Steps to install Web Agent 12.52 SP1 CR11 on Red Hat Apache 2.4 on RHEL 8
search cancel

Steps to install Web Agent 12.52 SP1 CR11 on Red Hat Apache 2.4 on RHEL 8

book

Article ID: 265136

calendar_today

Updated On:

Products

SITEMINDER

Issue/Introduction

This article explains installing and configuring Web Agent 12.52 SP1 CR11 (64-bit) on Red Hat Apache 2.4.37 (64-bit) on Red Hat Enterprise Linux (RHEL) 8. 

Note: SELinux is disabled in this installation.

TOC

[I] Install the Apache module
[II] Required Linux Libraries
[II] Required Linux Libraries
[IV] Configure Apache Web Agent

Environment

Web Agent 12.52SP1CR11 64bit on Red Hat Apache 2.4.37 64bit on Red Hat Enterprise Linux 8.7

Resolution

Here are the steps to install a Web Agent 12.52SP1CR11 64bit on Red Hat Apache 2.4.37-51 from Red Hat 8.

Installing these files on Red Hat.

  ca-wa-12.52-sp01-cr11-linux-x86-64.bin

on

  httpd-2.4.37-51.module+el8.7.0+18499+2e106f0b.5.x86_64

 

[I] Install the Apache module. In this case, yum is used. (You may use dnf if you prefer.)

$ sudo yum provides httpd
. . . . .

httpd-2.4.37-51.module+el8.7.0+18499+2e106f0b.5.x86_64 : Apache HTTP Server
Repo        : rhel-8-for-x86_64-appstream-rpms
Matched from:
Provide    : httpd = 2.4.37-51.module+el8.7.0+18499+2e106f0b.5


$ sudo yum install -y httpd-2.4.37-51.module+el8.7.0+18499+2e106f0b.5.x86_64
. . . . .

Installed:
  apr-1.6.3-12.el8.x86_64                                             apr-util-1.6.1-6.el8.x86_64
  apr-util-bdb-1.6.1-6.el8.x86_64                                     apr-util-openssl-1.6.1-6.el8.x86_64
  httpd-2.4.37-51.module+el8.7.0+18499+2e106f0b.5.x86_64              httpd-filesystem-2.4.37-51.module+el8.7.0+18499+2e106f0b.5.noarch
  httpd-tools-2.4.37-51.module+el8.7.0+18499+2e106f0b.5.x86_64        mailcap-2.1.48-3.el8.noarch
  mod_http2-1.15.7-5.module+el8.7.0+18499+2e106f0b.4.x86_64           redhat-logos-httpd-84.5-1.el8.noarch

Complete!

Apache will be installed by default here :

  /etc/httpd/

Specify ServerName in httpd.conf to edit /etc/httpd/conf/httpd.conf
Add a directive below for example.

    ServerName myrhel8.example.com:80

Test that the Apache server runs fine

  # systemctl start httpd
  # ps auxww | grep httpd
root        2908  0.0  0.4 313592  8904 ?        Ss   Apr27   0:01 /usr/sbin/httpd -DFOREGROUND
apache      2924  0.0  0.3 329604  5608 ?        S    Apr27   0:00 /usr/sbin/httpd -DFOREGROUND
[...]

Access the web server. Example:

http://myrhel8.example.com/

 

[II] Required Linux Libraries

Document: Apache-based Server Preparations for Linux

The following list describes the commands for installing the required libraries on Red Hat 8.x. run the commands as root :

  # yum install -y libstdc++.i686
  # yum install libXext.so.6
  # yum install libXrender.so.1
  # yum install libXrender.x86_64
  # yum install -y libXtst.i686

 

[III] Install Web Agent on RHEL 8

Document: How to Install Apache-based Agents on UNIX or Linux

Then run the Web Agent installer as root :

  # ./ca-wa-12.52-sp01-cr11-linux-x86-64.bin -i console

Pre-Installation Summary
------------------------

Please Review the Following Before Continuing:

Product Name:
    SiteMinder Web Agent

Install Folder:
    /opt/CA/webagent

Disk Space Information (for Installation Target):
    Required:     662,755,958 Bytes
    Available: 98,597,408,768 Bytes

Congratulations. SiteMinder Web Agent has been successfully installed to:

/opt/CA/webagent


To configure the Web Agent, run the command

  # /opt/CA/webagent/install_config_info/ca-wa-config.bin

Run the configurator that way. Here are the excerpts of the CONSOLE Mode Installation:

  # source /opt/CA/webagent/ca_wa_env.sh
  # /opt/CA/webagent/install_config_info/ca-wa-config.bin -i console

===============================================================================
Host Registration
-----------------
Select '1' to register this Agent with the Policy Server.
Select '2' to register later.
Note:  You cannot select choice 1 and 2 at the same time.
  ->1- Yes, I would like to do Host Registration now.
    2- No, I would like to do Host Registration later.

ENTER A COMMA-SEPARATED LIST OF NUMBERS REPRESENTING THE DESIRED CHOICES, OR
   PRESS <ENTER> TO ACCEPT THE DEFAULT: 1

===============================================================================
Admin Registration
------------------
Enter the password of an administrator who has the right to register trusted
   hosts with the Policy Server. This entry must match the name of an
   administrator defined in the Policy Server.:

===============================================================================
Admin Registration
------------------
Enter the name of an administrator who has the right to register trusted hosts
with the Policy Server.
This entry must match the name of an administrator defined in the Policy
Server.

Admin User Name (Default: Based On Locale): siteminder
Enable Shared Secret Rollover (y/n) (Default: Based On Locale): n
Allow Trusted Host Overwrite  (y/n) (Default: Based On Locale): y

===============================================================================
Trusted Host Name and Configuration Object
------------------------------------------
Specify the name of the host you want to register with the Policy Server.
Enter the name of the host configuration object.  The name must match a host
configuration object name already defined on the Policy Server.

Trusted Host Name (Default: Based On Locale): apahce24-rhel8
Host Configuration Object (Default: Based On Locale): myHCO
Enable Dynamic HCO Configuration (y/n) : n

===============================================================================
Policy Server IP Address
------------------------
Enter the IP Address of the Policy Server where you are registering this host.
  Multiple IP addresses must separate by comma.  The IP address should be in
the form <server_address:port>, where the port represents a Policy Server
behind the firewall.
[...]
NOTE:  Include the port number in the IP address only if your Policy Server is
behind a firewall.

Policy Server IP Address : ##.##.##.##

===============================================================================
FIPS Mode Setting
-----------------
The use of FIPS-compliant algorithms is optional.If your organization does not
require the use of FIPS-compliant algorithms, leave FIPS Compatibility Mode
selected.If they are required, select either FIPS Migration Mode or FIPS Only
Mode. For more information about selecting the appropriate mode, see the Web
Agent Installation Guide.

  ->1- FIPS Compatibility Mode
    2- FIPS Migration Mode
    3- FIPS Only Mode

ENTER THE NUMBER FOR YOUR CHOICE, OR PRESS <ENTER> TO ACCEPT THE DEFAULT: 1

===============================================================================
Host Configuration file location
--------------------------------
Enter a file name and location to store Host Configuration information or
accept the default location /opt/CA/webagent/config and filename SmHost.conf.

Enter file name (Default: SmHost.conf):
Enter location (Default: /opt/CA/webagent/config):


===============================================================================
Select Web Server(s)
--------------------

Select which Web Server(s) you want to configure as a Web Agent.
You will have to enter a path for each selected web server.
Note:   If you have an Apache-based Web server, please select the Apache Web
Server option.

    1- Apache Web Server
    2- Domino Web Server
  ->3- iPlanet or Sun ONE Web Server

ENTER A COMMA-SEPARATED LIST OF NUMBERS REPRESENTING THE DESIRED CHOICES, OR
   PRESS <ENTER> TO ACCEPT THE DEFAULT: 1

===============================================================================
Apache Web Server path
----------------------
Enter the root path of where Apache Web server installed.
Please enter path : /etc/httpd

===============================================================================
Apache Version
--------------
Please select a choice for the Apache version.
    1- Apache version 1.x
    2- Apache version 2.x
    3- Apache version 2.2.x
    4- Apache version 2.4.x
ENTER THE NUMBER OF THE DESIRED CHOICE: 4

===============================================================================
Apache Server Type
------------------
Please select one of the following appropriately match your previous selection
    1- Oracle HTTP Server
    2- IBM HTTP Server
    3- HP Apache
    4- ASF/RedHat Apache
    5- RedHat JWS HTTP Server
ENTER THE NUMBER OF THE DESIRED CHOICE: 4

===============================================================================
Select Web Server(s)
--------------------
    1- [] Apache 2.4.37

Select the web server(s) you wish to preserve or configure/reconfigure as
   Web Agent(s). Enter a comma-separated list of numbers representing the
   desired choices. Already configured web servers are marked as [x] in the
   above list, you can un-configure or skip these web servers in next steps by
   not listing them in comma-separated list here.: 1

===============================================================================
Agent Configuration Object
--------------------------
Enter the name of an Agent Configuration Object that defines the configuration
parameters which the Web Agent will use for Apache 2.4.37.

Agent Configuration Object (Default: AgentObj): Apache24_ACO

===============================================================================
SSL Authentication
------------------
The following SSL configurations are available for this web server.  If the
Web Agent will be providing advanced authentication, select which
configuration it will use to configure Apache 2.4.37.
  ->1- HTTP Basic over SSL
    2- X509 Client Certificate
    3- X509 Client Certificate and HTTP Basic
    4- X509 Client Certificate or HTTP Basic
    5- X509 Client Certificate or Form
    6- X509 Client Certificate and Form
    7- No advanced authentication

ENTER THE NUMBER FOR YOUR CHOICE, OR PRESS <ENTER> TO ACCEPT THE DEFAULT: 7

===============================================================================
Webagent Enable option
----------------------
Please select Yes to Enable the WebAgent
    1- Yes
  ->2- No

ENTER THE NUMBER FOR YOUR CHOICE, OR PRESS <ENTER> TO ACCEPT THE DEFAULT: 1

===============================================================================
Web Server Configuration Summary
--------------------------------
Please confirm the configuration selection.  Accept the configuration and
press 'Enter' to continue.  To change one or more settings, select 'Previous'.
Select 'Cancel' will exit the configuration.

Configure the following webserver(s):
Apache Server:
Apache 2.4.37
Agent Configuration Object: Apache24_ACO
SSL Authentication type: No advanced authentication

IS WebAgent Enabled:  YES

 

[IV] Configure Apache Web Agent

Document: How to Configure Apache-based Agents on UNIX or Linux

1. Stop Apache server.

# systemctl stop httpd

2. Ensure you sourced ca_wa_env.sh. Run the command to create an 'httpd' file under /etc/sysconfig.

# env | sort| egrep 'NETE_|CAPKIHOME|LD_LIBRARY_PATH|^PATH='
CAPKIHOME=/opt/CA/webagent/CAPKI
LD_LIBRARY_PATH=/opt/CA/webagent/bin:/opt/CA/webagent/bin/thirdparty:
NETE_WA_PATH=/opt/CA/webagent/bin
NETE_WA_ROOT=/opt/CA/webagent
PATH=/opt/CA/webagent/bin:/sbin:/bin:/usr/sbin:/usr/bin

Add these lines of the command result to the file /etc/sysconfig/httpd.

3. Execute the chmod 777 command for the httpd file.

# chmod 777 /etc/sysconfig/httpd

4. Execute the following commands to edit the /usr/lib/systemd/system/httpd.service file:

# systemctl cat httpd.service 
# systemctl edit httpd.service 

Add the following entry in the httpd.service file:

[Service] 
EnvironmentFile=/etc/sysconfig/httpd 

Example of the addition:

    [root@myrhel8 ~]# systemctl cat httpd.service
    # /usr/lib/systemd/system/httpd.service
    # See httpd.service(8) for more information on using the httpd service.

    # Modifying this file in-place is not recommended, because changes
    # will be overwritten during package upgrades.  To customize the
    # behaviour, run "systemctl edit httpd" to create an override unit.

    # For example, to pass additional options (such as -D definitions) to
    # the httpd binary at startup, create an override unit (as is done by
    # systemctl edit) and enter the following:

    #       [Service]
    #       Environment=OPTIONS=-DMY_DEFINE

    [Unit]
    Description=The Apache HTTP Server
    Wants=httpd-init.service
    After=network.target remote-fs.target nss-lookup.target httpd-init.service
    Documentation=man:httpd.service(8)

    [Service]
    Type=notify
    Environment=LANG=C

    ExecStart=/usr/sbin/httpd $OPTIONS -DFOREGROUND
    ExecReload=/usr/sbin/httpd $OPTIONS -k graceful
    # Send SIGWINCH for graceful stop
    KillSignal=SIGWINCH
    KillMode=mixed
    PrivateTmp=true

    [Install]
    WantedBy=multi-user.target

    # /etc/systemd/system/httpd.service.d/override.conf
    [Service]
    EnvironmentFile=/etc/sysconfig/httpd

6. Red Hat Apache runs by the 'apache' user. 

# chmod 666 /opt/CA/webagent/config/SmHost.conf
# chmod 777 /opt/CA/webagent/log

7. Start Apache server with the Web Agent :

# systemctl start httpd

# ps auxww | grep httpd
root        9549  0.7  0.9 313592 16760 ?        Ss   02:59   0:00 /usr/sbin/httpd -DFOREGROUND
apache      9551  0.1  1.3 328496 24608 ?        Ssl  02:59   0:00 LLAWP /etc/httpd/conf/WebAgent.conf -APACHE24
apache      9568  0.0  0.5 329604 10348 ?        S    02:59   0:00 /usr/sbin/httpd -DFOREGROUND
[...]


8. Access the web server. Example:

http://myrhel8.example.com/

 

Additional Information

For Apache 2.4 RHEL 7.5, see the Article ID: 19703.

- Steps to install Web Agent 12.52SP1CR07 on Apache 2.4.x Redhat 7.5

Documentation:

Apache-based Server Preparations for Linux

How to Install Apache-based Agents on UNIX or Linux

How to Configure Apache-based Agents on UNIX or Linux

 

Powered by Wolken Software