(Optional) Install the Risk RESTful API on a stand alone system (Linux)
The Risk RESTful APIs can be installed on a system separate from your CA Risk Authentication Server.
aa82test
Installation for Linux
The Risk RESTful APIs can be installed on a system separate from your CA Risk Authentication Server.
Follow these steps:
- Log in and navigate to the directory where you untarred the installer.
- Verify that you have the permission to run the installer. If not, run the following command:chmod a=rx CA-RiskAuthentication-8.2-Linux-Installer.bin
- Run the installer by enter the following command and then pressing Enter:prompt> sh CA-RiskAuthentication-8.2-Linux-Installer.binIf you are executing the installer with root login, then a warning message appears. EnterYto continue, or enterNto quit the installation. If you have exit the installer screen, then run the installer again.
- Click Next.
- Read the License Agreement and press Enter to go to the next screen of the license text. You may have to press Enter multiple times.Enteryto accept the acceptance of License Agreement and to continue with the installation.If you pressn, then a warning message is displayed and the installation is stopped.The installer now checks if other CA products exist on the system.If the installer detects an existing CA product installation (an existing ARCOT_HOME), then:
- You are not prompted for an installation directory.
- You are not prompted for the database and encryption setup. The installer uses the existing database and encryption settings. As a result, you can move to Step 6, though the configuration is disabled. You do not have to perform Step 10 as the screens of it do not get displayed.
- Click Next.
- Perform one of the following steps for choosing the installation location:
- Enter the absolute path of the directory where you want to install CA Risk Authentication and pressEnterto continue.The installation directory name that you specifymust notcontain any spaces. If it does, then some CA Risk Authentication scripts and tools may not function as intended.
- PressEnterto accept the default directory that is displayed by the installer.
- (Applicable only if you are installing on a system that already has an existing Advanced Authentication product installed)Select one of the following options, and press Enter:
- 1: Enter a new path.
- 2: Use the location at which the existing Advanced Authentication product is installed.
- Select the Complete installation, and then press Enter.
- Enter the number corresponding to your choice of database (1.MS SQL Server2.Oracle Database), and press Enter.
- Microsoft SQL ServerIf you are using a SQL database, verify that the ODBC Driver version you are using is the same as the one mentioned in Preparing for Installation.
- Oracle DatabaseCA Risk Authentication is certified to work with Oracle Real Application Clusters (Oracle RAC). To use Oracle RAC on CA Risk Authentication Installation, select Oracle Database in this step, perform the next step (Step 7), and then perform the steps in Configuring CA Risk Authentication for Oracle RAC (W).
- Complete the following information, and press Enter:
- Microsoft SQL Server:
- ODBC DSNDefines the value by which the installer creates the DSN. CA Risk Authentication Server then uses this DSN to connect to the CA Risk Authentication database. The recommended value to enter isarcotdsn.
- ServerSpecifies the host name or IP address of the CA Risk Authentication datastore.Default InstanceSyntax: <server_name>Example: demodatabaseNamed InstanceSyntax: <server_name>\<instance_name>Example: demodatabase\instance1
- User NameSpecifies the database user name. The user must have the create session and DBA rights.Note:The User Name for the Primary and Backup DSNs must be different.
- PasswordSpecifies the password associated with the User Name. This password is specified by the database administrator.
- DatabaseSpecifies the name of the MS SQL database instance.
- Port NumberSpecifies the port number at which the database listens to the incoming requests.Default Port:1433
- Oracle Server:
- ODBC DSNSpecifies the value by which the installer creates the DSN. CA Risk Authentication Server then uses this DSN to connect to the CA Risk Authentication database. The recommended value to enter isarcotdsn.
- User NameSpecifies the database user name for CA Risk Authentication to access the database. This name is specified by the database administrator.The user must have the create session and DBA rights.Note:The User Name for the Primary and Backup DSNs must be different.
- PasswordSpecifies the password associated with the User Name you specified in the previous field. This password is specified by the database administrator.
- Service IDSpecifies the Oracle System Identifier (SID) that refers to the instance of the Oracle database running on the server.
- Port NumberSpecifies the port at which the database listens to the incoming requests..Default:1521
- Host NameSpecifies the host name or IP address of the CA Risk Authentication datastore.Syntax: <server_name>Example: demodatabase
- For backup database access configuration , perform one of the following steps:
- Typento skip the configuration of the secondary DSN, when prompted, and press Enter.
- Typeyto configure the secondary DSN, when prompted, and press Enter.
- Select the encryption mode and enter the information that is used for encryption.
- Master KeySpecifies the password for the Master Key which is used to encrypt the data stored in the database.Default Value:MasterKeyIf you want to change the value of Master Key after the installation, then regenerate securestore.enc with a new Master Key value. SeeChanging Hardware Security Module Information After the Installationfor more information.
- Configure HSM(Optional) Specifies if you will use a Hardware Security Module (HSM) to encrypt the sensitive data. If you do not select this option, then, by default, the data is encrypted by using the Software Mode.
- PINIdentifies the password to connect to the HSM.
- Choose Hardware ModuleSpecifies one of the following HSMs:
- 1.Luna HSM
- 2.nCipher netHSM
- HSM ParametersSet the following HSM information:Shared Library:The absolute path to the PKCS#11 shared library corresponding to the HSM.For Luna (cryptoki.dll) and for nCipher netHSM (cknfast.dll), specify the absolute path and name of the file.Storage Slot Number:The HSM slot where the 3DES keys used for encrypting the data are available.
- For Luna, the default value is 0.
- For nCipher netHSM, the default value is 1.
The HSM parameter values are recorded in arcotcommon.ini, which is available in <install_location>\Arcot Systems\conf\. To change these values after installation, edit this file, as discussed inConfiguration Files and Options.Click Next.
- Review the information in the Pre-Installation Summary screen, and press Enter.
- Press Enter to begin Installation. If you would like to change a configuration on any of the previous screens, click Back until you reach the screen. Make the required changes, and press Enter to proceed to continue.
- PressEnter. This may take several minutes, because the installer now does the following tasks:
- It copies all the components and their related binaries in the installation directory.
- It stores database settings in the arcotcommon.ini file and the password in the securestore.enc file.
- It writes to the required INI files.
- It sets the environment variables such as, JNI_LIBRARY_PATH for Administration Console and ODBC_HOME, ODBCINI, ORACLE_HOME, and ORACLE_LIB_PATH in the arrfenv file.
- It creates or overwrites, as specified in a previous screen, the Primary DSN and Backup DSN (if selected and configured) by using the selected ODBC driver in the odbc.ini file.
is complete. - PressEnterto exit the installer.You may have to wait for a few minutes (for the installer to clean up temporary files) until the prompt reappears.
- Verify that UTF-8 support is enabled. To do so perform the following steps:
- Navigate to the<install_location>/arcot/odbc32v70wf/odbc.ini file.
- Locate the [ODBC] section.
- Ensure that the IANAAppCodePage=106 entry is present in the section.
- If you do not find this entry, then add it.
- Save and close the file.
Configure your system after installation
After the CA Risk Authentication RESTful API is installed, perform the following configuration tasks:
- Open the following file with a text editor:install_directory/conf/risk-restapi.properties
- Locate the following line:HOST.1=localhost
- Replace localhost with the IP address of your CA Risk Authentication server.For example, if the IP address of your CA Risk Authentication server, 127.0.0.1, then replace localhost with 127.0.0.1. Save and close the file.
- Copy the files listed in the following table to the locations shown:Copy this file...To this location...install_directory/java/lib/arcot-crypto-util.jarjava_install_directory/jre/lib/ext/install_directory/native/win/64/ArcotAccessKeyProvider.dlljava_install_directory/jre/bin/install_directory/java/webapps/risk-restapi.warwebserver_directory/webapps/
- Start your web server.