5.2 Prerequisites to Installation

Before you install the Identity Manager User Application, verify that the following requirements are met:

Table 5-1 Installation Prerequisites

Environment Requirements

Description

Java* Development Kit

On JBoss Application Servers, download and install the following Sun JDK: Java 2 Platform Standard Edition Development Kit 5.0. Use JRE version 1.5.0_10. Do not use the IBM JDK that comes with SLES.

On WebSphere* Application Servers, use the IBM JDK that comes with WebSphere Application Server 6.1.0.9 and apply the unrestricted policy files. Apply the WAS JDK fixpack for 6.1.0.9.

Set the JAVA_HOME environment variable to point to the JDK* to use with the User Application. Or, manually specify the path during the User Application install to override JAVA_HOME.

  • At the Linux or Solaris command prompt, enter echo $JAVA_HOME. To create or change JAVA_HOME, create or edit ~/.profile (in SUSE Linux):

    # Java Home

    export JAVA_HOME=/usr/java/jdk1.5.0_10

    #JRE HOME

    export JRE_HOME=$JAVA_HOME/jre

  • In Windows, see Control Panel > System > Advanced > Environment Variables > System Variables.

JBoss Application Server

If you are using JBoss*, download and install the JBoss 4.2.0 Application Server. (Start this server after you install the User Application. See Section 5.10, Post-Install Tasks).

RAM. The minimum recommended RAM for the JBoss application server when running the User Application is 512 MB.

Port. Make a note of the port that your application server uses. (The default for the application server is 8080. )

SSL. If you plan to use external password management, enable SSL in the JBoss servers on which you deploy the User Application and the IDMPwdMgt.war file. See your JBoss documentation for directions. Also, make sure the SSL port is open on your firewall. For more information on the IDMPwdMgt.war file, see Section 5.10.4, Accessing the External Password WAR and also see the IDM 3.5.1 User Application: Administration Guide.

WebSphere Application Server

If you are using WebSphere*, download and install the WebSphere 6.1.0.9 Application Server. Apply the WAS JDK fixpack for 6.1.0.9.

Enable iChain Logout

Enable ICS Logout in the Identity Manager User Application by turning on the Cookie Forward option in Novell Access Manager™ or iChain®.

Database

Install your database and database driver and create a database or a database instance. Note the host and port; you will use it in Section 5.6.7, Specifying the Database Host and Port. Note the database name, username, and user password; you will use it in Section 5.6.8, Specifying the Database Name and Privileged User.

A datasource file must point to the database. This is handled differently according to your application server. For JBoss, the User Application install program creates an application server datasource file pointing to the database and names the file based on the User Application WAR file. For WebSphere, configure the datasource manually prior to the install.

Databases must be enabled for UTF-8.

Whether you install MySQL* through the IDM User Application utility or install MySQL on your own, read Section 5.2.3, Configuring Your MySQL Database.

NOTE:If you plan to migrate a database, start that database before you select the migration option in the installation program. If you are not migrating a database, the database does not need to be running during installation of the User Application. Just start it before you start the application server.

If installing IDM 3.5.1 User Application on Linux or Solaris

The default install location is /opt/novell/idm. You can select another default installation directory during the installation procedure. Make sure the directory exists and is writable by a non-root user.

If installing IDM 3.5.1 User Application on Windows

Install directory. The default install location is C:\Novell\IDM. Make sure this directory exists and is writable. You can select another default installation directory during the installation procedure.

Identity Manager 3.5.1

The Identity Manager 3.5.1 metadirectory server must be installed before you can create a User Application driver and install the User Application.

User Application driver

The User Application driver must already exist (but not be turned on) before you install the User Application.

Identity Vault access

The User Application requires a user with administrator access to the context where the User Application users will reside.

IDM User Application storage

The computer where you install the User Application must have at least 320 MB of storage available.

After you verify all prerequisites, follow the installation instructions in the following sections:

5.2.1 Installing the JBoss Application Server and the MySQL Database

Use the JbossMysql utility to install a JBoss Application Server and MySQL on your system.

This utility does not install the JBoss Application Server as a Windows service. To install the JBoss Application Server as a service on a Windows system, see Section 5.2.2, Installing the JBoss Application Server as a Service.

  1. Locate and execute JbossMysql.bin or JbossMysql.exe. You can find this utility bundled with the User Application installer in

    • /linux/user_application (for Linux)
    • /nt/user_application (for Windows)

    The utility is not available for Solaris.

  2. Select your locale.

  3. Read the introductory page, then click Next.

    JbossMysql introductory information
  4. Select the products you want to install, then click Next.

    Selecting products to install
  5. Click Choose to select the base folder in which to install the selected products, then click Next.

    Selecting a base folder
  6. Specify a name for your database. The User Application installation requires this name.

  7. Specify the database root user password.

    Specifying the root user password
  8. Click Next.

  9. Review your specifications in the Pre-Installation Summary, then click Install.

    Pre-installation summary page

    The utility displays a successful-completion message after it installs the products that you selected. If you installed the MySQL database, continue to Section 5.2.3, Configuring Your MySQL Database.

5.2.2 Installing the JBoss Application Server as a Service

To run the JBoss Application Server as a service, use a Java Service Wrapper or a third-party utility. See directions from JBoss at http://wiki.jboss.org/wiki/Wiki.jsp?page=RunJBossAsAServiceOnWindows.

Using a Java Service Wrapper

You can use a Java Service Wrapper to install, start, and stop the JBoss Application Server as a Windows service or Linux or UNIX daemon process. Please check the Internet for available utilities and download sites.

One such wrapper is at http://wrapper.tanukisoftware.org/doc/english/integrate-simple-win.html: manage it by JMX (see http://wrapper.tanukisoftware.org/doc/english/jmx.html#jboss). Some sample configuration files include:

  • wrapper.conf :
  • wrapper.java.command=%JAVA_HOME%/bin/java
  • wrapper.java.mainclass=org.tanukisoftware.wrapper.WrapperSimpleApp
  • wrapper.java.classpath.1=%JBOSS_HOME%/server/default/lib/wrapper.jar
  • wrapper.java.classpath.2=%JAVA_HOME%/lib/tools.jar wrapper.java.classpath.3=./run.jar
  • wrapper.java.library.path.1=%JBOSS_HOME%/server/default/lib wrapper.java.additional.1=-server wrapper.app.parameter.1=org.jboss.Main wrapper.logfile=%JBOSS_HOME%/server/default/log/wrapper.log wrapper.ntservice.name=JBoss wrapper.ntservice.displayname=JBoss Server

WARNING:You must set your JBOSS_HOME environment variable correctly. The wrapper does not set this for itself.

java-service-wrapper-service.xml : <Xxml version="1.0" encoding="UTF-8"?><!DOCTYPE server><server> <mbean code="org.tanukisoftware.wrapper.jmx.WrapperManager" name="JavaServiceWrapper:service=WrapperManager"/> <mbean code="org.tanukisoftware.wrapper.jmx.WrapperManagerTesting" name="JavaServiceWrapper:service=WrapperManagerTesting"/></server

Using a Third-Party Utility

For previous versions, you could use a third-party utility such as JavaService to install, start, and stop the JBoss Application Server as a Windows service.

WARNING:JBoss no longer recommends using JavaService. For details, see http://wiki.jboss.org/wiki/Wiki.jsp?page=JavaService.

5.2.3 Configuring Your MySQL Database

Your MySQL configuration settings must be set so that MySQL and Identity Manager 3.5.1 work together. If you install MySQL yourself, you must set the settings yourself. If you install MySQL using the JbossMysql utility, the utility sets the correct values for you, but you need to know the values to maintain for the following:

Character Set

Specify UTF8 as the character set for the whole server or just for a database. Specify UTF8 on a server-wide basis by including the following option in my.cnf (Linux or Solaris) or my.ini (Windows):

character-set-server=utf8 or,

Specify the character set for a database at database creation time, using the following command:

create database databasename character set utf8 collate utf8_bin;

If you set the character set for the database, you must also specify the character set in the JDBC URL in the IDM-ds.xml file, as in:

<connection-url>jdbc:mysql://localhost:3306/databasename?useUnicode=true&amp;characterEncoding

INNODB Storage Engine and Table Types

The User Application uses the INNODB storage engine, which enables you to choose INNODB table types for MySQL. If you create a MySQL table without specifying its table type, the table receives the MyISAM table type by default. If you choose to install MySQL from the Identity Manager installation procedure, the MySQL issued with that procedure comes with the INNODB table type specified. To ensure that your MySQL server is using INNODB, verify that my.cnf (Linux or Solaris) or my.ini (Windows) contains the following option:

default-table-type=innodb

It should not contain the skip-innodb option.

Case Sensitivity

Ensure that case sensitivity is consistent across servers or platforms if you plan to back up and restore data across servers or platforms. To ensure consistency, specify the same value (either 0 or 1) for lower_case_table_names in all your my.cnf (Linux or Solaris) or my.ini (Windows) files, instead of accepting the default (Windows defaults to 0 and Linux defaults to 1.) Specify this value before you create the database to hold the Identity Manager tables. For example, you would specify

lower_case_table_names=1

in the my.cnf and my.ini files for all platforms on which you plan to back up and restore a database.