1.6 Installing the J2EE Agent on WebSphere

You must install J2EE Agents on the same machine as your WebSphere server, and your WebSphere server needs to be installed on a machine that does not contain any Access Manager components.

The WebSphere agent supports the WebSphere LTPA and SWAM authentication mechanisms. To support this mechanism, the J2EE agent installer modifies the LTPA, LTPA_WEB, SWAM, WEB_INBOUND, and JAAS login configurations in your WebSphere configurations.

1.6.1 Prerequisites

  • Know the following about your WebSphere installation:

    • Path to the directory where WebSphere is installed.

    • Username and password of the WebSphere administrator.

  • Verify the version of the JVM used by WebSphere, then download and install the JVM of same version. Do not use the JVM provided by WebSphere.

  • Verify that the machine meets the minimum requirements. See Section 1.3, Prerequisites.

NOTE:If you have disabled the admin security feature in WebSphere, the installation of J2EE agent will be successful, but you must enable admin security to import the Agents into the administration console.

1.6.2 Installing on WebSphere by Using the Installer

  1. Download and execute the agents installer. For software download instructions, see the Novell Access Manager Readme.

    The Licence Agreement page is displayed.

  2. Review the License Agreement, accept it, then click Next. The installation selection page is displayed.

  3. Select a directory to install the Novell J2EE agent components, then click Next. The Choose Java Virtual Machine page is displayed.

  4. Select a Java Virtual Machine (JVM) to be used by the installed application.

    A default JVM is displayed.

    If you do not select a JVM here, the installer uses the java.home property value of the Java runtime that is used to run the installer to proceed with the installation.

  5. (Optional) If you want to select another JVM, click Choose Another and browse to select the JVM of your choice. Click Search for Others to get a list of available JVMs and select the one you want.

  6. Click Next. The Administration Server Communication page is displayed.

  7. Specify the information required for server communication between the agent and the Administration Console:

    Administration Console IP Address: Specify the IP address of your Novell Access Manager Administration Console.

    Username: Specify the username of the admin user of the Novell Access Manager Administration Console.

    Password: Specify password of the admin user of the Novell Access Manager Administration Console.

    Confirm Password: Specify the password again to confirm it.

    Application Server IP Address (Current Host): Review the entered address. If your server is configured for more than one IP address, make sure you specify the IP address of the machine from which the Novell Access Manager administration console is reachable.

  8. Click Next. The Audit Server page is displayed.

  9. Specify the audit server IP address:

    1. Conditional) If you do not have the audit server installed, the J2EE installer installs the Audit server for you. Specify the IP address of the Novell Access Manager Administration Console as the Audit Server IP.

    2. Conditional) If you have the Audit server installed, specify if you want to replace the existing audit server or use the existing server.

  10. Click Next. The Select Application Server page is displayed.

  11. Select WebSphere, then click Next. The WebSphere Application Server Settings page is displayed.

  12. Specify the directory where you have installed the WebSphere server and click Next.

    The JCC Dependencies page is displayed.

  13. Click Install to continue with the Agent installation.

  14. Review the installation summary, then click Install to install the agent.

    When installation is complete, the Configure IBM WebSphere Application Server Instance page is displayed.

  15. (Conditional) If you want to complete the configuration now, select the Configure IBM WebSphere Application Server option to configure application server instances, then click Next to launch the configuration utility.

    Complete the configuration procedure in Section 1.6.4, Configuring WebSphere for J2EE Agents.

    or

    If you want to perform the configuration at a later point of time, click Next. The successful installation page is displayed.

  16. Click Done to quit the installer.

1.6.3 Installing the WebSphere Agent through the Console

  1. Download the file and execute it.

    For software download instructions, see the Novell Access Manager Readme.

  2. Enter the following command in the command prompt to run the installer on the console:

    <filename> -i console

    Replace <filename> with the name of the J2EE agent installer.

  3. Review the License Agreement, then press Y to accept it.

  4. Specify an absolute path to install the Novell J2EE agent components, or press Enter to continue with the default installation path.

  5. Specify a Java Virtual Machine (JVM) to be used by the installed application.

    All the available JVMs are displayed with a number. The default JVM is displayed with an arrow. Press Enter to select the default JVM, or specify the number of one of the listed JVMs.

  6. Specify the information required for communication between the agent and the Administration Console:

    • Specify the IP address of your Novell Access Manager Administration Console.

    • Specify the username and password of the admin user of the Novell Access Manager Administration Console. Confirm the password by re-entering it.

    • Review the entered address. If your server is configured for more than one IP address, make sure you specify the IP address of the machine from which the Novell Access Manager administration console is reachable.

  7. (Conditional) If you do not have the Audit server installed, the J2EE installer installs the Audit server for you. Specify the IP address of the Novell Access Manager Administration Console as the Audit Server IP, then press Enter.

  8. (Conditional) If the Audit server is already installed on your machine:

    1. To specify if you want to replace the existing Audit server or use the existing server:

      • Press 1 to use the existing Audit server.

      • Press 2 to replace the existing Audit server, then specify the IP address of the new server.

    2. (Conditional) Press 1 to use the existing Novell Audit Configuration.

    3. (Conditional) Press 2 to use a different Audit Server and then specify the IP address.

  9. For the Web Application Server to be installed, specify 2 for JBoss, then press Enter.

  10. Read the alert message and press Enter to continue.

  11. Specify the directory where you have installed the WebSphere server. Press Enter to continue.

  12. Review the installation summary, then press Enter to install the agent.

  13. Complete the configuration procedure in Section 1.6.4, Configuring WebSphere for J2EE Agents.

1.6.4 Configuring WebSphere for J2EE Agents

After you install the WebSphere application server, you must use the ConfigureWSAgent utility to configure it for the J2EE Agent.

NOTE:You can run the configure_websphere_agent.sh or configure_websphere_agent.bat multiple times to configure multiple instances of a WebSphere application server on a single physical machine.

  1. Start the utility located at:

    Linux/AIX: /opt/novell/nids-agents/bin/configure_websphere_agent.sh

    Windows: <Installation-directory>/nids-agents/bin/configure_websphere_agent.bat

  2. Ensure that WebSphere is running.

  3. Review the License Agreement, accept it, then click Next. The Novell J2EE Agent Configuration page is displayed.

  4. Select the directory where the J2EE agent is installed and click Next. The Novell Administration Server Communications Credentials page is displayed.

  5. Specify the administration credentials to contact the Novell Access Manager and click Next. The WebSphere Application Server Settings page is displayed.

  6. Specify the following:

    Application Server Name: Specify a name for the application server.

    Application Server Profile Directory: Specify the path to the application server profile.

  7. Click Next. The WebSphere Application Server Security Settings page is displayed.

  8. Specify the following:

    Username: Specify the name of the WebSphere administrator.

    Password: Specify the password of the WebSphere administrator.

    Re-enter Password: Specify the password again to reconfirm.

  9. Click Next. The Pre-configuration Summary page is displayed.

  10. Click Next to configure changes required for this application server instance. The Configuration Complete page is displayed.

  11. Click Done to exit the utility.

  12. When the installation completes, restart WebSphere.

    The agent is not imported into the Administration Console until the WebSphere server is running.

  13. (Conditional) If you are using the WEB_INBOUND login configuration (which is the default), you need to manually move the J2EE agent login module (com.novell.nids.agent.auth.websphere.NidsLTPALoginModule) to the top of the list:

    1. Open the IBM administration console.

    2. Click Security > > Global Security > Secure administration, applications, and infrastructure

    3. Expand the Java Authentication and Authorization Service option and click System Logins.

    4. Select WEB_INBOUND > JAAS login modules.

    5. Change the order of com.novell.nids.agent.auth.websphere.NidsLTPALoginModule so it is first in the list.

    6. Save your changes.

  14. (Optional) To verify the installation of the agent, see Section 1.8, Verifying If a J2EE Agent Is Installed.