Upgrade an Oracle iPlanet Agent on UNIX/Linux

Contents
sm1252sp1
HID_UpgradeiPlanetLinux
Contents
2
Ensure LD_PRELOAD Variable Does Not Conflict with Existing Agent
sm1252sp1
If you are upgrading or reinstalling a Web Agent on a Linux system, from the shell, set the LD_PRELOAD variable so that it points to a different location from any existing Web Agent installation directory. For example, if an existing LD_PRELOAD entry is set to:
LD_PRELOAD=
web_agent_home
/bin/libbtunicode.so
Before you reinstall or upgrade, set the variable to:
export LD_PRELOAD=
This entry sets the variable to a blank value.
Run the Installation Wizard to Upgrade your Agent on UNIX/Linux
sm1252sp1
sm1252sp1
The installation program for the
CA Single Sign-On
agent installs the agent on one computer at a time using the UNIX or Linux operating environments. This installation program can be run in wizard or console modes. The wizard and console-based installation program also creates a .properties file for subsequent installations and configurations using the unattended or silent method with the same settings.
For example, suppose the Agents in your environment use the same web server version, installation directory, Agent Configuration Object and Policy Servers. Use the installation wizard or console-based installation program for your first installation. Afterwards, you could create your own script to run the installation program with the .properties file the wizard or console-based installation program created.
Follow these steps:
  1. Copy
    CA Single Sign-On
    agent installation executable file to a temporary directory on your web server.
  2. Log in as a root user.
  3. Do
    one
    of the following steps:
    • For wizard-based installations, run the installation executable file.
    • For console-based installations, open a command-line window and run the executable as shown in the following example:
      executable_file_name.exe -i console
  4. Use the information from your agent Installation worksheet to complete the installation program.
Source the Agent Environment Script After an Upgrade on UNIX/Linux
sm1252sp1
sm1252sp1
The agent installation program creates an environment script,
ca_wa_env.sh
 in the following directory:
 
web_agent_home
/ca_wa_env.sh
 
web_agent_home
indicates the directory where the Agent is installed. The default UNIX/LINUX location for the script is:
opt/ca/webagent
For RHEL 7, include the content of the source script in the directory:
/etc/sysconfig/httpd
The following is a sample of the modified script in the directory /etc/sysconfig/httpd. Strings in 
bold
 are in effect and others are commented out. 
Note the following:
  • Replace any ${
    VARIABLE
    } with the actual value.
  • To determine the values for the variables ${LD_LIBRARY_PATH} and ${PATH}, use the
    env
    command before you add the script contents.
NETE_WA_ROOT=/opt/CA/webagent 
export NETE_WA_ROOT
NETE_WA_PATH=/opt/CA/webagent/bin
 
#NETE_WA_PATH=${NETE_WA_ROOT}/bin
export NETE_WA_PATH
 
CAPKIHOME=/opt/CA/webagent/CAPKI
export CAPKIHOME
LD_LIBRARY_PATH=/opt/CA/webagent/bin:/opt/CA/webagent/bin/thirdparty
#LD_LIBRARY_PATH=${NETE_WA_ROOT}/bin:${NETE_WA_ROOT}/bin/thirdparty:${LD_LIBRARY_PATH} 
export LD_LIBRARY_PATH
PATH=/opt/CA/webagent/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin
 
#PATH=/opt/CA/webagent/bin:${PATH} 
#PATH=${NETE_WA_PATH}:${PATH} 
export PATH
For most Apache-based web servers, source this script
before
doing any of the following tasks:
  • Running the agent configuration program.
  • Starting the web server.
If you perform
all
the previous tasks in the
same
shell, only source the script
once
.
For the embedded Apache web server included with RedHat Linux, do
one
of the following tasks:
  • Source the script
    before
    starting the httpd service.
  • Source the script in the following file instead of starting it manually each time:
    /etc/init.d/htppd
Set the Library Path Variable Before Configuring your Upgraded Agent on UNIX/Linux
sm1252sp1
sm1252sp1
Set the library path variable on UNIX or Linux systems before running the agent configuration program.
The following table lists the library path variables for the various UNIX and Linux operating environments:
Operating System
Name of Library Path Variable
AIX
LIBPATH
Linux
LD_LIBRARY_PATH
Solaris
LD_LIBRARY_PATH
Set the value of the library path variable to the
agent_home
/bin directory.
  • agent_home
    Indicates the directory where the Agent is installed.
Configure your Upgraded Agent on UNIX/Linux
sm1252sp1
After gathering the information for your agent configuration, run the agent configuration program. This program creates an agent runtime instance for the web servers running on your computer.
This configuration program is wizard or console based, depending on the option you select. Running the configuration program in the wizard or console mode once creates a properties file. Use the properties file to run unattended configurations on other computers with same operating environment in the future.
Follow these steps:
  1. Open the following directory on your web server:
    web_agent_home/
    install_config_info
    • web_agent_home
      Indicates the directory where the 
      CA Single Sign-On
       Agent is installed.
      Default
       (UNIX/Linux installations): /opt/ca/webagent
  2. Use 
    one 
    of the following configuration methods:
    • For a GUI-based configuration, go to Step 3.
    • For a console-based configuration, go to Step 5.
  3. Run the following executable file:
    ca-wa-config.bin
  4. Go to Step 8.
  5. Open a Command Prompt window with root privileges.
  6. Navigate to the executable file listed previously, and then run it with the following switch:
    -i console
  7. Go to Step 8.
  8. Follow the prompts shown in the configuration program. Provide the requested values from your agent configuration worksheet.
    The agent runtime instance is created for your web servers.
 
 
Apply Changes to your Upgraded
CA Single Sign-On
Files with the iPlanet Administration Console
The Agent Configuration Wizard modifies the default obj.conf, and mime.types files that the Oracle iPlanet web server uses.
If you are using version 6.1 of a SunOne web server, and you plan to use the Oracle iPlanet Administration console, apply the changes to these files
before
using the console. If you do not apply the changes using the console first, the changes that are made for your
CA Single Sign-On
configuration could be corrupted. If you lose your configuration, run the configuration program again.
The agent adds settings to the obj.conf file of the Oracle iPlanet web server when the Agent is configured to support an advanced authentication scheme.
CA Single Sign-On
does
not
remove these settings later. Edit the obj.conf file manually to remove any obsolete settings.
Follow these steps:
  1. Log in to the Oracle iPlanet Administration Server console.
  2. From the Servers tab, select the web server with the
    CA Single Sign-On
    agent installed and click Manage.
  3. In the right corner of the dialog, click Apply.
    A warning message about loading the modified configuration files appears.
  4. Click Load Configuration Files.
  5. Exit the console.
  6. Restart the web server.
  7. Optimize the Agent for Oracle iPlanet by tuning the shared memory segments.
    The
    CA Single Sign-On
    changes are applied.
Manually Configure any Non-Default Server Instances for your Upgraded
CA Single Sign-On
Agent
The
CA Single Sign-On
Web Agent Configuration wizard only configures the default instance of your Oracle iPlanet web server. To configure a different instance of the Oracle iPlanet web server for
CA Single Sign-On
, manually edit the obj.conf file that is associated with that server instance. Examples of server instances that need manual configuration include:
  • Servers installed in a nondefault directory
  • Servers that you want to configure as a reverse proxy. We recommend configuring the reverse proxy using your Oracle iPlanet interface
    before
    adding the
    CA Single Sign-On
    settings to the obj.conf file.
    The Agent Configuration wizard
    only
    modifies the
    default
    obj.conf file on the Oracle iPlanet (formerly Sun Java System) web server. To protect other instances or reverse proxy deployments with
    CA Single Sign-On
    , copy the
    CA Single Sign-On
    settings from the default obj.conf file to any respective
    instance_name
    -obj.conf files. For example, your web server created an obj.conf file when you installed it, but you later added a server instance named my_server.example.com. To protect resources on my_server.example.com with
    CA Single Sign-On
    , copy the
    CA Single Sign-On
    settings the wizard added from the obj.conf file to the my_server.example.com-obj.conf file.
  • Virtual servers on the same computer
SunOne/Sun Java 7.0 web servers do
not
require these manual configuration steps.
Follow these steps:
  1. Locate the directory of the server instance you want to configure.
  2. Open the obj.conf file with a text editor.
  3. Locate the following line:
    <Object name="default">
  4. Insert a new line below the previous one, and then add the following text:
    AuthTrans fn="SiteMinderAgent"
  5. Locate the following line:
    AuthTrans fn="match-browser" browser="*MSIE*" ssl-unclean-shutdown="true"
  6. Insert a new line below the previous one, and then add the following text:
    NameTrans fn="pfx2dir" from="/siteminderagent/pwcgi" dir="web_agent_home/pw" name="cgi"
    NameTrans fn="pfx2dir" from="/siteminderagent/pw" dir="web_agent_home/pw"
    NameTrans fn="pfx2dir" from="/siteminderagent/jpw" dir="web_agent_home/jpw"
    NameTrans fn="pfx2dir" from="/siteminderagent/redirectjsp" dir="web_agent_home/affwebservices/redirectjsp"
    NameTrans fn="pfx2dir" from="/siteminderagent/certoptional" dir="web_agent_home/samples"
    NameTrans fn="pfx2dir" from="/siteminderagent" dir="web_agent_home/samples"
    NameTrans fn="pfx2dir" from="/siteminderagent/pwservlet" dir=web_agent_home/jpw"
  7. web_agent_home
    Indicates the directory where the
    CA Single Sign-On
    agent is installed on your web server.
    Default
    (Windows 32-bit installations only): C:\Program Files\CA\webagent
    Default
    (Windows 64-bit installations only): C:\Program Files\CA\webagent\win64
    Default
    (Windows 32-bit applications operating on 64-bit systems [Wow64]): C:\Program Files (x86)\webagent\win32
  8. Locate the following line:
    NameTrans fn="ntrans-j2ee" name="j2ee"
  9. Insert a new line below the previous one, and then add the following text:
    PathCheck fn="SmRequireAuth"
  10. Remove the following line:
    NameTrans fn="pfx2dir" from="/mc-icons" dir="C:/Program Files/Sun/WebServer7.0/lib/icons" name="es-internal"
  11. Locate the following line:
    ObjectType fn="force-type" type="text/plain"
  12. Insert a new line below the previous one, and then add the following text:
    Service method="(GET|POST)" fn="SmAdvancedAuth"
  13. Save the obj.conf file.
    The Oracle iPlanet web server is manually configured.