Novell ACCESS MANAGER 3.1 SP1 - AGENT GUIDE User manual
Novell®
www.novell.com
novdocx (en) 13 May 2009
AUTHORIZED DOCUMENTATION
Novell Access Manager 3.1 SP1 Agent Guide
Access Manager
3.1 SP 1
July 15, 2009
J2EE* Agent Guide
novdocx (en) 13 May 2009
Legal Notices
Novell, Inc., makes no representations or warranties with respect to the contents or use of this documentation, and
specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose.
Further, Novell, Inc., reserves the right to revise this publication and to make changes to its content, at any time,
without obligation to notify any person or entity of such revisions or changes.
Further, Novell, Inc., makes no representations or warranties with respect to any software, and specifically disclaims
any express or implied warranties of merchantability or fitness for any particular purpose. Further, Novell, Inc.,
reserves the right to make changes to any and all parts of Novell software, at any time, without any obligation to
notify any person or entity of such changes.
Any products or technical information provided under this Agreement may be subject to U.S. export controls and the
trade laws of other countries. You agree to comply with all export control regulations and to obtain any required
licenses or classification to export, re-export or import deliverables. You agree not to export or re-export to entities on
the current U.S. export exclusion lists or to any embargoed or terrorist countries as specified in the U.S. export laws.
You agree to not use deliverables for prohibited nuclear, missile, or chemical biological weaponry end uses. See the
Novell International Trade Services Web page (http://www.novell.com/info/exports/) for more information on
exporting Novell software. Novell assumes no responsibility for your failure to obtain any necessary export
approvals.
Copyright © 2006-2009 Novell, Inc. All rights reserved. No part of this publication may be reproduced, photocopied,
stored on a retrieval system, or transmitted without the express written consent of the publisher.
Novell, Inc., has intellectual property rights relating to technology embodied in the product that is described in this
document. In particular, and without limitation, these intellectual property rights may include one or more of the U.S.
patents listed on the Novell Legal Patents Web page (http://www.novell.com/company/legal/patents/) and one or
more additional patents or pending patent applications in the U.S. and in other countries.
Novell, Inc.
404 Wyman Street, Suite 500
Waltham, MA 02451
U.S.A.
www.novell.com
Online Documentation: To access the latest online documentation for this and other Novell products, see
the Novell Documentation Web page (http://www.novell.com/documentation).
novdocx (en) 13 May 2009
Novell Trademarks
For Novell trademarks, see the Novell Trademark and Service Mark list (http://www.novell.com/company/legal/
trademarks/tmlist.html).
Third-Party Materials
All third-party trademarks are the property of their respective owners.
4Novell Access Manager 3.1 SP1 Agent Guide
novdocx (en) 13 May 2009
Contents 5
Contents
novdocx (en) 13 May 2009
About This Guide 9
1 Installing the J2EE Agents 11
1.1 Overview of J2EE Agents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
1.2 Prerequisites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
1.3 Installing the J2EE Agent on JBoss . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
1.3.1 Prerequisites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
1.3.2 Installing and Configuring the JBoss Web Deployer Service. . . . . . . . . . . . . . . . . . . 13
1.3.3 Installing JBoss By Using the Installer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
1.3.4 Installing the JBoss Agent Through the Console. . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
1.4 Installing the J2EE Agent on WebSphere . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
1.4.1 Prerequisites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
1.4.2 Installing on WebSphere By Using the Installer. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
1.4.3 Installing the WebSphere Agent Through the Console . . . . . . . . . . . . . . . . . . . . . . . 27
1.4.4 Configuring WebSphere for J2EE Agents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
1.5 Installing the J2EE Agent on WebLogic . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
1.5.1 Installing WebLogic Agent by Using the Installer. . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
1.5.2 Installing a J2EE Agent by Using the Console . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
1.5.3 Configuring WebLogic for J2EE Agents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
1.5.4 Deploying the Example Payroll Application . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42
1.6 Verifying If a J2EE Agent Is Installed . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42
1.7 Uninstalling a J2EE Agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
2 Configuring the Agent for Authentication 45
2.1 Prerequisites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
2.2 Possible Configurations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
2.2.1 Allowing Direct Access to the J2EE Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
2.2.2 Protecting the Application Server with the Access Gateway . . . . . . . . . . . . . . . . . . . 47
2.3 Configuring the Agent for Direct Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
2.4 Configuring Authentication Contract . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
2.4.1 Protecting Different Applications By Using Different Authentication Contracts . . . . . 49
2.4.2 Configuring Additional Authentication for Applications . . . . . . . . . . . . . . . . . . . . . . . 52
2.5 Protecting the Application Server with the Access Gateway . . . . . . . . . . . . . . . . . . . . . . . . . . 53
2.5.1 Setting Up a Path-Based Proxy Service for an Application Server . . . . . . . . . . . . . . 53
2.5.2 Setting Up a Domain-Based Proxy Service for an Application Server. . . . . . . . . . . . 57
2.5.3 Configuring a Protected Agent for Access. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61
3 Clustering J2EE Agents 63
3.1 Prerequisites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63
3.2 Creating a Cluster Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63
3.3 Assigning a J2EE Agent to a Cluster . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64
3.4 Modifying Cluster Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65
3.5 Removing a J2EE Agent from a Cluster . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65
4 Preparing the Applications and the J2EE Servers 67
4.1 Preparing the Application for the Agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67
6Novell Access Manager 3.1 SP1 Agent Guide
novdocx (en) 13 May 2009
4.1.1 Configuring for Login . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67
4.1.2 Configuring for Logout . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68
4.2 Configuring Applications on the JBoss Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69
4.2.1 Configuring a Security Domain . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69
4.2.2 Configuring Security Constraints . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70
4.2.3 Configuring for Roles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70
4.3 Configuring Applications on the WebSphere Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71
4.3.1 Configuring for Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71
4.3.2 Configuring for RunAs Roles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71
4.4 Configuring Applications on the WebLogic Server. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73
5 Configuring the Basic Features of a J2EE Agent 75
5.1 Enabling Tracing and Auditing of Events . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75
5.1.1 Tracing Events to Log Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75
5.1.2 Enabling the Auditing of Events. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76
5.2 Managing Embedded Service Provider Certificates. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77
5.3 Configuring SSL Certificate Trust. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77
5.4 Modifying the Display Name and Other Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78
5.5 Changing the IP Address of a J2EE Agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78
6 Protecting Web and Enterprise JavaBeans Modules 79
6.1 Configuring Access Control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79
6.2 Protecting Web Resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80
6.2.1 Creating a Protected Resource for a Web Application . . . . . . . . . . . . . . . . . . . . . . . 80
6.2.2 Assigning a Web Authorization Policy to the Resource . . . . . . . . . . . . . . . . . . . . . . . 82
6.3 Protecting Enterprise JavaBeans Resources. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82
6.3.1 Creating a Protected Enterprise JavaBean Resource . . . . . . . . . . . . . . . . . . . . . . . . 82
6.3.2 Assigning an Enterprise JavaBeans Authorization Policy to a Resource . . . . . . . . . 84
7 Deploying the Sample Payroll Application 85
7.1 Using the J2EE Server to Enforce Authorization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85
7.2 Using Access Manager Policies to Enforce Authorization . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86
7.2.1 Creating an Employee Role and a Manager Role . . . . . . . . . . . . . . . . . . . . . . . . . . . 86
7.2.2 Creating Authorization Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88
7.2.3 Assigning Policies to Protected Resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93
7.2.4 Testing the Configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94
8 Managing a J2EE Agent 97
8.1 Viewing General Status Information. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97
8.2 Stopping and Starting the Agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98
8.3 Stopping and Starting the Embedded Service Provider . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98
8.4 Deleting an Agent from the Administration Console . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99
8.5 Viewing Platform Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99
8.6 Managing the Health of an Agent. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100
8.7 Managing Alerts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101
8.8 Viewing the Status of Recent Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103
8.9 Viewing Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103
Contents 7
novdocx (en) 13 May 2009
9 Troubleshooting the J2EE Agent 105
9.1 Troubleshooting the J2EE Agent Import . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105
9.2 Authorization Policies Fail for Some Attributes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105
9.3 Health Status Displays as Server Is Not Reporting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106
9.4 Error: Invalid Administration Server IP Address. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106
9.4.1 JRE Version is Wrong . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106
9.4.2 Issues With the Administration Console . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106
9.5 Installer Stops Responding While Installing on WebSphere . . . . . . . . . . . . . . . . . . . . . . . . . 107
9.6 Unable to Federate WebSphere Custom Profile If Agent is Already Installed . . . . . . . . . . . . 107
9.7 Authorization Fails in the WebSphere Application . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 108
9.8 Audit Log Event Problems on 64-Bit Platforms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 108
9.8.1 JBoss Agent. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 108
9.8.2 WebLogic Agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 109
9.9 JBoss and SSL. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 109
9.10 Viewing Log Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 109
9.11 Troubleshooting Access Control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 109
8Novell Access Manager 3.1 SP1 Agent Guide
novdocx (en) 13 May 2009
About This Guide 9
novdocx (en) 13 May 2009
About This Guide
This guide describes the J2EE Agents and explains how to install, configure, and manage them:
Chapter 1, “Installing the J2EE Agents,” on page 11
Chapter 2, “Configuring the Agent for Authentication,” on page 45
Chapter 3, “Clustering J2EE Agents,” on page 63
Chapter 4, “Preparing the Applications and the J2EE Servers,” on page 67
Chapter 5, “Configuring the Basic Features of a J2EE Agent,” on page 75
Chapter 6, “Protecting Web and Enterprise JavaBeans Modules,” on page 79
Chapter 7, “Deploying the Sample Payroll Application,” on page 85
Chapter 8, “Managing a J2EE Agent,” on page 97
Chapter 9, “Troubleshooting the J2EE Agent,” on page 105
Audience
This guide is intended for Access Manager administrators. It is assumed that you have knowledge of
evolving Internet protocols, such as:
Extensible Markup Language (XML)
Simple Object Access Protocol (SOAP)
Security Assertion Markup Language (SAML)
Public Key Infrastructure (PKI) digital signature concepts and Internet security
Secure Socket Layer/Transport Layer Security (SSL/TSL)
Hypertext Transfer Protocol (HTTP and HTTPS)
Uniform Resource Identifiers (URIs)
Domain Name System (DNS)
Web Services Description Language (WSDL)
Feedback
We want to hear your comments and suggestions about this guide and the other documentation
included with this product. Please use the User Comments feature at the bottom of each page of the
online documentation, or go to Documentation Feedback (http://www.novell.com/documentation/
feedback.html) at www.novell.com/documentation/feedback.html and enter your comments there.
Documentation Updates
For the most recent version of the Access Manager J2EE Agent Guide, visit the Novell Access
Manager Documentation Web site (http://www.novell.com/documentation/novellaccessmanager31).
10 Novell Access Manager 3.1 SP1 Agent Guide
novdocx (en) 13 May 2009
Additional Documentation
Before proceeding, you should be familiar with the Novell Access Manager 3.1 SP1 Installation
Guide and the Novell Access Manager 3.1 SP1 Setup Guide, which provide information about
setting up the Access Manager system.
Documentation Conventions
In Novell®documentation, a greater-than symbol (>) is used to separate actions within a step and
items in a cross-reference path.
A trademark symbol (®, TM, etc.) denotes a Novell trademark. An asterisk (*) denotes a third-party
trademark.
When a single pathname can be written with a backslash for some platforms or a forward slash for
other platforms, the pathname is presented with a backslash. Users of platforms that require a
forward slash, such as Linux* or UNIX*, should use forward slashes as required by your software.
Installing the J2EE Agents
1
11
novdocx (en) 13 May 2009
1
Installing the J2EE Agents
Access Manager currently has J2EE agents for JBoss*, WebLogic*, and WebSphere* servers. The
agents can be installed on Linux, Windows* and AIX* platforms.
The J2EE Agents allow you to use roles and other types of policies to restrict access to specific
application modules and Enterprise JavaBeans. These agents leverage the Java Authentication and
Authorization Service (JAAS) and Java Authorization Contract for Containers (JACC) standards for
Access Manager-controlled authentication and authorization to Java Web applications and
Enterprise JavaBeans.
NOTE: You cannot upgrade J2EE Agents from version 3.0 to 3.1. You must perform a fresh
installation of the 3.1 version of J2EE Agents.
This section has the following information:
Section 1.1, “Overview of J2EE Agents,” on page 11
Section 1.2, “Prerequisites,” on page 12
Section 1.3, “Installing the J2EE Agent on JBoss,” on page 13
Section 1.4, “Installing the J2EE Agent on WebSphere,” on page 21
Section 1.5, “Installing the J2EE Agent on WebLogic,” on page 30
Section 1.6, “Verifying If a J2EE Agent Is Installed,” on page 42
Section 1.7, “Uninstalling a J2EE Agent,” on page 43
1.1 Overview of J2EE Agents
Users of application servers, such as J2EE servers, commonly fall into one of three abstract roles:
buyer, seller, or administrator. For example, a rental car company might apply a variety of Enterprise
JavaBeans* (EJB) components that offer different products and services to clients. One service
could be a specific component that enables a Web-based reservation process. In this case, the
customer could access a Web site to reserve a rental car. The seller could access a site that provides a
list of available cars and prices. Then the administrator could access a site that tracked inventory and
maintenance schedules. These components provide the basic business services for the application to
function and the tasks they accomplish require a security policy to enforce appropriate use of such
services.
Using the deployment descriptors, the application developer can set up a method to protect the
components by using abstract security role names. For example, there can be a role called Service
Representative, which protects the component that creates a rental agreement. Similarly, there can
be a role called Approver, which protects the component that approves the agreement. Although
these roles convey the intent of the application vendor or developer to enforce such security policies,
they are not useful unless these abstract role names are mapped to real life principals such as actual
users or actual roles.
12 Novell Access Manager 3.1 SP1 Agent Guide
novdocx (en) 13 May 2009
1.2 Prerequisites
Access Manager ships with three agents: JBoss, WebLogic, and WebSphere. They are available as a
Web download from Novell (http://www.novell.com/products) along with the Novell Access
Manager product download.
The computer must meet the following requirements:
No Access Manager components are installed on the machine.
Static IP address. If the address is assigned at boot and that address changes, the J2EE Agent
and the Administration Console can no longer communicate with each other.
JRE* 1.5.
Table 1-1 Software requirements
Requirements JBoss WebSpehere WebLogic
Application Software JBoss 4.2.3
The JBoss server
package does not ship
on the SLES installation
media. To download and
install JBoss version
4.2.3, see JBoss
Application Server
Downloads (http://
labs.jboss.com/portal/
jbossas/download).
WebSphere 6.1 BEA WebLogic 9.2 and
Weblogic 10.0
NOTE: 64-bit version is
not supported on
Solaris.
WebLogic 10.0 is
not supported on
Solaris.
Operating System Linux: Following
operating systems are
supported on Linux:
SUSE®Linux
Enterprise Server
10 on 32-bit and
64-bit platforms.
RedHat* 5
Windows: Following
versions of operating
systems, with latest
support packs are
supported on Windows:
Windows 2003
Linux: Following
operating systems are
supported on Linux:
SUSE®Linux Enterprise
Server 10 on 32-bit and
64-bit platforms.
Windows: Following
versions of operating
systems, with latest
support packs are
supported on Windows:
Windows 2003
AIX: AIX 5.3
Linux: Following
operating systems are
supported on Linux:
SUSE®Linux Enterprise
Server 10 on 32-bit and
64-bit platforms.
Windows: Following
versions of operating
systems, with latest
support packs are
supported on Windows:
Windows 2003
Solaris: Solaris 10 on
SPARC, X86, 32-bit and
64-bit platforms.
NOTE: There is no
support for Novell Audit
on Solaris for this
release.
Installing the J2EE Agents 13
novdocx (en) 13 May 2009
NOTE: The software versions mentioned in the table are tested with the product. Higher versions of
the software may or may not work.
1.3 Installing the J2EE Agent on JBoss
The agent needs to be installed on the same machine as your JBoss server, and your JBoss server
needs to be installed on a machine without any other Access Manager components. For other
requirements, see Section 1.3.1, “Prerequisites,” on page 13.
Section 1.3.1, “Prerequisites,” on page 13
Section 1.3.2, “Installing and Configuring the JBoss Web Deployer Service,” on page 13
Section 1.3.3, “Installing JBoss By Using the Installer,” on page 15
Section 1.3.4, “Installing the JBoss Agent Through the Console,” on page 20
1.3.1 Prerequisites
You must know the path where the JBoss server is installed. For more information, refer to the
JBoss documentation.
You must know the server configuration set you have selected for your JBoss server.
Verify that the machine meets the minimum requirements. See Section 1.2, “Prerequisites,” on
page 12.
If you use the custom configurations for JBoss, complete the steps in Section 1.3.2, “Installing
and Configuring the JBoss Web Deployer Service,” on page 13.
1.3.2 Installing and Configuring the JBoss Web Deployer
Service
If you want to use a custom JBoss configuration, the Novell J2EE Agent depends on the JBoss Web
deployer service. To verify if the JBoss Web deployer service is already installed, browse to the
following location and check if a folder named
jboss-web.deployer
already exists:
<path-to-your-custom-configuration>/deploy/
If it does exist, proceed with installing the agent. See Section 1.3.3, “Installing JBoss By Using the
Installer,” on page 15.
Java JRE 1.5
NOTE: The JBoss Agent
has not been tested with
the IBM* JRE.
JRE1.5 JRE 1.5
RAM 1 GB 1 GB 1 GB
Hard Disk Space 250 MB for Agent
Installation
250 MB Agent
Installation
250 MB for Agent
installation
Requirements JBoss WebSpehere WebLogic
14 Novell Access Manager 3.1 SP1 Agent Guide
novdocx (en) 13 May 2009
If it does not exist, follow the steps given below to install and configure the JBoss Web deployer
service for your JBoss server:
1Enter the following command to copy the JBoss Web deployer:
cp -R <jboss-home>/server/default <path-to-your-custom-configuration>/
deploy/
Replace <jboss-home> with the home directory of JBoss.
Replace <path-to-your-custom-configuration> with the location of the custom configuration.
2To disable the services that JBoss Web deployer service depends on, open the
<path-to-
your-custom-configuration>/deploy/jboss-web.deployer/META-INF/jboss-
service.xml
file and comment lines that are within
<depends></depends>
tags. By default,
JBoss depends on the following services:
<depends>jboss:service=TransactionManager</depends>
<depends>jboss.jca:service=CachedConnectionManager</depends>
You need to do this in order to be able to use the custom JBoss configuration.
3Open the
<path-to-your-custom-configuration>/deploy/jboss-web.deployer/
server.xml
file and delete content within
<CachedConnectionValve></
CachedConnectionValve>
tags.
4Add the required security services to the
<path-to-your-custom-configuration>/conf/
jboss-service.xml
file within the
<mbean></mbean>
tags. For example:
<mbean code="org.jboss.security.plugins.SecurityConfig"
name="jboss.security:service=SecurityConfig">
<attribute name="LoginConfig">jboss.security:service=XMLLoginConfig</
attribute>
</mbean>
<mbean code="org.jboss.security.auth.login.XMLLoginConfig"
name="jboss.security:service=XMLLoginConfig">
<attribute name="ConfigResource">login-config.xml</attribute>
</mbean>
<!-- JAAS security manager and realm mapping -->
<mbean code="org.jboss.security.plugins.JaasSecurityManagerService"
name="jboss.security:service=JaasSecurityManager">
<attribute name="ServerMode">true</attribute>
<attribute
name="SecurityManagerClassName">org.jboss.security.plugins.JaasSecurityMa
nager</attribute>
<attribute name="DefaultUnauthenticatedPrincipal">anonymous</attribute>
<attribute name="DefaultCacheTimeout">1800</attribute>
<attribute name="DefaultCacheResolution">60</attribute>
<attribute name="DeepCopySubjectMode">false</attribute>
</mbean>
5Copy the
login-config.xml
and
standardjboss.xml
files from the
<jboss- home>/
server/default/conf
location to the
<path-to-your-custom-configuration>/conf
location.
6Copy the
ejb-deployer.xml
file from the
<jboss-home>/server/default/deploy/
location to the
<path-to-your-custom-configuration>/deploy
location.
7Specify the following commands to copy the additional JAR files in sequence:
cd default/lib/
cp jboss.jar jboss-j2ee.jar jbosssx.jar servlet-api.jar
Installing the J2EE Agents 15
novdocx (en) 13 May 2009
jsp-api.jar jbossws* el-api.jar jboss-ejb3x.jar <path-to-your-custom-
configuration>/lib
8Restart the JBoss application server.
9Proceed with the installation of the JBoss Agent. For more information, see Section 1.3.3,
“Installing JBoss By Using the Installer,” on page 15.
1.3.3 Installing JBoss By Using the Installer
1Download the agent installer from Novell (http://www.novell.com/products).
2If JBoss is running, stop JBoss.
3Run the installer.
4Review the License Agreement, accept it, then click Next. The installation selection page is
displayed.
16 Novell Access Manager 3.1 SP1 Agent Guide
novdocx (en) 13 May 2009
5Select a directory to install the Novell J2EE agent components, then click Next. The Choose a
Java Virtual Machine page is displayed.
6Select a Java Virtual Machine (JVM*) to be used by the installed application.
A default JVM is displayed.
Installing the J2EE Agents 17
novdocx (en) 13 May 2009
NOTE: If you do not select a JVM here, the installer uses the java.home property value of the
Java runtime that is used to run the installer to proceed with the installation.
7(Optional) If you want to select another JVM, click Choose Another and browse to select the
JVM of your choice. Click Search for Others to get a list of available JVMs and select the one
you want to choose.
8Click Next. the Administration Server Communication page is displayed.
9Specify the following information required for server communication between the agent and
the Administration Console.
Administration Console IP Address: Specify the IP address of your Novell Access Manager
Administration Console.
Username: Specify the username of the admin user of the Novell Access Manager
Administration Console.
Password: Specify password of the admin user of the Novell Access Manager Administration
Console.
Confirm Password: Specify the password again to confirm it.
Application Server IP Address (Current Host): Review the entered address. If your server is
configured for more than one IP address, make sure you specify the IP address of the machine
from which the Novell Access Manager administration console is reachable.
10 Click Next.
11 (Conditional) If you do not have the audit server installed, the J2EE installer installs the Audit
server for you. Specify the IP address of the Novell Access Manager Administration Console as
the Audit Server IP.
18 Novell Access Manager 3.1 SP1 Agent Guide
novdocx (en) 13 May 2009
12 (Conditional) If you have the Audit server installed:
12a You are prompted to specify if you want to replace the existing audit server or use the
existing server.
12b (Conditional) If you click Yes, the Audit Server Setting page is displayed.
Select Use following Audit Server.
Installing the J2EE Agents 19
novdocx (en) 13 May 2009
12c (Conditional) If you click No, select Use following Audit Server, then specify an IP
address of the Audit server.
13 Click Next. The Select Application Server page is displayed.
14 Click OK at the Alert page.
15 Select JBoss, then click Next. The JBoss Application Server Settings page is displayed.
20 Novell Access Manager 3.1 SP1 Agent Guide
novdocx (en) 13 May 2009
16 Specify the following information:
Application Server Directory: Specify the directory where you have installed the JBoss
server.
Enter the JBoss server configuration to deploy to: Specify the name of the server
configuration folder.
17 Click Next. The JCC Dependencies page is displayed.
18 Click Install to install the dependent JCC packages.
19 Review the installation summary, then click Install to install the agent.
20 Click Done when the installation is complete.
21 When the installation completes, start JBoss.
The agent is not imported into the Administration Console until the JBoss server is running.
22 To verify the installation of the agent, see Section 1.6, “Verifying If a J2EE Agent Is Installed,”
on page 42.
1.3.4 Installing the JBoss Agent Through the Console
1Download the J2EE agent for JBoss from Novell (http://www.novell.com/products).
2Enter the following command in the command prompt to run the installer on the console:
<filename> -i console
Replace <filename> with the name of the J2EE agent installer.
3Review the License Agreement, then press
Y
to accept it.
4Specify an absolute path to install the Novell J2EE agent components, or press Enter to
continue with the default installation path.
This manual suits for next models
1
Table of contents
Other Novell Software manuals
Novell
Novell CLIENT FOR LINUX 2.0 User manual
Novell
Novell Open Enterprise Server 2 Instruction Manual
Novell
Novell ACCESS MANAGER 3.1 SP2 BETA 1 - SCENARIOS... User manual
Novell
Novell APPARMOR 2.1 - Instruction Manual
Novell
Novell IMANAGER - INSTALLATION V2.7 User manual
Novell
Novell PRODUCT NAME 10.3 - DEPLOYING ZENWORKS ON CITRIX SERVER BEST PRACTICES GUIDE... User manual
Novell
Novell EDIRECTORY 8.8 SP2 User manual
Novell
Novell ZENWORKS LINUX MANAGEMENT 7.3 IR2 - ADMINISTRATION GUIDE... Instruction Manual
Novell
Novell OPENOFFICE 2.X User manual
Novell
Novell LINUX ENTERPRISE DESKTOP 10 SP2 User manual
Novell
Novell EDIRECTORY 8.8 SP5 Instruction Manual
Novell
Novell IFOLDER 3.6 - CROSS-PLATFORM User manual
Novell
Novell LINUX ENTERPRISE SERVER 10 SP2 - VIRTUALIZATION WITH... User manual
Novell
Novell IMANAGER 2.7.3 Instruction Manual
Novell
Novell SENTINEL 6.1 SP2 - 02-2010 User manual
Novell
Novell SENTINEL LOG MANAGER 1.0.0.4 - S Instruction Manual
Novell
Novell ZENWORKS 10 CONFIGURATION MANAGEMENT SP3 - COMMAND LINE UTILITIES REFERENCE 10.3... Technical manual
Novell
Novell LINUX ENTERPRISE SERVER 10 - STORAGE ADMINISTRATION GUIDE FOR... Instruction Manual
Novell
Novell IDENTITY MANAGER ENTITLEMENTS SERVICE DRIVER 3.6.1 -... User manual
Novell
Novell IMANAGER 2.7.3 User manual
Popular Software manuals by other brands
MACROMEDIA
MACROMEDIA FLASH MEDIA SERVER 2-MANAGING FLASH MEDIA... manual
ZENEC
ZENEC ZE-NC2040 operating instructions
GRASS VALLEY
GRASS VALLEY EDIUS VERSION 5.1 User reference guide
Nortel
Nortel Observe user guide
DeLorme
DeLorme Topo North America 9.0 user guide
Texas Instruments
Texas Instruments TI-83 Plus Silver Edition Guide book
Ricoh
Ricoh SP4100N - Aficio SP B/W Laser Printer Software guide
Lowrance
Lowrance StructureMap HDS Gen 2 manual
Iridium
Iridium MODEM AND DIAL-UP /configuration Installation & configuration guide
National Instruments
National Instruments Image Acquisition Software user manual
Red Hat
Red Hat NETWORK 3.1 - PROVISIONING reference guide
Dell
Dell PowerVault Storage Area Network manual
