How to Prepare the Application Server for CA Strong Authentication

aa9
aa9
Admin Console and User Data Service (UDS) are web-based and run on application servers. To provide database access and connectivity, perform the following steps:
 
 
3
 
 
Set Java Home
Verify that you set the JAVA_HOME environment variable. For Apache Tomcat, set JAVA_HOME to the Java home directory corresponding to the JDK that you are using. Include the $JAVA_HOME/bin directory in the PATH environment variable.
Copy the Database Access Files 
Admin Console and UDS use the following files to access the database securely:
  • libArcotAccessKeyProvider.so (Linux) or ArcotAccessKeyProvider.dll (Windows)
    ARCOT_HOME/native/<platform name>/<64bit>/
  • arcot-crypto-util.jar available at ARCOT_HOME/java/lib/ 
Copy the files to <
JAVA_HOME used by Application Server
>/jre/bin
For Apache Tomcat
  1. Copy the  libArcotAccessKeyProvider.so (Linux) or ArcotAccessKeyProvider.dll (Windows) file to the following directory:
    •  
      For RHEL
      : <
      JAVA_HOME used by Apache Tomcat
      >/jre/bin
  2. Copy the arcot-crypto-util.jar file to the following directory: <
    JAVA_HOME used by Apache Tomcat
    >/jre/lib/ext
  3. Set and export the LD_LIBRARY_PATH to the directory where the Key Provider file is copied.
  4. (For Linux) Type source arwfenv and press 
    Enter 
    to set the $ARCOT_HOME environment variable.
  5. Restart the application server.
     An application server restart is required as part of some of the remaining installation tasks. Restart the server once after performing the last task that requires a restart.
For IBM WebSphere
  1. Log in to IBM WebSphere Administration Console.
  2. Click 
    Environment,
     and then click 
    Shared Libraries
    .
    1. From the 
      Scope
       drop-down, select a valid visibility scope. The scope must include the target server/node on which the application is deployed.
    2. Click 
      New
      .
    3. Enter the 
      Name
      , for example, 
      ArcotJNI
      .
    4. Specify the 
      Classpath
      . This path must point to the location where the arcot-crypto-util.jar file is present and must also include the file name.
      For example, ARCOT_HOME/java/lib/arcot-crypto-util.jar
    5. Enter the JNI library path. This path must point to the location where the libArcotAccessKeyProvider.so (Linux) or ArcotAccessKeyProvider.dll (Windows) file is present.
      For example, ARCOT_HOME/java/native/linux/
      <64bit>
       
    6. Click 
      Apply
      .
  3. Configure server-level class loaders.
    1. Navigate to Servers, Server Types, WebSphere Application Servers
      .
       
    2. Under 
      Application Servers
      , access the settings page of the server for which the configuration has been performed.
    3. Click 
      Java and Process Management
      , and then click 
      Class Loader
      .
    4. Click 
      New
      . Select default 
      Classes loaded with parent class loader first
       and click 
      OK.
       
    5. Click the auto-generated 
      Class Loader ID
      .
    6. In the class loader 
      Configuration
       page, click 
      Shared Library References
      .
    7. Click 
      Add
      , select the shared library that you created earlier in this procedure (for example, ArcotJNI), and then click 
      Apply
      .
    8. Save the changes.
  4. Copy libArcotAccessKeyProvider.so file to the following directory:
    •  
      For RHEL
      : <
      JAVA_HOME used by IBM WebSphere
      >/jre/bin
  5. (For Linux) Type source arwfenv and press 
    Enter 
    to set the $ARCOT_HOME environment variable.
  6. Restart the application server.
     An application server restart is required as part of some of the remaining installation tasks. Restart the server once after performing the last task that requires a restart.
For Oracle WebLogic
  1. Copy libArcotAccessKeyProvider.so (Linux) or ArcotAccessKeyProvider.dll (Windows) to the following directory:
    •  
      For RHEL
      : <
      JAVA_HOME used by Oracle WebLogic instance
      >/jre/bin
  2. Set and export the LD_LIBRARY_PATH to the directory where the Key Provider file is copied.
  3. Copy arcot-crypto-util.jar to the <
    JAVA_HOME used by Oracle WebLogic instance
    >/jre/lib/ext directory.
  4. Log in to WebLogic Administration Console.
  5. Navigate to 
    Deployments
    .
  6. Enable the 
    Lock and Edit
     option.
  7. Click 
    Install
     and navigate to the directory that contains the arcot-crypto-util.jar file.
    When the following error appears while deploying applications(Arcotadmin, ArcotUDS and Sample Applications) in WebLogic 12cR1, copy the <ARCOT_HOME>/java/lib/bcprov-jdk15on-1.52.jar to <JAVA_HOME>/jre/lib/ext directory. This JAVA_HOME should be the same as the one configured with weblogic 12cR1.
    Error: "
    java.lang.NoSuchMethodError: org.bouncycastle.asn1.DERSequence.<init>(Lorg/bouncycastle/asn1/ASN1EncodableVector;)V
    "
  8. Click 
    Next
    .
    The Application Installation Assistant screen appears.
  9. Click 
    Next
    .
    The Summary page appears.
  10. Click 
    Finish
    .
  11. Activate the changes.
  12. (For Linux) Type source arwfenv and press 
    Enter 
    to set the $ARCOT_HOME environment variable.
  13. Restart the application server.
     An application server restart is required as part of some of the remaining installation tasks. Restart the server once after performing the last task that requires a restart.
For JBoss
  1. Copy ArcotAccessKeyProvider.dll to <JBoss_JAVA_H
    OME>\jre\bin\.
    <JBoss_JAVA_HO
    ME> represents 
    the JAVA_HOME us
    e
    d by your JBoss Application Server instance.
  2. Copy the following files to <JBOSS_HOME>\modules\advauth-admin-libs\main:
    arcot-crypto-util.jar
    bcprov-jdk15on-1.52.jar
  3. Create a file with the name module.xml in the same folder location (<JBOSS_HOME>\modules\advauth-admin-libs\main) with the following codes:
    <?xml version="1.0" encoding="UTF-8"?> <module xmlns="urn:jboss:module:1.1" name="advauth-admin-libs"> <resources> <resource-root path="arcot-crypto-util.jar"/> <resource-root path="bcprov-jdk15on-1.52.jar"/> </resources> <dependencies> <module name="javax.api"/> </dependencies> </module>
  4. Create a folder structure as <JBOSS_HOME>\modules\advauth-jdbc-driver\main\ and copy JDBC Jar file in this folder location.
  5. Create a file in with the name module.xml at the following location: <JBOSS_HOME>\modules\advauth-jdbc-driver\main\
  6. Add the following codes to the file:
    <?xml version="1.0" encoding="UTF-8"?> <module xmlns="urn:jboss:module:1.1" name="advauth-jdbc-driver"> <resources> <resource-root path="<JDBC Jar Name>"/> </resources> <dependencies> <module name="javax.api"/> <module name="javax.transaction.api"/> </dependencies> </module>
  7. Edit the tag ‘<JDBC Jar Name>’ with JDBC Jar file name. For example, sqljdbc.jar
  8. (For Linux) Type source arwfenv and press 
    Enter 
    to set the $ARCOT_HOME environment variable.
  9. Restart the application server.
Copy JDBC JARs to the Application Server
The Admin Console, UDS, and Sample Application, are the Java-dependent components that use JDBC JAR files to connect to the database. Copy these files to the application server.
Before proceeding with the steps mentioned in the following sections, verify that you have downloaded the JDBC JAR file.
Copy JDBC JARs to Apache Tomcat
  1. Navigate to the location where you have downloaded the JDBC JAR file.
  2. Copy the JDBC JAR file and paste it in the following directory:
    •  
      For Tomcat 
      <TOMCAT-HOME>\
      lib
    Alternatively, add the path that contains the JDBC JAR file to the 
    Classpath
     environment variable.
  3. Restart Apache Tomcat.
Copy JDBC JARs to IBM WebSphere
  1. Log in to IBM WebSphere Administration Console.
  2. Click 
    Environment,
     and then click 
    Shared Libraries
    .
    1. From the 
      Scope
       drop-down, select a valid visibility scope. The scope must include the target server/node on which the application is deployed.
    2. Click 
      New
      .
    3. Enter the 
      Name
      , for example, 
      JDBCJAR
      .
    4. Specify the 
      Classpath
      . This path points to the location of the JDBC JAR file and includes the file name.
    5. Click 
      Apply
      .
  3. Configure server-level class loaders.
     Create a class loader or use the one that you created while performing the procedure described in Step 2: Copying Database Access Files to Your Application Server.
  4. Restart IBM WebSphere.
Copy JDBC JARs to Oracle WebLogic 
For Oracle Databases, 
skip 
this section. Oracle WebLogic Server supports Oracle Databases by default.
  1. Copy the JDBC JAR file to the following directory:
    <
    JAVA_HOME used by Oracle WebLogic instance
    >/jre/lib/ext
  2. Log in to WebLogic Administration Console.
  3. Navigate to 
    Deployments
    .
  4. Enable the 
    Lock and Edit
     option.
  5. Click 
    Install
     and navigate to the directory that contains the JDBC JAR file.
  6. Click 
    Next
    .
    The Application Installation Assistant screen appears.
  7. Click 
    Next
    .
    The Summary page appears.
  8. Click 
    Finish
    .
  9. Activate the changes.
  10. Restart the Oracle WebLogic server.
Copy JDBC JARs to JBoss
  1. Copy ArcotAccessKeyProvider.dll to <JBoss_JAVA_H
    OME>\jre\bin\.
    Here, <JBoss_JAVA_HO
    ME> represents 
    the JAVA_HOME us
    e
    d by your JBoss Application Server instance.
  2. Create a file with the name 
    module.xml
     in the same folder location 
    (<JBOSS_HOME>\modules\advauth-admin-libs\main
    ) with the following codes:
    <?xml version="1.0" encoding="UTF-8"?> <module xmlns="urn:jboss:module:1.1" name="advauth-admin-libs"> <resources> <resource-root path="arcot-crypto-util.jar"/> <resource-root path="bcprov-jdk15on-1.52.jar"/> </resources> <dependencies> <module name="javax.api"/> </dependencies> </module>
  3. Create a folder structure as <JBOSS_HOME>\modules\advauth-jdbc-driver\main\ and copy JDBC Jar file in this folder location.
  4. Create a file in with the name module.xml at the following location: <JBOSS_HOME>\modules\advauth-jdbc-driver\main\
  5. Add the following codes to the file:
    <?xml version="1.0" encoding="UTF-8"?> <module xmlns="urn:jboss:module:1.1" name="advauth-jdbc-driver"> <resources> <resource-root path="<JDBC Jar Name>"/> </resources> <dependencies> <module name="javax.api"/> <module name="javax.transaction.api"/> </dependencies> </module>
  6. Edit the tag ‘<JDBC Jar Name>’ with JDBC Jar file name. For example, sqljdbc.jar
  7. Restart the application server.