docmain.css" /> Installation Variations - Management and Security Server Installation Guide

3.3 Installation Variations

3.3.1 Installing on UNIX with no JRE

Use this option if your UNIX platform (such as z/OS, z Linux, Mac, HP-UX, and other Linux systems) requires a version of a Java Runtime Environment (JRE) other than the one provided by the installer.

No JRE is installed with this installer.

  1. Look in your download location for an installer with nojre in the filename. For example:

    mss-12.5.<nnn>-prod-unix-nojre.sh, where <nnn> is the build number.

  2. Proceed with the installation, using your existing JRE.

    Note: Your JRE must be Java version 8.

  3. Be sure that the JCE Unlimited Strength Jurisdiction Policy Files are applied, and apply them each time you upgrade your JRE.

NOTE:If you plan to use Replication, be sure to see the Caution in the Master Server Role help. You may need to edit a file.

3.3.2 Servlet Runner Launcher JVM Options

If you need additional customization when you start the servlet runner, you can adjust the JVM options. To do so, edit container.conf in the server\conf directory.

For example, C:\Program Files\Micro Focus\MSS\server\conf

3.3.3 Servlet runner other than Apache Tomcat

If you use a servlet runner other than the default Tomcat servlet runner, such as IBM WebSphere, you must manually install the Management and Security Server components. For details, see Manual Installation.

Configure Management and Security Server as a web application, following the instructions provided by your servlet runner

3.3.4 Integrating SiteMinder with MSS

When you integrate SiteMinder with Management and Security Server (MSS), you can leverage SiteMinder’s single sign-on capabilities to authenticate your users. You can also configure additional authorization in MSS to restrict access to sessions.

Follow these steps to integrate MSS and SiteMinder.

  1. Install or enable IIS v7 or higher.

    IIS must be installed on the same machine where MSS is installed. Refer to your Windows help documentation for instructions on how to install or enable IIS.

  2. Install a SiteMinder Web Agent.

    Install a SiteMinder Web Agent on the same machine as the MSS server. The Web Agent can be configured to provide security for IIS. Refer to the SiteMinder documentation for detailed information about Web Agent installation and configuration.

  3. Install MSS and integrate with IIS.

    When you install or upgrade Management and Security Server, the MSS automated installer detects whether IIS is installed on your machine and offers to integrate it. Select the option to integrate Management and Security Server with IIS.

    If you used a manual installation, run the IIS integration utility (in \MSS\utilities\bin) before configuring access control for SiteMinder.

  4. Add the SiteMinder libraries to MSS.

    SiteMinder provides two different Agent libraries that are compatible with MSS. Choose one to add to your MSS installation:

    • Java JNI Agent. This option is composed of a JAR file and several native modules, which are available on a Web Agent installation.

      Copy the file from the SiteMinder Web Agent installation to the MSS Server installation:

      Copy: <Web Agent dir>\java\smjavaagentapi.jar

      To: <MSS install dir>\server\services\shared\lib

      Make sure that the SiteMinder Web Agent bin directory is findable through the PATH variable for the Operating System.

    • Pure Java Agent. This option is composed only of JAR files, which are available on the SiteMinder SDK.

      Copy the JAR files from the SiteMinder SDK to the MSS Server installation:

      Copy these files:

      <SDK dir>\java[64]\smagentapi.jar

      <SDK dir>\java\crypto.jar

      To: <MSS install dir>\server\services\shared\lib

    Restart the MSS server.

  5. Configure SiteMinder.

    You must create a new security realm for MSS content. Add or edit a rule for the realm so that the effective resource is accessible to clients.

    MSS: <agent name>/mss*

    SiteMinder users must be authorized for GET and POST actions against the resource.

  6. Configure a path to SiteMinder libraries in MSS.

    By default, the path value in MSS for the native SiteMinder Web Agent libraries resolves to: C:\Program Files\CA\webagent\win64\bin.

    If the path value for the SiteMinder libraries is different for your system, then update this value in the property named wrapper.java.library.path.2 located in MSS\server\conf\container.conf.

    When updating this value, note that the path separator character is a forward slash (/), such as wrapper.java.library.path.2=C:/Program Files/CA/webagent/win64/bin

    After the value is modified, restart the MSS server for the changes to take effect.

  7. Configure SiteMinder Authentication in MSS.

    In the MSS Administrative Console, open Configure Settings - Authentication & Authorization.

    Select SiteMinder and click Help for details.

    NOTE:If the SiteMinder option is disabled with the message, “See Help to enable,” then the SiteMinder Java Agent library has not been detected in the classpath for the MSS Server.

    To resolve: Be sure to complete step 4: Add the SiteMinder libraries to MSS.

Troubleshooting SiteMinder

Error: Failed to initialize SiteMinder libraries

If you see this error message while configuring authentication, there may be a version conflict between SiteMinder binaries.

To resolve this issue:

  1. Locate the file, smjavaagentapi.jar, in your SiteMinder Web Agent installation.

  2. Copy the jar file to the web application’s lib directory.

    The location can vary based on product and version. For MSS 12.4 and higher, the path is <installation directory>\server\services\shared\lib

    In earlier versions, look for \webapps\mss\WEB-INF\lib.

  3. Restart the MSS server.

Note: Reflection for the Web users must first authenticate using SiteMinder before they can access sessions. The SiteMinder Web Agent downloads a cookie to each user’s browser memeory, which authenticates them only for that browser session.

3.3.5 Using the automated installer in console mode

If preferred, you can run the installation tool in console mode for non-Windows systems. Console mode enables you to use a command line for input and output rather than a graphical user interface (such as X Windows).

All screens present their information on the console and allow you to enter the same information as in the automated installer. This option is useful if you want to run the automated installer on a headless or remote server.

To use Console Mode: Run the automated installer executable for your platform with a -c parameter.

You can also run the Initial Configuration Utility and the Configuration Upgrade Utility in console mode.

3.3.6 Unattended installation

Management and Security Server installation is based on install4j technology, which supports unattended mode. Unattended installation enables you to install the product the same way on a series of computers.

NOTE:The Configuration Utilities do not support an unattended mode. These utilities run with a graphical user interface (or in an attended console mode). For more information, see Appendix A. Configuration Utilities, which are optional for many upgrade scenarios.

To use unattended installation:

  1. Install Management and Security Server on a machine using the automated installer. You can use the graphical interface or console mode (-c) to install the product.

    The installation process creates a text file, response.varfile, that contains the selected installation options. The file is located in [MssServerInstall]\.install4j\response.varfile

  2. Copy response.varfile to another machine where you would like to install Management and Security Server.

  3. Locate the appropriate executable (listed in Step 1: Run the automated installer) to install the product. Launch the installation program using the -q argument and a -varfile argument that specifies the location of response.varfile.

For example, to install Management and Security Server on a 64-bit Linux platform with a response.varfile located in the same directory, use this command, where <12.5.0.nnn> is the product version and build number:

mss-<12.5.0.nnn>-prod-linuxx64.sh  –q –varfile response.varfile

You could also add the –c option to install in console mode, which would provide feedback such as "Extracting Files" and "Finishing Installation."

3.3.7 Manual installation

If you are unable to use an automated installer, see the Manual Installation section.