4.3 Installing on Windows

  1. Verify that the machine meets the minimum requirements. See Section 2.5, Identity Server Requirements.

  2. Close any running applications and disable any virus scanning programs.

  3. (Conditional) If you have installed the Administration Console on this machine, make sure you have rebooted the machine before installing the Identity Server.

  4. (Conditional) To use a remote desktop for installation, use one of the following:

    • Current version of VNC viewer

    • Microsoft Remote Desktop with the /console switch for Windows XP SP2

    • Microsoft Remote Desktop with the /admin switch for Windows XP SP3

  5. Download the software file and execute it.

    For software download instructions, see the “Novell Access Manager Readme”.

  6. Read the introduction, then click Next.

  7. Accept the license agreement, then click Next.

  8. Select Novell Identity Server, then click Next.

  9. Specify the following information:

    Administration user ID: Specify the name of the administration user for the Administration Console.

    Password and Re-enter Password: Specify the password and re-enter the password for the administration user account.

    Server IP Address: Specify the IP address of the Administration Console.

  10. Click Next, then review the summary.

  11. A message prompt to enable or disable the SSL renegotiation appears during the installation.

    WARNING:This installer is bundled with JDK, which has the SSL renegotiation disabled by default. If you use x509 authentication, then SSL renegotiation must be enabled. Would you like to enable SSL renegotiation for this session Y/N [N].

  12. SSL renegotiation is disabled by default because the TLS, SSL protocol 3.0 or earlier are vulnerable to man-in-the-middle attack. Select “N” to disable the SSL renegotiation and “Y” to enable the SSL renegotiation. Enabling the SSL renegotiation leaves the system open to possible man-in-the-middle attacks. We recommend you to enable the SSL renegotiation when using the x509 certificate based authentication under the following scenarios:

    1. Browser to identity provider when using the x509 certificate based authentication.

    2. Identity provider to identity provider communication when using the x509 certificate for mutual authentication.

    3. Secure LDAP connections with mutual authentication into the LDAP user store.

  13. To start the install, click Install.

  14. (Conditional) If you are installing the Identity Server on a machine that contains a previous installation of the Administration Console, you are asked whether the program should overwrite an existing file in the \Program Files\Novell directory. Answer yes to the prompt.

  15. (Optional) After the installation finishes, view the install log file found in the following location:

    Windows Server 2003: \Program Files\Novell\log\AccessManagerServer_ InstallLog.log

    Windows Server 2008: \Program Files (x86)\Novell\log\AccessManagerServer_ InstallLog.log

  16. (Optional) To verify that the Identity Server installation was successful, log in to the Administration Console (see Section 3.3, Logging In to the Administration Console).

    After you log in to the Administration Console, click Devices > Identity Servers. The system displays the installed server, as shown in the following example:

    At this point the Identity Server is in an unconfigured state and is halted. It remains in this state and cannot function until you create an Identity Server configuration, which defines how an Identity Server or Identity Server cluster operates.

  17. Continue with one of the following: