(Optional) Install the Risk RESTful API on a stand alone system (Linux)

The Risk RESTful APIs can be installed on a system separate from your CA Risk Authentication Server.
aa82test
Installation for Linux
The Risk RESTful APIs can be installed on a system separate from your CA Risk Authentication Server.
Follow these steps:
  1. Log in and navigate to the directory where you untarred the installer.
  2. Verify that you have the permission to run the installer. If not, run the following command:
    chmod a=rx CA-RiskAuthentication-8.2-Linux-Installer.bin
  3. Run the installer by enter the following command and then pressing Enter:
    prompt> sh CA-RiskAuthentication-8.2-Linux-Installer.bin
    If you are executing the installer with root login, then a warning message appears. Enter
    Y
    to continue, or enter
    N
    to quit the installation. If you have exit the installer screen, then run the installer again.
  4. Click Next.
  5. Read the License Agreement and press Enter to go to the next screen of the license text. You may have to press Enter multiple times.
    Enter
    y
    to accept the acceptance of License Agreement and to continue with the installation.
    If you press
    n
    , then a warning message is displayed and the installation is stopped.
    The installer now checks if other CA products exist on the system.
    If the installer detects an existing CA product installation (an existing ARCOT_HOME), then:
    • You are not prompted for an installation directory.
    • You are not prompted for the database and encryption setup. The installer uses the existing database and encryption settings. As a result, you can move to Step 6, though the configuration is disabled. You do not have to perform Step 10 as the screens of it do not get displayed.
  6. Click Next.
  7. Perform one of the following steps for choosing the installation location:
    • Enter the absolute path of the directory where you want to install CA Risk Authentication and press
      Enter
      to continue.
      The installation directory name that you specify
      must not
      contain any spaces. If it does, then some CA Risk Authentication scripts and tools may not function as intended.
    • Press
      Enter
      to accept the default directory that is displayed by the installer.
  8. (Applicable only if you are installing on a system that already has an existing Advanced Authentication product installed)
    Select one of the following options, and press Enter:
    • 1
      : Enter a new path.
    • 2
      : Use the location at which the existing Advanced Authentication product is installed.
  9. Select the Complete installation, and then press Enter.
  10. Enter the number corresponding to your choice of database (
    1.
    MS SQL Server
    2.
    Oracle Database), and press Enter.
    • Microsoft SQL Server
      If you are using a SQL database, verify that the ODBC Driver version you are using is the same as the one mentioned in Preparing for Installation.
    • Oracle Database
      CA Risk Authentication is certified to work with Oracle Real Application Clusters (Oracle RAC). To use Oracle RAC on CA Risk Authentication Installation, select Oracle Database in this step, perform the next step (Step 7), and then perform the steps in Configuring CA Risk Authentication for Oracle RAC (W).
    Based on your database choice the following screens get displayed:
  11. Complete the following information, and press Enter:
    • Microsoft SQL Server:
      • ODBC DSN
        Defines the value by which the installer creates the DSN. CA Risk Authentication Server then uses this DSN to connect to the CA Risk Authentication database. The recommended value to enter is
        arcotdsn
        .
      • Server
        Specifies the host name or IP address of the CA Risk Authentication datastore.
        Default Instance
        Syntax: <server_name>
        Example: demodatabase
        Named Instance
        Syntax: <server_name>\<instance_name>
        Example: demodatabase\instance1
      • User Name
        Specifies the database user name. The user must have the create session and DBA rights.
        Note:
        The User Name for the Primary and Backup DSNs must be different.
      • Password
        Specifies the password associated with the User Name. This password is specified by the database administrator.
      • Database
        Specifies the name of the MS SQL database instance.
      • Port Number
        Specifies the port number at which the database listens to the incoming requests.
        Default Port:
        1433
    • Oracle Server:
      • ODBC DSN
        Specifies the value by which the installer creates the DSN. CA Risk Authentication Server then uses this DSN to connect to the CA Risk Authentication database. The recommended value to enter is
        arcotdsn
        .
      • User Name
        Specifies the database user name for CA Risk Authentication to access the database. This name is specified by the database administrator.
        The user must have the create session and DBA rights.
        Note:
        The User Name for the Primary and Backup DSNs must be different.
      • Password
        Specifies the password associated with the User Name you specified in the previous field. This password is specified by the database administrator.
      • Service ID
        Specifies the Oracle System Identifier (SID) that refers to the instance of the Oracle database running on the server.
      • Port Number
        Specifies the port at which the database listens to the incoming requests..
        Default:
        1521
      • Host Name
        Specifies the host name or IP address of the CA Risk Authentication datastore.
        Syntax: <server_name>
        Example: demodatabase
  12. For backup database access configuration , perform one of the following steps:
    • Type
      n
      to skip the configuration of the secondary DSN, when prompted, and press Enter.
    • Type
      y
      to configure the secondary DSN, when prompted, and press Enter.
  13. Select the encryption mode and enter the information that is used for encryption.
    • Master Key
      Specifies the password for the Master Key which is used to encrypt the data stored in the database.
      Default Value:
      MasterKey
      If you want to change the value of Master Key after the installation, then regenerate securestore.enc with a new Master Key value. See
      Changing Hardware Security Module Information After the Installation
      for more information.
    • Configure HSM
      (Optional) Specifies if you will use a Hardware Security Module (HSM) to encrypt the sensitive data. If you do not select this option, then, by default, the data is encrypted by using the Software Mode.
    • PIN
      Identifies the password to connect to the HSM.
    • Choose Hardware Module
      Specifies one of the following HSMs:
      • 1.
        Luna HSM
      • 2.
        nCipher netHSM
    • HSM Parameters
      Set the following HSM information:
      Shared Library:
      The absolute path to the PKCS#11 shared library corresponding to the HSM.
      For Luna (cryptoki.dll) and for nCipher netHSM (cknfast.dll), specify the absolute path and name of the file.
      Storage Slot Number:
      The HSM slot where the 3DES keys used for encrypting the data are available.
      • For Luna, the default value is 0.
      • For nCipher netHSM, the default value is 1.
      The HSM parameter values are recorded in arcotcommon.ini, which is available in <install_location>\Arcot Systems\conf\. To change these values after installation, edit this file, as discussed in
      Configuration Files and Options
      .
      Click Next.
  14. Review the information in the Pre-Installation Summary screen, and press Enter.
  15. Press Enter to begin Installation. If you would like to change a configuration on any of the previous screens, click Back until you reach the screen. Make the required changes, and press Enter to proceed to continue.
  16. Press
    Enter
    . This may take several minutes, because the installer now does the following tasks:
    • It copies all the components and their related binaries in the installation directory.
    • It stores database settings in the arcotcommon.ini file and the password in the securestore.enc file.
    • It writes to the required INI files.
    • It sets the environment variables such as, JNI_LIBRARY_PATH for Administration Console and ODBC_HOME, ODBCINI, ORACLE_HOME, and ORACLE_LIB_PATH in the arrfenv file.
    • It creates or overwrites, as specified in a previous screen, the Primary DSN and Backup DSN (if selected and configured) by using the selected ODBC driver in the odbc.ini file.
    After the preceding tasks are completed successfully, the Installation
    is complete
    .
  17. Press
    Enter
    to exit the installer.
    You may have to wait for a few minutes (for the installer to clean up temporary files) until the prompt reappears.
  18. Verify that UTF-8 support is enabled. To do so perform the following steps:
    1. Navigate to the
      <install_location>
      /arcot/odbc32v70wf/odbc.ini file.
    2. Locate the [ODBC] section.
    3. Ensure that the IANAAppCodePage=106 entry is present in the section.
    4. If you do not find this entry, then add it.
    5. Save and close the file.
Configure your system after installation
After the CA Risk Authentication RESTful API is installed, perform the following configuration tasks:
  1. Open the following file with a text editor:
     install_directory
    /conf/risk-restapi.properties
  2. Locate the following line:
    HOST.1=localhost
  3. Replace localhost with the IP address of your CA Risk Authentication server. 
    For example, if the IP address of your CA Risk Authentication server, 127.0.0.1, then replace localhost with 127.0.0.1. Save and close the file.
  4. Copy the files listed in the following table to the locations shown:
    Copy this file...
    To this location...
    install_directory
    /java/lib/arcot-crypto-util.jar
    java_install_directory
    /jre/lib/ext/
    install_directory
    /native/win/64/ArcotAccessKeyProvider.dll
    java_install_directory
    /jre/bin/
    install_directory
    /java/webapps/risk-restapi.war   
    webserver_directory
    /webapps/  
  5. Start your web server.