Set Up JBOSS or Tomcat to Work with Federation Web Services

Contents
sm1252sp1
Contents
To use a JBoss or Tomcat Application Server in a
CA Single Sign-On
federated environment, deploy the FWS application on the application server.
The following illustration shows the deployment with JBOSS or Tomcat. On Systems 1 and 4, the Web Agent is installed with the JBOSS or Tomcat Connector for proxy support. SSL is enabled between the proxy and the application server. On Systems 2 and 5, FWS is deployed with the application server by way of the Web Agent Option Pack.
Deploy FWS for JBOSS or Tomcat
Deploy FWS for JBOSS or Tomcat
The process for deploying FWS is as follows:
  1. (UNIX) Source the environment script on UNIX operating environments.
  2. Create an SmHost.conf file.
  3. Create a WebAgent.conf file.
  4. Modify the AffWebServices properties file.
  5. Deploy the FWS WAR file in the application server.
The following sections detail each step in the process.
(UNIX) Source the Environment Script on a UNIX Operating Environments
sm1252sp1
After you install the Web Agent Option Pack on a UNIX system, the installation program creates an environment script (ca-wa-opack-env.sh).
Source the environment script so the library path of the application server points to the location of the Web Agent Option Pack /bin directory.
Source the script by entering the following command at the command line:
. ./ca-wa-opack-env.sh
Setting the correct library path lets the option pack and the web or application server to work together.
After you source the script, the library path is set. The variable name for the library path differs depending on the operating system. Example of several library paths:
  • Solaris/Linux
    LD_LIBRARY_PATH=/
    webagent_option_pack_home
    /bin
  • HP-UX
    SHLIB_PATH=/
    webagent_option_pack_home
    /bin
  • AIX
    LIBPATH=/
    webagent_option_pack_home
    /bin 
The application server startup script can reset the library path. Ensure that the path to the Web Agent Option Pack is the first entry in the path.
The path to the Web Agent Option Pack environment script points to one of the following locations:
  • The installation directory of the web agent option pack. The default location is:
    /webagent_option_pack_home/bin
    .
  • The installation directory of the web agent. 
    If you install the option pack on the same system as the web agent, the script resides in the web agent directory. For any UNIX installation, the default location is
    /web_agent_home/bin
    .
Create an SmHost.conf File
The FWS application requires the SmHost.conf file. However, the Web Agent Option Pack does not install this file, so you must create it.
  1. Create an SmHost.conf file by running smreghost.exe, which is located in the following directory:
    Windows:
    webagent_option_pack\
    bin
    UNIX: /
    webagent_option_pack
    /bin
  2. Put the SmHost.conf file in the following directory on System 2 and System 5:
    Windows:
    webagent_option_pack\
    config
    UNIX: /
    webagent_option_pack
    /config
Create a WebAgent.conf File
The FWS application requires the WebAgent.conf file. However, the Web Agent Option Pack does not install this file, so you must create it.
  1. Copy the WebAgent.conf file from System 1 to the following directory on System 2 and System 5:
    Windows:
    webagent_option_pack\
    config
    UNIX: /
    webagent_option_pack
    /config
    where,
    • webagent_option_pack
      Defines the installed location of the Web Agent Option Pack on System 2 and System 5.
  2. Modify the WebAgent.conf file as follows:
    1. Set the EnableWebAgent parameter to YES.
    2. Modify any other configuration parameters to suit the environment for the FWS application.
    The following sample shows a WebAgent.conf file for the FWS application:
    # WebAgent.conf - configuration file for the Federation Web Services Application
    #agentname="agent_name, IP_address"
    HostConfigFile="/webagent_option_pack_home/config/SmHost.conf"
    AgentConfigObject="agent_config_object_name"
    EnableWebAgent="YES"
Modify the FWS Properties File
sm1252sp1
The AffWebServices.properties file contains all the initialization parameters for Federation Web Services. For deploying FWS, set only the parameter that specifies the location of the WebAgent.conf file.
Follow these steps:
  1. Navigate to the AffWebServices.properties file. Locate this file in the following directory:
    web_agent_optionpack_home
    /affwebservices/WEB-INF/classes
  2. Set the AgentConfigLocation parameter to the location of the WebAgent.conf file at each partner site.
    • Windows example:
      C:\\Program Files\\CA\\webagent_optionpack\\config\\WebAgent.conf
      Federation Web Services is a Java component, so the Windows paths must contain double backslashes.
    • UNIX example:
      web_agent_optionpack_hom
      e/config/WebAgent.conf
    • Windows example for the
      CA Access Gateway
      sps_home
      \\proxy-engine\\conf\\defaultagent\\WebAgent.conf
    • UNIX example for the
      CA Access Gateway
      sps_home
      /proxy-engine/conf/defaultagent/WebAgent.conf
  3. Repeat this procedure for each application server where the Web Agent Option Pack is installed.
  4. Accept the default values for the rest of the settings in the properties file.
Complete JBoss Deployment Prerequisites (Optional)
For JBoss 6.1, there are two prerequisites before you can deploy FWS. The steps are required because the affwebservices war file fails to deploy by default.
To deploy the affwebservices war file:
  1. Update the affwebservices deployment descriptor file.
  2. Create a module.xml file.
If you are not using JBoss 6.1, go to Deploy an FWS WAR File (JBoss or Tomcat).
Update the Affwebservices Deployment Descriptor File
Edit the affwebservices deployment descriptor to add a few <context-param> entries.
Follow these steps:
  1. Open the affwebservices deployment descriptor file (
    webagent_option_pack
    /affwebservices/WEB-INF/web.xml) in a text editor.
  2. Add the following lines after the <web-app> tag and before the <servlet> tag:
    <context-param>
    <param-name>resteasy.scan</param-name>
    <param-value>false</param-value>
    </context-param>
    <context-param>
    <param-name>resteasy.scan.resources</param-name>
    <param-value>false</param-value>
    </context-param>
    <context-param>
    <param-name>resteasy.scan.providers</param-name>
    <param-value>false</param-value>
    </context-param>
  3. Save and exit the text editor.
Create a module.xml File
To deploy the war file, create a directory in the JBoss container, associate the jars files, and create a module.xml file that describes the jar files.
Follow these steps:
  1. Create a directory structure as follows under the <JBOSS-_HOME>\modules location:
    com\rsa\cryptoj\main
  2. Copy the cryptoj.jar, certj.jar, and sslj.jar files from the following location:
    <NETE_WA_ROOT>\affwebservices\WEB-INF\lib\ 
    to
    <JBOSS-HOME>\modules\com\rsa\cryptoj\main\
  3. Create a module.xml file in the following location:
    <JBOSS-HOME>\modules\com\rsa\cryptoj\main
  4. Add the following to the xml file:
    <?xml version="1.0" encoding="UTF-8"?>
    <module xmlns="urn:jboss:module:1.0" name="com.rsa.cryptoj">
        <resources> 
            <resource-root path="cryptoj.jar"/> 
            <resource-root path="certj.jar"/>   
            <resource-root path="sslj.jar"/>    
        </resources>    
        <dependencies>  
            <module name="sun.jdk"/>    
            <module name="javax.api"/>  
        </dependencies> 
    </module>
  5. Restart the JBoss server.
You can deploy the affwebservices war file in the JBoss server.
Deploy the FWS Application on JBoss or Tomcat
Follow these steps:
  1. Open a command window and navigate to the affwebservices directory, which is located in:
     /webagent_option_pack/affwebservices/.
  2. Create a WAR file by entering the command:
    jar cvf affwebservices.war *
    For more information about deploying a Web application, see the documentation for your application server.
  3. Copy the affwebservices.war file to the appropriate server location:
    • JBOSS
      JBOSS_home
      /server/default/deploy/
      JBOSS_home
      is the installed location of the JBOSS application server.
      For JBoss EAP 6.1, use the admin console to deploy the affwebservices.war file.
      For JBOSS, deploy affwebservices in an exploded state. Refer to https://access.redhat.com/knowledge/solutions/34813.
    • Tomcat
      Tomcat_home
      /webapps
      Tomcat_home
      is the installed location of the Tomcat application server.
  4. Restart the application server.
  5. After the server has restarted, access the JBOSS or Tomcat Administrative Console. All the services that affwebservices supports appear on the main Console page.
  6. Test that the FWS application is working by opening a web browser and entering the following URL:
    http://
    fqhn
    :
    port_number
    /affwebservices/assertionretriever
    • fqhn
      Represents the fully qualified host name and
    • port_number
      Specifies the port number of the server where the Federation Web Services application is installed.
    For example:
    http://myhost.ca.com:81/affwebservices/assertionretriever
    If FWS is operating correctly, the following message is displayed:
    Assertion Retrieval Service has been successfully initialized.
    The requested servlet accepts only HTTP POST requests.
    This message indicates that FWS is listening for data activity. The FWS application is now deployed for the application server.
    When FWS is not operating correctly, a message states that the Assertion Retrieval Service has failed. If there is a failure, review the FWS log.
    For more information about enabling trace logging for the FWS application, see Trace Logging.