How to Prepare the Application Server for CA Strong Authentication
aa9
aa9
Admin Console and User Data Service (UDS) are web-based and run on application servers. To provide database access and connectivity, perform the following steps:
3
Set Java Home
Verify that you set the JAVA_HOME environment variable. For Apache Tomcat, set JAVA_HOME to the Java home directory corresponding to the JDK that you are using. Include the $JAVA_HOME/bin directory in the PATH environment variable.
Copy the Database Access Files
Admin Console and UDS use the following files to access the database securely:
- libArcotAccessKeyProvider.so (Linux) or ArcotAccessKeyProvider.dll (Windows)ARCOT_HOME/native/<platform name>/<64bit>/
- arcot-crypto-util.jar available at ARCOT_HOME/java/lib/
Copy the files to <
JAVA_HOME used by Application Server
>/jre/binFor Apache Tomcat
- Copy the libArcotAccessKeyProvider.so (Linux) or ArcotAccessKeyProvider.dll (Windows) file to the following directory:
- For RHEL: <JAVA_HOME used by Apache Tomcat>/jre/bin
- Copy the arcot-crypto-util.jar file to the following directory: <JAVA_HOME used by Apache Tomcat>/jre/lib/ext
- Set and export the LD_LIBRARY_PATH to the directory where the Key Provider file is copied.
- (For Linux) Type source arwfenv and pressEnterto set the $ARCOT_HOME environment variable.
- Restart the application server.An application server restart is required as part of some of the remaining installation tasks. Restart the server once after performing the last task that requires a restart.
For IBM WebSphere
- Log in to IBM WebSphere Administration Console.
- ClickEnvironment,and then clickShared Libraries.
- From theScopedrop-down, select a valid visibility scope. The scope must include the target server/node on which the application is deployed.
- ClickNew.
- Enter theName, for example,ArcotJNI.
- Specify theClasspath. This path must point to the location where the arcot-crypto-util.jar file is present and must also include the file name.For example, ARCOT_HOME/java/lib/arcot-crypto-util.jar
- Enter the JNI library path. This path must point to the location where the libArcotAccessKeyProvider.so (Linux) or ArcotAccessKeyProvider.dll (Windows) file is present.For example, ARCOT_HOME/java/native/linux/<64bit>
- ClickApply.
- Configure server-level class loaders.
- Navigate to Servers, Server Types, WebSphere Application Servers.
- UnderApplication Servers, access the settings page of the server for which the configuration has been performed.
- ClickJava and Process Management, and then clickClass Loader.
- ClickNew. Select defaultClasses loaded with parent class loader firstand clickOK.
- Click the auto-generatedClass Loader ID.
- In the class loaderConfigurationpage, clickShared Library References.
- ClickAdd, select the shared library that you created earlier in this procedure (for example, ArcotJNI), and then clickApply.
- Save the changes.
- Copy libArcotAccessKeyProvider.so file to the following directory:
- For RHEL: <JAVA_HOME used by IBM WebSphere>/jre/bin
- (For Linux) Type source arwfenv and pressEnterto set the $ARCOT_HOME environment variable.
- Restart the application server.An application server restart is required as part of some of the remaining installation tasks. Restart the server once after performing the last task that requires a restart.
For Oracle WebLogic
- Copy libArcotAccessKeyProvider.so (Linux) or ArcotAccessKeyProvider.dll (Windows) to the following directory:
- For RHEL: <JAVA_HOME used by Oracle WebLogic instance>/jre/bin
- Set and export the LD_LIBRARY_PATH to the directory where the Key Provider file is copied.
- Copy arcot-crypto-util.jar to the <JAVA_HOME used by Oracle WebLogic instance>/jre/lib/ext directory.
- Log in to WebLogic Administration Console.
- Navigate toDeployments.
- Enable theLock and Editoption.
- ClickInstalland navigate to the directory that contains the arcot-crypto-util.jar file.When the following error appears while deploying applications(Arcotadmin, ArcotUDS and Sample Applications) in WebLogic 12cR1, copy the <ARCOT_HOME>/java/lib/bcprov-jdk15on-1.52.jar to <JAVA_HOME>/jre/lib/ext directory. This JAVA_HOME should be the same as the one configured with weblogic 12cR1.Error: "java.lang.NoSuchMethodError: org.bouncycastle.asn1.DERSequence.<init>(Lorg/bouncycastle/asn1/ASN1EncodableVector;)V"
- ClickNext.The Application Installation Assistant screen appears.
- ClickNext.The Summary page appears.
- ClickFinish.
- Activate the changes.
- (For Linux) Type source arwfenv and pressEnterto set the $ARCOT_HOME environment variable.
- Restart the application server.An application server restart is required as part of some of the remaining installation tasks. Restart the server once after performing the last task that requires a restart.
For JBoss
- Copy ArcotAccessKeyProvider.dll to <JBoss_JAVA_HOME>\jre\bin\.<JBoss_JAVA_HOME> representsthe JAVA_HOME used by your JBoss Application Server instance.
- Copy the following files to <JBOSS_HOME>\modules\advauth-admin-libs\main:arcot-crypto-util.jarbcprov-jdk15on-1.52.jar
- Create a file with the name module.xml in the same folder location (<JBOSS_HOME>\modules\advauth-admin-libs\main) with the following codes:<?xml version="1.0" encoding="UTF-8"?> <module xmlns="urn:jboss:module:1.1" name="advauth-admin-libs"> <resources> <resource-root path="arcot-crypto-util.jar"/> <resource-root path="bcprov-jdk15on-1.52.jar"/> </resources> <dependencies> <module name="javax.api"/> </dependencies> </module>
- Create a folder structure as <JBOSS_HOME>\modules\advauth-jdbc-driver\main\ and copy JDBC Jar file in this folder location.
- Create a file in with the name module.xml at the following location: <JBOSS_HOME>\modules\advauth-jdbc-driver\main\
- Add the following codes to the file:<?xml version="1.0" encoding="UTF-8"?> <module xmlns="urn:jboss:module:1.1" name="advauth-jdbc-driver"> <resources> <resource-root path="<JDBC Jar Name>"/> </resources> <dependencies> <module name="javax.api"/> <module name="javax.transaction.api"/> </dependencies> </module>
- Edit the tag ‘<JDBC Jar Name>’ with JDBC Jar file name. For example, sqljdbc.jar
- (For Linux) Type source arwfenv and pressEnterto set the $ARCOT_HOME environment variable.
- Restart the application server.
Copy JDBC JARs to the Application Server
The Admin Console, UDS, and Sample Application, are the Java-dependent components that use JDBC JAR files to connect to the database. Copy these files to the application server.
Before proceeding with the steps mentioned in the following sections, verify that you have downloaded the JDBC JAR file.
Copy JDBC JARs to Apache Tomcat
- Navigate to the location where you have downloaded the JDBC JAR file.
- Copy the JDBC JAR file and paste it in the following directory:
- For Tomcat:<TOMCAT-HOME>\lib
Classpathenvironment variable. - Restart Apache Tomcat.
Copy JDBC JARs to IBM WebSphere
- Log in to IBM WebSphere Administration Console.
- ClickEnvironment,and then clickShared Libraries.
- From theScopedrop-down, select a valid visibility scope. The scope must include the target server/node on which the application is deployed.
- ClickNew.
- Enter theName, for example,JDBCJAR.
- Specify theClasspath. This path points to the location of the JDBC JAR file and includes the file name.
- ClickApply.
- Configure server-level class loaders.Create a class loader or use the one that you created while performing the procedure described in Step 2: Copying Database Access Files to Your Application Server.
- Restart IBM WebSphere.
Copy JDBC JARs to Oracle WebLogic
For Oracle Databases,
skip
this section. Oracle WebLogic Server supports Oracle Databases by default.- Copy the JDBC JAR file to the following directory:<JAVA_HOME used by Oracle WebLogic instance>/jre/lib/ext
- Log in to WebLogic Administration Console.
- Navigate toDeployments.
- Enable theLock and Editoption.
- ClickInstalland navigate to the directory that contains the JDBC JAR file.
- ClickNext.The Application Installation Assistant screen appears.
- ClickNext.The Summary page appears.
- ClickFinish.
- Activate the changes.
- Restart the Oracle WebLogic server.
Copy JDBC JARs to JBoss
- Copy ArcotAccessKeyProvider.dll to <JBoss_JAVA_HOME>\jre\bin\.Here, <JBoss_JAVA_HOME> representsthe JAVA_HOME used by your JBoss Application Server instance.
- Create a file with the namemodule.xmlin the same folder location(<JBOSS_HOME>\modules\advauth-admin-libs\main) with the following codes:<?xml version="1.0" encoding="UTF-8"?> <module xmlns="urn:jboss:module:1.1" name="advauth-admin-libs"> <resources> <resource-root path="arcot-crypto-util.jar"/> <resource-root path="bcprov-jdk15on-1.52.jar"/> </resources> <dependencies> <module name="javax.api"/> </dependencies> </module>
- Create a folder structure as <JBOSS_HOME>\modules\advauth-jdbc-driver\main\ and copy JDBC Jar file in this folder location.
- Create a file in with the name module.xml at the following location: <JBOSS_HOME>\modules\advauth-jdbc-driver\main\
- Add the following codes to the file:<?xml version="1.0" encoding="UTF-8"?> <module xmlns="urn:jboss:module:1.1" name="advauth-jdbc-driver"> <resources> <resource-root path="<JDBC Jar Name>"/> </resources> <dependencies> <module name="javax.api"/> <module name="javax.transaction.api"/> </dependencies> </module>
- Edit the tag ‘<JDBC Jar Name>’ with JDBC Jar file name. For example, sqljdbc.jar
- Restart the application server.