfx2dir" from="/siteminderagent/pw" dir="/<5x>/webagent/pw"
NameTrans fn="pfx2dir" from="/siteminderagent/certoptional" dir="/<5x>/webagent/samples"
NameTrans fn="pfx2dir" from="/siteminderagent/jpw" dir="/<5x>/webagent/jpw"
NameTrans fn="pfx2dir" from="/siteminderagent/redirectjsp" dir="/<5x>/webagent/affwebservices/redirectjsp"
NameTrans fn="pfx2dir" from="/siteminderagent" dir="/<5x>/webagent/samples"

Restart web server and verify webagent log for successful agent initialization

Tar -cvf forms.tar /opt/netegrity/siteminder6/webagent/samples/forms

Cd /opt/netegrity/siteminder6/webagent/samples/forms

Remove all files from /opt/netegrity/siteminder6/webagent/samples/forms directory

Unzip Met_sm6default.zip (This zip file is provided by SOS). The provided login and password templates are out of the box templates modified to use smpwservices.fcc for standard password services.

1 comment:

  1. Good Solution. It would be great if you post the same configuration for web logic instances.

    ReplyDelete