Install CA SiteMinder® SPS

You can install one or more instances of smsps on the same computer. If the installation is successful, the installer installs the Secure Proxy Configuration Wizard.
sm1252sp1
You can install one or more instances of 
CA Access Gateway
 on the same computer. If the installation is successful, the installer installs the Secure Proxy Configuration Wizard.

 
Verify Prerequisites
Before you install, verify the following prerequisites:
  • CA Access Gateway
    must not be installed on a system where Policy Server is installed.
  • Ensure that Policy Server is running.
  • Open port 7680 between
    CA Access Gateway
     and Policy Server.
  • Ensure that the CA RiskMinder service is running. To check the status, perform the following steps:
    Windows
    1. Open the Task Manager and verify that the arrfserver process is running.
    2. Navigate to 
      policy_server_installation_path
      \aas\logs.
    3. Open the cariskminderstartup.log file and verify that the following line exists at the end of the file:
      CA RiskMinder Service READY
    UNIX
    1. Run the ps command and verify that the arrfserver and arrfwatchdog processes are running.
    2. Navigate to policy_server_installation_path/aas/logs.
    3. Open the cariskminderstartup.log file and verify that the following line exists at the end of the file:
      CA RiskMinder Service READY
  • JCE patches required -- The current Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction patches are required to use the Java cryptographic algorithms. To locate the JCE package for your operating platform, see the Oracle website.
    Apply the patches to the following files on your system:
    • local_policy.jar
    • US_export_policy.jar
    These files are in the following directories:
    Windows:
    jre_home
    \lib\security
    UNIX:
    jre_home
    /lib/security
    jre_home 
    specifies the location of the Java Runtime Environment installation.
On Linux, verify that the following additional prerequisites are met:
  • Ensure that the user used for installing 
    CA Access Gateway
     has write permissions on the /opt directory.
  • The folder where you install 
    CA Access Gateway
     must have sufficient permissions (755).
  • CA Access Gateway
     runs as the 
    nobody
     user on UNIX. If you prefer not to run 
    CA Access Gateway
     as this user, create an alternate user and assign the necessary permissions.
  • Verify that you installed the following packages:
    Note
    : We recommend using YUM to install the required libraries as YUM resolves the dependencies of packages and their versions.
    The following list describes the commands to install the required libraries on the host system:
    RHEL 5.x
    yum install -y  ncurses-libs.i686
    RHEL 6.x
    • yum install -y  ncurses-libs.i686
    • yum install keyutils-libs.i686
  • If you are installing
    CA Access Gateway
    on a RHEL 5.x or 6.x (64-bit) system, verify that you installed the following libraries:
    • yum install -y  libstdc++.i686
    • yum install -y  libexpat.so.0
    • yum install -y libuuid.i686
  • If you are installing
    CA Access Gateway
    on an RHEL 5.5 computer, verify that you installed the Legacy Software Development package on the computer.
  • Increase the source of randomness for the entropy pool. Use one of the following options:
    • (Most secure) Install a 
      hardware entropy generator
       and configure the rngd daemon to populate /dev/random by entering the following command:
      rngd -r /dev/
      device_name
       -o /dev/random -b
      device_name
       is character device in use. The device name varies depending on the hardware random number generator that you are using, for example, /dev/hwrng.
      For more information about the rngd daemon, see the RedHat documentation.
    • (Good security) Configure the rngd daemon to populate /dev/random by entering the following command:
      rngd -r /dev/urandom -o /dev/random -b
      Third-party alternatives to the rngd entropy daemon are also available.
    • (Least secure) Configure a symbolic link between /dev/urandom and /dev/random by entering the following commands:
      mv /dev/random /dev/random.org
      ln -s /dev/urandom /dev/random
Install 
CA Access Gateway
You can install 
CA Access Gateway
 on Windows or UNIX. 
CA Access Gateway
 sets the instance name of the first installation as 
default
. You cannot modify the default value or cannot use the same name for any other instance.
Install on Windows
Follow these steps:
  1. Download the installer from CA Support.
  2. Double-click
    ca-proxy-<
    version
    >-<
    operating_system
    >.exe
    .
  3. Review the prerequisites that are required for proceeding with the installation.
  4. Click Next when you are ready. 
  5. Accept the license agreement and click Next.
  6. Specify the installation location and click Next.
  7. Select the Java binary that is in the bin folder of the JDK installation.
    For example: C:\Program Files\Java\jdk1.8.0_51\bin\java.exe
  8. Click Next.
  9. Review the installation summary and click Install.
  10. Click Done when the installation is complete.
Install on UNIX
Follow these steps:
  1. Download the following installer from CA Support:
    Solaris: ca-proxy-12.5-sol.bin
    Linux: ca-proxy-12.5-rhel30.bin
  2. Execute the following command to initiate the installer:
    Solaris: sh ca-proxy-12.5-sol.bin
    Linux: sh ca-proxy-12.5-rhel30.bin
  3. Review the installation requirements and press Enter to continue.
  4. Follow the screen prompt to read the license agreement.
  5. Type 
    Y
     when prompted to accept the license agreement and press Enter.
  6. Specify the installation location and press Enter.
  7. Type the number corresponding to the Java binary that is in the bin folder of the JDK installation, and press Enter.
  8. Review the install summary and press Enter.
  9. Exit the installer when the installation is complete.
You can check the InstallLog file to verify that the installation is successful.
Default Location
:
sps_home
\install_config_info\CA_SiteMinder_Secure_Proxy_Server_InstallLog
Install Multiple Instances of 
CA Access Gateway
You can install multiple 
CA Access Gateway
 instances on the same computer. Each instance uses a unique instance name and port for communication, and creates a separate directory structure and services. 
Install Multiple Instances on Windows
Follow these steps:
  1. Navigate to the location where you downloaded the installer.
  2. Double-click
    ca-proxy-<
    version
    >-<
    operating_system
    >.exe
    .
  3. Review the installation requirements and click Next. 
  4. Accept the license agreement and click Next.
  5. Choose 
    New instance
     as the install type. 
  6. Review the criteria to name an instance and enter a name for the new instance.
  7. Click Next.
  8. Specify the installation location and click Next.
  9. Select the Java binary that is in the bin folder of the JDK installation. 
    For example: C:\Program Files\Java\jdk1.8.0_51\bin\java.exe
  10. Click Next.
  11. Review the installation summary and click Install.
  12. Click Done when the installation is complete.
  13. (Optional) To install more instances, perform Steps 2-12 on the same computer.
Install Multiple Instances on UNIX
Follow these steps
:
  1. Navigate to the location where you downloaded the installer.
  2. Execute the following command to initiate the installer:
    Solaris: sh ca-proxy-12.5-sol.bin
    Linux: sh ca-proxy-12.5-rhel30.bin
  3. Review the installation requirements and press Enter to continue.
  4. Follow the screen prompt to read the license agreement.
  5. Type 
    Y
     when prompted to accept the license agreement and press Enter.
  6. Type 
    1
     to install a new instance.
  7. Review the criteria to name an instance, enter a name for the new instance, and press Enter.
  8. Specify the installation location and press Enter.
  9. Choose the Java binary that is in the bin folder of the JDK installation. Type the number and press Enter.
  10. Review the install summary and press Enter.
  11. Exit the installer when the installation is complete.
  12. (Optional) To install more instances, perform Steps 2-11 on the same computer.
Proceed with the configuration of each instance.
Reinstall 
CA Access Gateway
 
You can reinstall 
CA Access Gateway
 to troubleshoot configuration issues.
Reinstall on Windows
Follow these steps
:
  1. Navigate to the location where you downloaded the installer.
  2. Double-click
    ca-proxy-version-win64.exe
    .
  3. Review the installation requirements and click Next.
  4. Accept the license agreement and click Next.
  5. Choose 
    View existing instances
     and click Next.
    A list of instances that are installed on the computer is displayed.
  6. Select the instance and click Next.
    CA Access Gateway
     verifies if the selected instance can be reinstalled or upgraded, and displays a message accordingly.
  7. If the selected instance can be reinstalled, click OK.
Reinstall on UNIX
Follow these steps
:
  1. Navigate to the location where you downloaded the installer.
  2. Execute the following command to initiate the installer:
    Solaris: sh ca-proxy-12.6-sol-64.bin
    Linux: sh ca-proxy-12.6-rhas64.bin
  3. Review the installation requirements and press Enter to continue.
  4. Follow the screen prompt to read the license agreement.
  5. Type 
    Y
     when prompted to accept the license agreement and press Enter.
  6. Type 
    2
     and press Enter.
    A list of instances that are installed on the computer is displayed.
  7. Select the instance and click Next.
    CA Access Gateway
     verifies if the selected instance can be reinstalled or upgraded, and displays a message accordingly. 
  8. If the selected instance can be reinstalled, press Enter.
Uninstall 
CA Access Gateway
To uninstall from Windows, perform the following steps:
  1. Open the command prompt and navigate to the root installation directory.
  2. Execute the following command for each instance you want to uninstall:
    ca-sps-uninstall.cmd
To uninstall from UNIX, perform the following steps:
  1. Open a console window and navigate to the root installation directory.
  2. Execute the following command to source the 
    CA Access Gateway
     environment:
    source ca_sps_env.sh
  3. Run the following program:
    ./ca-sps-uninstall.sh
If you have modified any files such as server.conf, the uninstall program does not remove these files or their parent folders automatically. You must delete the files and folders manually.