Installation Variations
If the automated installation approach needs to be modified for your system, consider these variations:
Installing on Unix with no JRE
Use this option if your Unix platform (such as z/OS, z Linux, Mac, HP-UX, and other Linux systems) requires a version of a Java Runtime Environment (JRE) other than the one provided by the installer.
No JRE is installed with this installer.
-
Look in your download location for an installer with nojre in the filename. For example:
mss-12.8.<u>.<nnn>-prod-unix-nojre.sh
, where<u>
is the update number and<nnn>
is the build number. -
Proceed with the installation, using your existing JRE.
Note: Your JRE must be Java version 8.
-
Be sure that the JCE Unlimited Strength Jurisdiction Policy Files are applied, and apply them each time you upgrade your JRE.
Integrating SiteMinder with MSS
When you integrate SiteMinder with Management and Security Server (MSS), you can leverage SiteMinder’s single sign-on capabilities to authenticate your users. You can also configure additional authorization in MSS to restrict access to sessions.
Follow these steps to integrate MSS and SiteMinder.
-
Install or enable IIS v7 or higher.
IIS must be installed on the same machine where MSS is installed. Refer to your Windows help documentation for instructions on how to install or enable IIS.
-
Install a SiteMinder Web Agent.
Install a SiteMinder Web Agent on the same machine as the MSS server. The Web Agent can be configured to provide security for IIS. Refer to the SiteMinder documentation for detailed information about Web Agent installation and configuration.
-
Install MSS and integrate with IIS.
When you install or upgrade Management and Security Server, the MSS automated installer detects whether IIS is installed on your machine and offers to integrate it. Select the option to integrate Management and Security Server with IIS.
-
Add the SiteMinder libraries to MSS.
SiteMinder provides two different Agent libraries that are compatible with MSS. Choose one to add to your MSS installation:
-
Java JNI Agent. This option is composed of a JAR file and several native modules, which are available on a Web Agent installation.
Copy the file from the SiteMinder Web Agent installation to the MSS Server installation:
Copy:
<Web Agent dir>\java\smjavaagentapi.jar
To:
<MSS install dir>\server\services\shared\lib
Make sure that the SiteMinder Web Agent bin directory is findable through the PATH variable for the Operating System.
-
Pure Java Agent. This option is composed only of JAR files, which are available on the SiteMinder SDK.
Copy the JAR files from the SiteMinder SDK to the MSS Server installation:
<SDK dir>\java[64]\smagentapi.jar
<SDK dir>\java\crypto.jar
To:
<MSS install dir>\server\services\shared\lib
Restart the MSS server.
-
-
Configure SiteMinder.
You must create a new security realm for MSS content. Add or edit a rule for the realm so that the effective resource is accessible to clients:
MSS:
<agent name>/mss*
SiteMinder users must be authorized for
GET
andPOST
actions against the resource. -
Configure a path to SiteMinder libraries in MSS.
By default, the path value in MSS for the native SiteMinder Web Agent libraries resolves to:
C:\Program Files\CA\webagent\win64\binI
If the path value for the SiteMinder libraries is different for your system, then update this value in the property named wrapper.java.library.path.2 located in
MSS\server\conf\container.conf.
When updating this value, note that the path separator character is a forward slash
(/)
, such aswrapper.java.library.path.2=C:/Program Files/CA/webagent/win64/bin
After the value is modified, restart the MSS server for the changes to take effect.
-
Configure SiteMinder Authentication in MSS.
In the MSS Administrative Console, open Configure Settings - Authentication & Authorization.
Select SiteMinder and click Help for details.
Note
If the SiteMinder option is disabled with the message to “See Help to enable,” then the SiteMinder Java Agent library has not been detected in the classpath for the MSS Server. To resolve: Be sure to complete step 4: Add the SiteMinder libraries to MSS (above).
Troubleshooting SiteMinder
-
Error: Failed to initialize SiteMinder libraries
If you see this error message while configuring authentication, there may be a version conflict between SiteMinder binaries.
To resolve this issue:
-
Locate the file, smjavaagentapi.jar, in your SiteMinder Web Agent installation.
-
Copy the jar file to the web application’s lib directory.
The location can vary based on product and version. For MSS 12.4 and higher, the path is
<installation directory>\server\services\shared\lib
In earlier versions, look for
\webapps\mss\WEB-INF\lib
. -
Restart the MSS server.
-
-
Error: “CA SiteMinder authentication required”
When using SiteMinder with Host Access for the Cloud, SiteMinder does not recognize successful CA authentication and displays the error.
To resolve this issue:
-
Open Windows Services > Micro Focus MSS Server.
-
On the Log On tab, check the box to Allow service to interact with desktop.
When Allow service to interact with desktop is enabled, the PATH environment variable is available to the MSS service. When disabled, the PATH environment variable is empty, and the dependent jar files cannot be found.
-
-
Reflection for the Web users must first authenticate using SiteMinder before they can access sessions. The SiteMinder Web Agent downloads a cookie to each user’s browser memory, which authenticates them only for that browser session
Using the automated installer in console mode
If preferred, you can run the installation tool in console mode for non-Windows systems. Console mode enables you to use a command line for input and output rather than a graphical user interface (such as X Windows).
All screens present their information on the console and allow you to enter the same information as in the automated installer. This option is useful if you want to run the automated installer on a headless or remote server.
To use Console Mode: Run the automated installer executable for your platform with a -c
parameter.
You can also run the Initial Configuration Utility and the Configuration Upgrade Utility in console mode.
Unattended installation
Management and Security Server installation is based on install4j technology, which supports unattended mode. Unattended installation enables you to install the product the same way on a series of computers.
To use unattended installation:
-
Install Management and Security Server on a machine using the automated installer. You can use the graphical interface or console mode
(-c)
to install the product.The installation process creates a text file, response.varfile, that contains the selected installation options. The file is located in
[MssServerInstall]\.install4j\response.varfile
-
Copy
response.varfile
to another machine where you would like to install Management and Security Server. -
Locate the appropriate executable (listed in Step 1: Run the automated installer.) to install the product.
-
Launch the installation program using the
-q
argument and a-varfile
argument that specifies the location ofresponse.varfile
.
For example, to install Management and Security Server on a 64-bit Linux platform with a response.varfile located in the same directory, use this command, where <12.8.n.nnn>
is the product version and build number:
mss-<12.8.n.nnn>-prod-linuxx64.sh –q –varfile response.varfile
You could also add the –c
option to install in console mode, which would provide feedback such as "Extracting Files" and "Finishing Installation."
More information