28.2 Installing on a WebLogic Application Server

This section describes how to install the User Application for RBPM on a WebLogic Application Server by using the graphical user interface version of the installation program.

For more information about ...

See ...

Prerequisites for installing on a WebLogic application server

Section 6.7, Prerequisites and Requirements for Installing the User Application and Roles Based Provisioning Module

Hardware and software requirements for installing on an application server

Section 6.7.6, System Requirements for Installing the User Application and Roles Based Provisioning Module

Using the console to install the User Application

Section 29.1, Performing a Guided Installation from the Command Line

Using a single command to install the User Application

Section 29.2, Installing the User Application with a Single Command

28.2.1 Checklist for Installing the User Application on WebLogic

Use the following checklist to guide you through the process of installing the User Application on a WebLogic application server.

 

Checklist Items

  1. Install a supported version of WebLogic application server and Java development kit or runtime environment. For more information, see Section 6.7.6, System Requirements for Installing the User Application and Roles Based Provisioning Module.

  1. Configure a data source file. For more information, see Section 28.2.2, Configuring the Data Source for the User Application Database on WebLogic.

  1. Create a WebLogic-enabled WAR for the User Application. For more information, see Section 28.2.3, Installing the User Application with the Installation Wizard.

  1. Prepare the WebLogic application server environment for running the User Application. For more information, see Section 28.2.4, Configuring the WebLogic Environment for the User Application.

  1. Deploy and log on to the User Application. For more information, see Section 28.2.5, Start the User Application on the WebLogic Server.

28.2.2 Configuring the Data Source for the User Application Database on WebLogic

Before installing the User Application, you must have an existing data source file that points to the database. For WebLogic environments, you must manually create the data source file.

  1. Copy the JAR files for your User Application database to the domain where you will deploy the User Application.

  2. Create the data source file according to the instructions in the WebLogic documentation.

  3. Change the JNDI name for the data source file to jdbc/IDMUADataSource, regardless of what name you specify for the data source file or for the database when you create the User Application WAR file.

28.2.3 Installing the User Application with the Installation Wizard

This section explains how to use the User Application installation wizard. The following considerations apply to this process:

  • You must install a supported version of WebLogic Application Server before installing the User Application.

  • You must use a supported version of the JRockit Java environment to launch the installation program.

  • The installation program does not save the values that you enter as you progress through the windows in the wizard. If you click Previous to return to an earlier window, you must re-enter the configuration values.

  • The installation program creates the novlua user account and sets the permissions in the JBoss files to this user. The jboss_init script uses this user account to run JBoss.

To install the User Application with the installation wizard:

  1. Log on as a root user to the computer where you want to install the User Application.

  2. In the JRockit Java environment, enter one of the following commands to start the .jar file, by default in the products/RBPM/user_app)install folder within the .iso image file for Identity Manager. For example:

    Linux

    $ /opt/WL/bea/jrockit_160_17/bin/java -jar IdmUserApp.jar

    Windows

    C:\WL\bea\jrockit_160_17\bin\java -jar IdmUserApp.jar

  3. In the Welcome page of the User Application installation program, specify the language that you want to use for installation, and then click OK.

  4. In the License Agreement window, click I accept the terms of the License Agreement and then click Next.

  5. In the Application Server Platform window, click WebLogic and then click Next.

  6. In the Install Folder window, specify the folder where you want to place the installation files and then click Next.

  7. In the Database Platform window, specify the platform of the User Application database. For example, Oracle. Click Next.

  8. In the Database Host and Port window, specify the hostname or IP address of the server hosting the User Application database.

    For a cluster, you must specify the same name or IP addreess for each member of the cluster.

  9. For Port, specify the number of the listener port for the database.

    For a cluster, you must specify the same port for each member of the cluster.

  10. Click Next.

  11. In the Database Username and Password window, specify the name of the database according to the database platform. By default, the database name is idmuserappdb.

    • For a PostgreSQL, My SQL, or SQL Server database, specify the name.

    • For an Oracle database, specify the Security Identifier (SID) that you created with the database instance.

    • For a cluster, you must specify the same database name or SID for each member in the cluster.

  12. Specify the name for the database user account to use with the User Application and the password associated with the user account.

    In a cluster environment, you must use the same user account and password for each member in the cluster.

  13. Specify the JAR file for the database platform.

    The database vendor provides the driver JAR file, which represents the Thin Client JAR for the database server. For example, for PostgreSQL, specify postgresql-8.4-701.jdbc4.jar, by default in the novell\idm\Postgres folder. NetIQ does not support driver JAR files from third-party vendors.

  14. Click Next.

  15. (Optional) In the Database Administrator window, specify the name and password for the database administrator.

    This field automatically lists the same user account and password that you specified in Step 14. To use that account, do not make any changes.

  16. Click Next.

  17. In the Create Database Tables window, select one of the following options:

    Create Tables Now

    The installation program creates the database tables as part of the installation process.

    Create Tables at Application Startup

    The installation program leaves instructions to create the tables when the User Application starts for the first time.

    Write SQL to File

    Create a schema file at installation time for the database administrator to use later to create the tables. When selecting this option, you must also specify a name for the file in the Schema Output File window.

  18. Click Next.

  19. (Conditional) If you chose Create Tables Now or Write SQL to File in Step 19, specify whether the database is a new or empty database or it already exists from a previous installation). Click Next.

  20. To verify that the User Application can connect to the specified database, click Test Database Connection and then click Next.

    This step enables the installer to connect to the database for creating tables directly or for creating the .sql file.

    NOTE:You can continue with installation if the database connection fails. However, after installation, you must manually create the tables and connect to the database. For more information, see “Recreating the Database after Installation” in the User Application Administration Guide.

  21. In the Java Install window, specify the path to the Java root installation folder and then click Next.

  22. For Application Context in the IDM Configuration window, specify a name that represents the application server configuration, the application WAR file, and the name in the URL context.

    The installation script creates a server configuration, then names the configuration according to the name that you created when installing the application server. For example, IDMProv.

    IMPORTANT: NetIQ recommends that you make a note of the specified Application Context. You will use this application name in the URL when you start the User Application from a browser.

  23. Click Next.

  24. (Optional) To send log events to an auditing server, complete the following steps in the Select Audit Logging Type window:

    1. Click Yes and then click Next.

    2. In the Audit Logging window, specify the type(s) of logging that you want to enable:

      Novell Identity Audit or NetIQ Sentinel

      Enables logging through a Novell or NetIQ client for the User Application.

      OpenXDAS

      Enables the User Application to send events to your OpenXDAS logging server.

    3. Click Next.

    4. (Conditional) If you chose in Step 29 to send log events through a Novell client, in the Novell Identity Audit or Novel Sentinel window, specify the hostname or IP address for the client server and the path to the log cache.

      For more information about setting up loggin, see the User Application Administration Guide.

  25. Click Next.

  26. (Optional) To import an existing master key, complete the following steps in the Security - Master Key window:

    NOTE:

    • The User Application uses the master key to access encrypted data.

    • You must complete these steps after installing the first instance of the User Application in a cluster. Every instance of the User Application in a cluster must use the same master key. For more information, see Section 27.2.4, Using the Same Master Key for Each User Application in the Cluster.

    • Complete these steps if you are moving your installation from a staging system to a production system and want to keep access to the database you used with the staging system.

    • Complete these steps also if you are restoring your User Application and you want to access the encrypted data stored by your previous version of the User Application.

    • By default, the installation procedure writes the encrypted master key to the master-key.txt file in the installation directory.

    1. Click Yes and then click Next.

    2. In the Import Master Key window, copy and paste the master key from the master-key.txt file.

  27. Click Next.

  28. (Conditional) If, at this time, you do not want specify the settings for the User Application to interact with RBPM, click No in the Configure IDM window.

    NOTE:After installing the User Application, you can modify most of the settings in the configureupdate.sh or configureupdate.bat files. For more information about specifying the values for the settings, see the tables in Section 30.2, Configuring the User Application. The tables also explain which settings are required, and whether you can edit them with the configuration update files.

  29. (Conditional) To immediately configure the User Application to interact with RBPM, complete the following steps in the Configure IDM window:

    1. Click Yes and then click Next.

    2. In the Roles Based Provisioning Module Configuration window, click Show Advanced Options.

    3. Modify the settings as needed.

      NOTE:

      • For more information about specifying the values, see the tables in Section 30.2, Configuring the User Application. The tables also explain which settings are required, and whether you can edit them with the configuration update files.

      • In production environments, all administrator assignments are restricted by licensing. NetIQ collects monitoring data in the audit database to ensure that production environments comply. Also, NetIQ recommends that only one user be given the permissions of the Security Administrator.

    4. Click OK.

  30. Click Next.

  31. In the Pre-Installation Summary window, click Install.

  32. (Optional) Review the installation log files. For results of the basic installation, see the Identity_Manager_User_Application_InstallLog.log file. For information about the User Application configuration performed in Step 29, see the Novell-Custom-Install.log file.

28.2.4 Configuring the WebLogic Environment for the User Application

To ensure that the User Application runs properly, you must prepare your WebLogic environment. This process includes the following activities:

Specifying RBPM Configuration File Locations

  1. To ensure that the WebLogic application server can find the appropriate .xml files for the User Application, complete the following steps:

    1. Open the setDomainEnv.cmd or setDomainEnv.sh file.

    2. Locate the JAVA_PROPERTIES entry. For example, set JAVA_PROPERTIES or export JAVA_PROPERTIES.

    3. Below the JAVA_PROPERTIES entry, add the following entries:

      • -Dextend.local.config.dir==directory-path where directory-path specifies the folder (not the file itself) that contains the sys-configuration.xml file.

      • -Didmuserapp.logging.config.dir==directory-path where directory-path specifies the folder (not the file itself) that contains the idmuserapp_logging.xml file.

      • -Dlog.init.file==file-name where file-name specifies the wl_idmuserapp_logging.xml file, which is used for log4j configuration.

        The wl_idmuserapp_logging.xml file handles the appender and logger configurations required for the User Application in situations where multiple applications are installed on the same application server.

      For example on Windows, you might add the following entries:

      set JAVA_OPTIONS=-Dextend.local.config.dir=c:\novell\idm
set JAVA_OPTIONS=%JAVA_OPTIONS% -Didmuserapp.logging.config.dir=c:\novell\idm
set JAVA_OPTIONS=%JAVA_OPTIONS%
-Dlog.init.file=wl_idmuserapp_logging.xml

    4. Ensure that the environment variable EXT_PRE_CLASSPATH points to the following JAR files:

      • antlr-2.7.6.jar

      • log4j.jar

      • commons-logging.jar

        NOTE:You must download this JAR file from the Apache site.

      • xalan.jar

      • xercesImpl.jar

      • xsltc.jar

      • serializer.jar

      NOTE:Alternatively, you can copy these files into WEB-INF/lib directory within the IDMProv.war file.

      1. Below the ADD EXTENSIONS TO CLASSPATH line, add EXT_PRE_CLASSPATH.

        For example, on Windows:

        set EXT_PRE_CLASSPATH=C:\bea\user_projects\domains\base_domain\lib\antlr-2.7.6.jar;C:\bea\user_projects\domain\base_domain\lib\log4j.jar;C:\bea\user_projects\domains\base_domain\lib\commons-logging.jar;C:\bea\user_projects\domains\base_domain\lib\xalan.jar;C:\bea\user_projects\domains\base_domain\lib\xercesImpl.jar;C:\bea\user_projects\domains\base_domain\lib\xsltc.jar;C:\bea\user_projects\domains\base_domain\lib\serializer.jar

        For example, on Linux: 

        export EXT_PRE_CLASSPATH=/opt/bea/user_projects/domains/base_domain/lib/antlr-2.7.6.jar:/opt/bea/user_projects/domain/base_domain/lib/log4j.jar:/opt/bea/user_projects/domains/base_domain/lib/commons-logging.jar:/opt/bea/user_projects/domains/base_domain/lib/xalan.jar:/opt/bea/user_projects/domains/base_domain/lib/xercesImpl.jar:/opt/bea/user_projects/domains/base_domain/lib/xsltc.jar:/opt/bea/user_projects/domains/base_domain/lib/serializer.jar

    5. Save and exit the file.

  2. To ensure that configuration update utility uses the appropriate .xml files, complete the following steps:

    1. Open the configuration update file. For example, configupdate.bat or configupdate.sh.

    2. In the -Duser.language=en -Duser.region=" line, add the path to the sys-configuration.xml file.

      For example, on Windows:

      -Dextend.local.config.dir=c:\novell\idm

      For example, on Linux:

      -Dextend.local.config.dir=/opt/novell/idm

    3. Save and close the file.

    4. Run the configuration update utility to install the certificate into the keystore of the JDK under BEA_HOME.

      When you run configupdate, you are prompted for the cacerts file under the JDK you are using. If you are not using that same JDK that was specified during the installation you must run configupdate on the WAR. Pay attention to the JDK specified because this entry must point to the JDK used by WebLogic. This is done to import a certificate file for the connection to the Identity Vault. The purpose for this is to import a certificate for the connection to eDirectory.

      The Identity Vault Certificates value in the configupdate utility must point to the following location:

      c:\jrockit\jre\lib\security\cacerts

Removing OpenSAML JAR Files

WebLogic uses OpenSAML JAR files that conflict with the files that the User Application needs to run on WebLogic. This requirement applies to any User Application that does not have SSO enabled.

Remove the following JAR files from the WebLogic /WL103/modules directory:

  • com.bea.core.bea.opensaml_1.0.0.0_5-0-2-0.jar

  • com.bea.core.bea.opensaml2_1.0.0.0_5-0-2-0.jar

Modifying the Workflow Administration Plug-in

The Workflow Administration plug-in to iManager cannot connect to the User Application Driver running on WebLogic if the enforce-valid-basic-auth-credentials flag is set to true. You must disable this flag.

  1. Open the config.xml file, by default in the WLHome\user_projects\domains\idm\config\ folder.

  2. At the end of the <security-configuration> section, add the following line:

    <enforce-valid-basic-auth-credentials>false</enforce-valid-basic-auth-credentials>
</security-configuration>

  3. Close and save the file.

  4. Restart the server.

  5. (Optional) To verify the change, log on to the Workflow Administration plug-in.

28.2.5 Start the User Application on the WebLogic Server

Your User Application should be installed and ready for deployment. For more information about post-installation tasks, see Section 30.0, Completing the Roles Based Provisioning Module / User Application Installation.

  1. Log on to the WebLogic application server that hosts the User Application.

  2. Using the standard WebLogic deployment procedure, deploy the User Application WAR.

  3. To access the User Application portal, enter the following URL in a supported Web browser:

    http://application-server-host:port/application-context

    For example:

    http://localhost:8180/IDMProv