Before You Begin
Before you begin to deploy the RSA Access Manager Administrative Console make sure that:
• LDAP directory host or SQL database host is running.
• The Access Manager Server components are installed.
• Access Manager License file is in place.
• Access Manager Data Adapters are installed.
• Communication between Access Manager Servers and data hosts is tested.
1. Deploy the Administrative Console WAR file in your application server administration environment.
To deploy the WAR file on Apache Tomcat, please follow the below steps:
1. From AXM_HOME/webapps, copy axm-admin-gui-6.x.x.war to the webapps directory in your Tomcat installation.
2. Restart the Tomcat application server. This step deploys the WAR file into a folder named webapps/axm-admin-gui-6.x.x.
3. From AXM_HOME/webapps, copy admingui.cfg to a directory on the application server host. RSA recommends that you copy the admingui.cfg file outside of the deployment directory.
For example: C:\Program Files\configuration_files\
4. From the webapps/axm-admin-gui-6.x.x/WEB-INF directory of your Tomcat installation, open web.xml. Make the following change to the param-value contents:
<context-param>
<param-name>webgui.config.directory</param-name>
<param-value>admingui.cfg_location</param-value>
</context-param>
where admingui.cfg_location is the path and name of the directory where you placed admingui.cfg in step 3.
For example: C:\\Program Files\\configuration_files\\.
Note: Use only double backward slash (\\) characters when entering the location.
5. For SSL only. If you plan to use SSL connections to the browser, add the following entry to context-param contents in web.xml.
If you are using a different port for HTTP and HTTPS, make sure that you enter it correctly. Otherwise, proceed to the next step.
<context-param>
<param-name>http_port</param-name>
<param-value>8080</param-value>
</context-param>
<context-param>
<param-name>https_port</param-name>
<param-value>8443</param-value>
</context-param>
6. For 8-bit character support only. If you require support for 8-bit characters (such as Å), add the following entry to web.xml. Otherwise, proceed to the next step.
Note: The following lines must be added right after the <context-param> parameter and before the <session-config> parameter. This filter enables the support for non-ASCII characters in the Administrative Console.
<filter>
<filter-name>i18nFilter</filter-name>
<filter-class>sirrus.admingui.I18NFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>i18nFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
7. Save web.xml, and restart your Tomcat server.
2. Configure Administrative Console
The Administrative Console requires the admingui.cfg file, which contains connection information for the Entitlements Server host and other important parameters. Each parameter in this file contains comments that explain how to set the value.
To configure RSA Administrative Console:
1. Open the admingui.cfg file from the location where you saved it in the deployment process.
2. Edit the host connection parameter, entering the hostname where the Entitlements Server resides,
for example, host=server1.company.com.
If the Entitlements Server is installed on the same host as the Administrative Console, you can accept the default value of localhost.
3. Edit other parameters, as desired.
4. AD-Users only. Uncomment the parameter disableuserextensions.
Set this to true only if you plan to add the auxiliary user classes. If you do not plan to use auxiliary user classes, leave this parameter set to true.
5. Save admingui.cfg, and restart your application server.
Configure Anonymous SSL
The Administrative Console supports secure connections with anonymous SSL between:
• The Administrative Console and the browser
• The Administrative Console and the Entitlements Server
You can configure anonymous SSL by setting the appropriate parameters in admingui.cfg.
Enable an Anonymous SSL Connection Between the Administrative Console and Browser
To enable an anonymous SSL connection between the Administrative Console and browser:
Set the browser.use.ssl parameter to on.
Enable an Anonymous SSL Connection Between the Administrative Console and Entitlements Server
To enable an anonymous SSL connection between the Administrative Console and Entitlements Server: 1. Accept the default value, anon, of the ssl.mode parameter. For example: cleartrust.admingui.admin_api.use_ssl=anon
2. Make sure that this setting matches the cleartrust.eserver.api_port.use_ssl setting in the Entitlements Server configuration file (eserver.conf). If you change one to clear, you must change the other. By default, both of these parameters are set to anon.
3. Start Administrative Console
After completing the installation procedures:
1. Restart your Dispatcher/Key Server and Entitlements Server.
2. Start RSA Administrative Console using one of the supported browsers.
3. Point the browser to the Administrative Console Application URL on the appropriate host and port.
For a standard deployment using default values, the URL is:
• http://server1:8080/axm-admin-gui-6.2.2 for Apache Tomcat
• http://server1:7001/axm-admin-gui-6.2.2 for WebLogic
• http://server1:9080/axm-admin-gui-6.2.2 for WebSphere
References : RSA Access Manager Servers Installation and Configuration Guide
No comments:
Post a Comment