Problem:
The Application server agent bookshelf details the steps required to configured ASA agent on the Weblogic Admin Server but doesn't have information on how to do this configuration on the managed server.
The ASA agent need to be installed and also configured on the managed server if you want to protect resources deployed on the managed server with the SiteMinder ASA agent.
Pre-requisite for this guide:
1. You have already installed and configured ASA agent on the Admin Server
2. You have already configured SiteMinder security providers for the Weblogic default security realm which is at the Weblogic domain level.
3. You have already configured required domain/realm/rules and policies on the SiteMinder Administrative UI.
4. You have already setup managed server on another machine (different from Admin server ) and can start the managed server remotely from the Admin Server or directly from the managed server using (startManagedWebLogic.sh or startManagedWebLogic.cmd) file.
Instructions:
Following steps will guide you through the steps required to configure ASA agent on the Weblogic Managed Server:
1, Install SiteMinder agent for weblogic
Install the SiteMinder Agent - CA
2. Register trusted host
Register a Trusted Host Using the Registration Tool - CA
3. Set up the Agent Configuration file
Set Up the Agent Configuration File (WebAgent.conf) - CA
4. Post Installation Steps
4.1 Set the WebLogic Environment for SiteMinder (Admin Console)
If you are starting the managed server remotely from the Admin Console (recommended way) please follow below steps:
a. Login to the Admin Console
b. Click the domain==>Environment==>Servers
c. Click the managed servers that you want to configure
d. Once the manged server details is shown, click on the "Server Start" tab and configure following :
Add the following SiteMinder Agent files and directories to the CLASSPATH variable:
- ASA_HOME\conf
- ASA_HOME\lib\smagentapi.jar
- ASA_HOME\lib\smjavasdk2.jar
- ASA_HOME\lib\sm_cryptoj.jar
- ASA_HOME\lib\smclientclasses.jar
Also, set the following JAVA Options in the "Arguments" field:
-Dsmasa.home=ASA_HOME
Where ASA_HOME = The installed location of the SiteMinder Agent.
(please note the above samples are for windows, for unix , please follow the unix standards for using the path separator etc)
4.2 (Optional) Set the WebLogic Environment for SiteMinder (Managed server startup script)
If you are starting up the managed server directly from the managed server box using the Node Manager and running startManagedWebLogic.sh or startManagedWebLogic.cmd file,
please follow below steps :
Modify startWebLogic.cmd on Windows; startWebLogic.sh on UNIX for the managed server following the guide in the ASA bookshelf :
Set the WebLogic Environment for the SiteMinder Agent - CA
Stop managed server and start using the startManagedWebLogic.sh or startManagedWebLogic.cmd file as below :
startManagedWebLogic.cmd <MANAGED_SERVER_NAME> <ADMIN_URL>
(Please note, startManagedWebLogic script internally calls startWebLogic script so when the managed server starts up , the ASA related class path and java options will be set properly)
5. Review the ASA logs and ensure the agent is initialized with no error (you will need to configure logging if not already configured : Configure SiteMinder Agent Log Files - CA )
sample working logs :
SiteMinder Agent Provider log:
SiteMinder Agent connection log:
Note : If you are installing both Admin Server and Managed server on the same physical machine, then you don't need to have a separate ASA agent instillation for the managed server.