This section helps you configure your WebSphere application server to work with Identity Reporting.
The installation program for Identity Reporting creates the users idmrptsrv and idmrptuser in the PostgreSQL database. You need these users to test the data sources required by Identity Reporting. Also, the data sources need to exist before you deploy the application. For more information, see Section 36.2, Understanding the Installation Process for the Identity Reporting Components.
To ensure that your environment is set up correctly, you must perform the followings steps in the listed order. Use the following table to identify the appropriate data sources to bind to the PostgreSQL users.
PostgreSQL user |
WebSphere data source |
---|---|
idmrptsrv |
IDMRPTDataSource |
idmrptuser |
IDMRPTCfgDataSource |
Install Identity Reporting as directed in one of the following sections:
This step creates the idmrptsrv and idmrptuser users in the PostgreSQL database, as well as writes the WARs to /opt/netiq/idm/apps/IdentityReporting.
Create the two data sources for PostgreSQL that connect to the SIEM database and are bound to the following PostgreSQL users.
Deploy the following Identity Reporting WAR files using the deployment tools for your application server:
IDMRPT-CORE.war
IDMRPT.war
rptdoc.war
easwebstart.war
easrestapi.war
When you deploy Identity Reporting to a web container that runs as a Windows Service, you need to set the Log on as property of that service so that it can read or write the same configuration data that is set by the installation and configuration tools.
If you do not make this change, you might see problems when WebSphere 7.0 is installed as a Windows service. In this case, the Log on as property is set by default to local system,
which does not map to any user defined in the users and groups for the system. Identity Reporting uses Java Preferences to store application configuration data, which are associated with the OS user who executes the process (in other words, the application server).
Set the Log on as property to the user account that you expect the application server to run as. For example, to run as administrator,
set Log on as to administrator. The post-installation configuration tool must run as the same user.
If you are using SSL connections, you need to persist the eDirectory certificate. Use the console utility to upload the CA to the Trusted Store.
This section helps you create new JVM system properties that Identity Reporting requires to function on a WebSphere application server. The process differs slightly depending on whether you deploy Identity Reporting in the same WebSphere environment as the identity applications.
Log in to the WebSphere admin console as an admin user.
In the left pane, click Servers > Application Servers.
In the list of servers, click the name of the server that you want to configure. For example, server1.
Under Server Infrastructure in the content pane, click Java and Process Management.
Expand the link and select Process Definition.
In the list under Additional Properties, click Java Virtual Machine.
Under the Additional Properties heading for the JVM page, click Custom Properties.
To add the com.netiq.rpt.config.file JVM system property, complete the following steps:
Click New.
For Name, specify com.netiq.rpt.config.file.
For Value, specify the full path including the filename for the ism-configuation.properties file.
For example, /opt/netiq/idm/apps/IdentityReporting/config/ism-configuation.properties.
For Description, specify a description for the property.
For example, Identity Manager Reporting ism properties file.
Click OK to save the property.
(Conditional) If you deploy Identity Reporting with the identity applications, complete the following steps:
Copy the following configuration files from the installation directory for Identity Reporting:
rpt_data_hibernate.cfg.xml
rpt_runner_hibernate.cfg.xml
rpt_mgt_cfg_hibernate.cfg.xml
Place the files in the directory that gets mapped to the extend.local.config.dir JVM property during the identity applications configuration.
(Conditional) If you do not deploy Identity Reporting with the identity applications, complete the following steps to add the extend.local.config.dir JVM system property:
Click New.
For Name, specify extend.local.config.dir.
For Value, specify the full path of the directory that contains the three Reporting configuration files (rpt_data_hibernate.cfg.xml, rpt_runner_hibernate.cfg.xml, and rpt_mgt_cfg_hibernate.cfg.xml).
For example, /opt/netiq/idm/apps/IdentityReporting/conf/.
For Description, specify a description for the property.
For example, path to the Identity Manager Reporting configuration files.
Click OK to save the property.
Restart WebSphere.
You might need to configure a shared library for Identity Reporting. When you create a shared library you must also apply the library to a new class loader to ensure that WebSphere uses the Identity Manager versions of the JAR files. Otherwise, you will encounter class loading problems with JAR files that have shipped with WebSphere. WebSphere class loading problems can manifest as the following kinds of exceptions:
ClassCastException
ClassNotFoundException
NoClassDefFoundException
UnsatisfiedLinkError
LinkageError
This process includes the following activities:
Log in to the WebSphere admin console as an admin user.
In the left pane, expand Environment.
Click Shared Libraries.
In the content pane, click New.
Specify a name, such as IDMUA Classpath.
For Classpath, add the required JAR files:
If Identity Reporting is installed using the individual component installer, the Shared Library must have the same three jars that are required by the Identity Applications and the following additional jars:
log4j.jar
commons-logging-1.1.1.jar
IDMselector.jar
felix.jar
The log4j.jar, IDMselector.jar, and felix.jar are located in the %reporting-install% directory and commons-logging-1.1.1.jar is located in the %reporting-install%/bin/lib directory.
For example,
/opt/netiq/idm/apps/IdentityReporting/log4j.jar
/opt/netiq/idm/apps/IdentityReporting/IDMselector.jar
/opt/netiq/idm/apps/IdentityReporting/bin/lib/commons-logging-1.1.1.jar
/opt/netiq/idm/apps/IdentityReporting/felix.jar
If Identity Reporting is installed as part of Identity Applications installation, add an entry for the felix jar to the existing Shared Library definition. The felix jar is located in the Identity Reporting installation directory. For example, /opt/netiq/idm/apps/IdentityReporting/felix.jar.
For example, /opt/netiq/idm/apps/IdentityReporting/felix.jar
De-select Use an isolated class loader for this shared library.
Click OK.
Click Save to save the changes to the master configuration.
Log in to the WebSphere admin console as an admin user.
Expand Application servers > server-name > Class loader.
NOTE:By default, this option is collapsed under the Java and Process Management section.
In the content pane, click New to create a new class loader.
Select Classes loaded with local class loader first (parent last).
Click Apply.
Select Shared library references.
Click Add and then select the shared library that you created in Configuring the Shared Library.
Click Apply.
Click OK.
Click Save to save the changes to the master configuration.