SmWebAdmin Environment Setup

TABLE OF CONTENTS

1 Overview
    1. 1 Scope
2 SiteMinder® SDK Environment
3 Servlet Container Environment Setup
    3.1 Tomcat 5.x Server setup
4 Apache Web Server 2.0.5x
    4.1 Apache Tomcat connector setup
5 Purpose of SiteMinder Web Agent (optional)

1 Overview

The SiteMinder® web admin is a Java web application written based on frameworks such as Struts, DWR (Ajax) and SiteMinder SDK. Original development environment is on Apache Jakarta’s Tomcat 4.x & 5.x Server and using SiteMinder® Policy Server 6.x SP3.

1. 1 Scope

This paper will document the setup of the web application and servlet container. Setup of the environment requires the following softwares :

• SiteMinder® Policy Server 6 SP3 (Any platform will do)
• Apache Jakarta Tomcat 4.x or 5.x (windows)
• Apache Http Server 2.0.55 (Windows)
• SiteMinder® SDK Version 6.x SP3
• Java SDK 1.4.x or 1.5.x

2 SiteMinder® SDK Environment

Install SiteMinder SDK with default options.

• Example default Siteminder SDK Location: c:\program files\Netegrity\SDK

• Java SDK Samples: <SDK HOME>\samples\java*

• Jar locations: <SDK HOME>\java\

smjavaagentapi.jar - to connect to policy server using agent API
smjavasdk2.jar - policy management API

• Native Libraries: <SDK HOME>\bin\

3 Servlet Container Environment Setup
SmWebAdmin is a generic java web application. It could run on any servlet containers and java application servers that supports j2ee standards.

3.1 Tomcat 5.x Server setup

Do a standard install of Tomcat 5.x.
PLEASE TAKE NOTE that version 5.x by default uses JDK 1.5.x ONLY.
Configure the tomcat start options in the tomcat configuration manager as show below to include this Java option
-Djava.library.path=<SDK HOME>\bin (or respective SDK directory)

This is needed in order for the SiteMinder SDK to be able to call the native libraries via JNI.
Copy SiteMinder SDK libraries
From your SiteMinder SDK jar location folder, copy the 2 jar library files to Tomcat’s shared library folder at \shared\lib. This would make the libraries accessible to any web application without locking the native dll.

Server.xml Configuration
Under /conf/, there is a server configuration file called server.xml .
Below are the settings needed for AJP (apache connector) and HTTP listener (tomcat as standalone web server). Configuration below will listen to port 8081 for HTTP requests, port 8009 for AJP13 requests.





port="8081"
maxHttpHeaderSize="8192"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" redirectPort="8443" acceptCount="100"
connectionTimeout="20000" disableUploadTimeout="true" URIEncoding="UTF-8"/>

port="8009"
enableLookups="false" redirectPort="8443" protocol="AJP/1.3" URIEncoding="UTF-8"/>

Tomcat Server web-based manager

You can start deploying the smwebadmin WAR file at the admin here or start and stop web applications
URL : http://server.domain.com/manager/html
Admin Credentials : As you have entered during setup

Deploying

There are 2 ways to deploy the web app.
1. Place the web application directory under /webapps/ and start the server.
2. Upload the WAR file using Tomcat Web Manager.

4 Apache Web Server 2.0.5x

You can do a standard apache web server install OR You can choose to use existing apache server.

4.1 Apache Tomcat connector setup

We will use the mod_jk recommended on tomcat web site. You can download latest binary from here. The file name looks like this mod_jk-apache-2.0.55.so .
URL : http://www.apache.org/dist/tomcat/tomcat-connectors/jk/binaries/
Version used in this test : JK 1.2.15

• Download and place this under your apache/modules directory
• Modify your httpd.conf to point to mod_jk.conf
• Create/edit your mod_jk.conf file
• Create/edit your workers.properties file
• You are ready to test!

The configuration below will setup the connector to forward all request for /smwebadmin/ to tomcat.
Httpd.conf entry
Include conf/mod_jk.conf (I enter this at the very bottom of the file)

Mod_jk.conf
####################################################
JkWorkersFile C:/web/Apache2/conf/workers.properties
JkLogFile C:/web/Apache2/logs/new_jk.log
JkLogLevel info

JkMount /smwebadmin worker1
JkMount /smwebadmin/* worker1

Workers.properties
worker.list=worker1
worker.worker1.port=8009
worker.worker1.host=127.0.0.1
worker.worker1.type=ajp13


5 Purpose of SiteMinder Web Agent (optional)
The SiteMinder Web Agent is not essential for the web application to work. However, if you would like to login to the Policy Server using the web agent’s WebAgent.conf and SmHost.conf files, you would need it.
The standard procedure is to install the Web Agent and run the configuration wizard which will then register the machine as a trusted host.
This step however CAN be avoided by copying the configuration files (WebAgent.conf and SmHost.conf) from other agents that is already setup on other machines.
Note: You cannot use UNIX configuration files on windows or windows configuration files on UNIX.