2 Extraction of EAR file
2.1 Extracting the ear file for first time
Copy the Identity Manager Installation "im-12.0-cr007-aix.zip" on AIX machine
Unzip the installation at your desired location using unzip
<Please see attached file for image>
Make sure that you can have access to installer GUI, use export command if required
Note: By default the installer uses /tmp as temporary directory of installation. It needs 791806 kb free space in /tmp. If /tmp does not have enough space it will attempt to use the users home directory. If you want to change this location you can use variable IATEMPDIR explicitly to set this
<Please see attached file for image>
The installer will launch
<Please see attached file for image>
In the next screen scroll all the way down the license agreement to enable the accept option
<Please see attached file for image>
<Please see attached file for image>
In the component selection screen just select Identity Manager Server and hit next
<Please see attached file for image>
Enter the path where you want installer to extract ear file
<Please see attached file for image>
Hit next for the below screen
<Please see attached file for image>
Keep the checkbox in next screen unchecked
<Please see attached file for image>
In next screen check the option Generate Ear file only. Do not change any other field and hit next.
<Please see attached file for image>
In the final verification screen hit install to begin the installation
<Please see attached file for image>
The installation begins.
<Please see attached file for image>
Hit done after the installation completes to exit the installer.
<Please see attached file for image>
Note: During this installation in final screen you may get "but some errors occurred during installation" message. This can be safely ignored.
Verify that you have two ear files created under your install location. Assuming your install location is /WASdata/identitymanager, verify the following files are created
/WASdata/identitymanager/IAM_Suite/Websphere_ear/WAS_IMr12.ear/WASdata/identitymanager/IAM_Suite/Websphere_ear/WAS_caStyles.earIf you have above two files created, the extraction of ear file is complete.
2.2 Quick Reference of file changes in ear
After the ear has been extracted from the product installer once and it is modified and deployed in dev, in successive environments(Staging and Production), the following files only need to be modified
Sr. No. File Name Location in Ear/War Notes 1 ra.xml IdentityMinder.ear/policyserver.rar/META-INF Needs to be modified for policy server connection for test, staging and prod each. 2 web.xml IdentityMinder.ear/ user_console.war/WEB-INF Need this to modify only once in test, need not modify for staging and prod as value will be same in each environment 3 ra.xml IdentityMinder.ear/workflow.rar/META-INF Needs to be modified for workflow for test, staging and prod each. 4 workpoint-client.properties IdentityMinder.ear/config Needs to be modified for workflow for test, staging and prod each. 5 tews_iam.properties selfservice.war/WEB-INF Needs to be modified for self service URL's for test, staging and prod each. 6 hibernate.cfg.xml selfservice.war/WEB-INF/classes Needs to be modified for self service database connection for test, staging and prod each.
3 Creation of Websphere resources
The resources include the following:
Please note that the creation of each of the JMS resources is done at server level.
3.1 Configuration of Service Integration Bus
3.1.1 Create the Service Integration Bus
Go to Service Integration>Buses. Click on New. Enter IMSBus. Click on Finish.
You should see the following display.
<Please see attached file for image>
3.1.2 Add the server as a bus member.
Go to Service Integration>Buses. Click on IMSBus. Click on Bus Members.
Click on Add. Choose the server option. Click on Next.
Choose File Store for the message store.
Click Next to display message store properties.
Click Next to confirm the addition of the bus member.
Click Finish.
Go to Service Integration>Buses. Click on IMSBus. Click on Bus Members.
You should see the following display.
<Please see attached file for image>
3.1.3 Create the destinations for the bus.
Go to Service Integration>Buses. Click on IMSBus. Click on Destinations. Select Queue.
Enter IMSEvents.
Click on Next to display the assignment of the queue to a bus member.
Click on Next to display the Configuration screen. Click on Finish.
Repeat the steps above for wpUtilQueue, wpServAutoActQueue, RuntimeStatusDetailQueue.
Go to Service Integration>Buses. Click on IMSBus. Click on Destinations. Select Topic Space.
Enter ServerCommand.
Click on Next to display the assignment of the topic space to a bus member.
Click on Next to display the Configuration screen. Click on Finish.
Go to Service Integration>Buses. Click on IMSBus. Click on Destinations.
You should see the following display.
<Please see attached file for image>
Disable bus security, since we have global security enabled.
3.2 Creation of JMS Queue Connection Factories
3.2.1 Create neteQCF
Go to Resources>JMS>Queue Connection Factories. Click on New.
Select Default Messaging Provider. Click on OK.
Enter neteQCF in the Name field.
Enter javax.jms.QueueConnectionFactory in the JNDI Name field.
Enter IMSBus in the Bus Name field.
Hit OK.
3.2.2 Create wpConnectionFactory
Go to Resources>JMS>Queue Connection Factories. Click on New.
Select Default Messaging Provider. Click on OK.
Enter wpConnectionFactory in the Name field.
Enter jms/wpConnectionFactory in the JNDI Name field.
Enter IMSBus in the Bus Name field.
Hit OK.
Go to Resources>JMS>Queue Connection Factories.
You should see the following display.
<Please see attached file for image>
3.3 Creation of Topic Connection Factories
3.3.1Create neteTCF
Go to Resources>JMS>Topic Connection Factories. Click on New.
Select Default Messaging Provider. Click on OK.
Enter neteTCF in the Name field.
Enter javax.jms.TopicConnectionFactory in the JNDI Name field.
Enter IMSBus in the Bus Name field.
Hit OK.
3.3.2 Create GeneralMonitorCF
Go to Resources>JMS>Topic Connection Factories. Click on New.
Select Default Messaging Provider. Click on OK.
Enter GeneralMonitorCF in the Name field.
Enter com/netegrity/idm/GeneralMonitorCF in the JNDI Name field.
Enter IMSBus in the Bus Name field.
Hit OK.
Go to Resources>JMS>Topic Connection Factories.
You should see the following display.
<Please see attached file for image>
3.4 Creation of Queues
3.4.1 Create IMSEvents
Go to Resources>JMS>Queues. Click on New.
Select Default Messaging Provider. Click on OK.
Enter IMSEvents in the Name field.
Enter com.netegrity.ims.msg.queue in the JNDI Name field.
Select IMSBus in the Bus Name field.
Select IMSEvents in the Queue Name field.
Hit OK.
3.4.2 Create wpServAutoActQueue
Go to Resources>JMS>Queues. Click on New.
Select Default Messaging Provider. Click on OK.
Enter wpServAutoActQueue in the Name field.
Enter queue/wpServAutoActQueue in the JNDI Name field.
Select IMSBus in the Bus Name field.
Select wpServAutoActQueue in the Queue Name field.
Hit OK.
3.4.3 Create queue/wpUtilQueue
Go to Resources>JMS>Queues. Click on New.
Select Default Messaging Provider. Click on OK.
Enter wpUtilQueue in the Name field.
Enter queue/wpUtilQueue in the JNDI Name field.
Select IMSBus in the Bus Name field.
Select wpUtilQueue in the Queue Name field.
Hit OK.
3.4.4 Create RuntimeStatusDetailQueue
Go to Resources>JMS>Queues. Click on New.
Select Default Messaging Provider. Click on OK.
Enter RuntimeStatusDetailQueue in the Name field.
Enter queue/RuntimeStatusDetailQueue in the JNDI Name field.
Select IMSBus in the Bus Name field.
Select RuntimeStatusDetailQueue in the Queue Name field.
Hit OK.
Go to Resources>JMS>Queues.
You should see the following display.
<Please see attached file for image>
3.5 Creation of Topics
3.5.1 Create ServerCommand Topic
Go to Resources>JMS>Topics. Click on New.
Select Default Messaging Provider. Click on OK.
Enter ServerCommand in the Name field.
Enter topic/ServerCommandTopic in the JNDI Name field.
Select IMSBus in the Bus Name field.
Select ServerCommand in the Topic Space field.
Hit OK.
Go to Resources>JMS>Queues.
You should see the following display.
<Please see attached file for image>
3.5.2 Creation of Activation Specifications
Create act
Go to Resources>JMS>Activation Specifications. Click on New.
Select Default Messaging Provider. Click on OK.
Enter act in the Name field.
Enter ACT in the JNDI Name field.
Enter Queue in the Destination Type.
Enter com.netegrity.ims.msg.queue in the Destination JNDI Name.
Select IMSBus in the Bus Name field.
Hit OK.
Create wpServAutoActActSpec
Go to Resources>JMS>Activation Specifications. Click on New.
Select Default Messaging Provider. Click on OK.
Enter wpServAutoActActSpec in the Name field.
Enter jms/wpServAutoActActSpec in the JNDI Name field.
Enter Queue in the Destination Type.
Enter queue/wpServAutoActQueue in the Destination JNDI Name.
Select IMSBus in the Bus Name field.
Hit OK.
Create wpUtilActSpec
Go to Resources>JMS>Activation Specifications. Click on New.
Select Default Messaging Provider. Click on OK.
Enter wpUtilActSpec in the Name field.
Enter jms/wpUtilActSpec in the JNDI Name field.
Enter Queue in the Destination Type.
Enter queue/wpUtilQueue in the Destination JNDI Name.
Select IMSBus in the Bus Name field.
Hit OK.
Create ServerCommand
Go to Resources>JMS>Activation Specifications. Click on New.
Select Default Messaging Provider. Click on OK.
Enter ServerCommand in the Name field.
Enter ServerCommand in the JNDI Name field.
Enter Topic in the Destination Type.
Enter topic/ServerCommand in the Destination JNDI Name.
Select IMSBus in the Bus Name field.
Hit OK.
Create RuntimeStatusDetailQueue
Go to Resources>JMS>Activation Specifications. Click on New.
Select Default Messaging Provider. Click on OK.
Enter RuntimeStatusDetailQueue in the Name field.
Enter jms/RuntimeStatusDetailQueue in the JNDI Name field.
Enter Queue in the Destination Type.
Enter queue/RuntimeStatusDetailQueue in the Destination JNDI Name.
Select IMSBus in the Bus Name field.
Hit OK.
Go to Resources>JMS>Activation Specifications.
You should see the following display.
<Please see attached file for image>
4 Creation of Mail Session
Go to Mail>Mail Sessions. Click on New.
Enter mailMail in the Name field.
Enter mail/Mail in the JNDI Name field. Click OK.
Go to Mail>Mail Sessions.
You should see the following display.
<Please see attached file for image>
Note: Please provide your corporate SMTP mail server hostname in the mail transport host and mail store host properties of this session
5. Set Web Container Custom Properties
Go to Application Servers and select your server.
Click on Web Container. Click on Custom Properties.
Enter the following customer property with the value true: com.ibm.ws.webcontainer.invokefilterscompatibility.
On your server's custom properties page, you should see the following.
<Please see attached file for image>
6. Deploy ear file in websphere.
6.1 To deploy the CA Stylesheet ear (ca-stylesr5.1.1.ear).
In the WebSphere Administrative Console, go to Applications, Install New Application.
Choose Local file system and select the compressed ca-stylesr5.1.ear.
Do not specify a context root.
Click Next.
Keep all default settings.
For Virtual Host settings, choose default_host for Web modules.
Click Next.
Under Select installation options, ensure that Distribute application and Create MBeans for resources are checked.
Click Next.
Under Map modules to servers, ensure that the cell and server name are listed.
Select the Module CA Styles r5.1.1 and click Next.
Under Map virtual hosts for Web modules, select Web module CA Styles R5.1.
Ensure that default_host is selected under Virtual host column, then click Next.
Click Finish.
The application is installed.
Click Save to Master Repository.
The nodes in the cluster are synchronized.
Go to Applications, Install New Application and click Start.
The status is Started.
Note: The preceding procedure applies to WebSphere 6.1 only.
6.2 To deploy the Identity Minder ear (WAS_IMr12.ear)
Choose the EAR file, as shown:
<Please see attached file for image>
Click Next.
Select Precompile JavaServer Pages files, as shown:
<Please see attached file for image>
Click Next.
Select all of modules to map, as shown:
<Please see attached file for image>
Click Next.
Map the Activation Specs as follows:
Associate SubscriberMessageEJB with ACT.
Associate ServerCommandsEJB with ServerCommand
Associate RuntimeStatusDetailEJB with jms/RuntimeStatusDetailQueue
Associate ServerAutomatedActivityMDBean with jms/wpServAutoActActSpec.
Associate UtilityMDBean with jms/wpUtilActSpec.
<Please see attached file for image>
Map virtual hosts to web modules, as shown:
<Please see attached file for image>
Ensure that the summary appears as follows:
<Please see attached file for image>
Save to Master Repository.
6.3 Create Policy Server and workflow connector objects
In the WebSphere Administrative Console, go to Application servers, your_server, Install Applications, IdentityMinder, Manage Modules.
<Please see attached file for image>
Choose PolicyServerRA:
<Please see attached file for image>
- Create the Policy Server connector object with the JNDI, as nete/rar/PolicyServerConnection
<Please see attached file for image>
- Create the Workflow connector object. Under the WorkflowRA module, use Workflow for the JNDI name.
<Please see attached file for image>
Restart the server.
6.4 Modify the UserConsole.war to not use Websphere Classes
The deployment.xml file needs to be edited to ensure the UserConsole.war does not use WebSphere classes . Note: This can also be achieved alternatively thru the websphere admin console by selecting child class loader first for the IMS-UI module.
To edit the deployment.xml file
Edit the deployment.xml found in the following location:
WebSphere_NODE_HOME \profiles\AppSrv02\config\cells\BaseIDMNode02Cell\applications\IdentityMinder.ear\deployments\IdentityMinder\deployment.xmlChange the following lines:
<classloader xmi:id="Classloader_1202404294500" mode="PARENT_FIRST"/><modules xmi:type="appdeployment:WebModuleDeployment" xmi:id="WebModuleDeployment_1202404294500" deploymentId="1" startingWeight="4000" uri="user_console.war"><targetMappings xmi:id="DeploymentTargetMapping_1202404294501" target="ServerTarget_1202404294500"/><classloader xmi:id="Classloader_1202404294501"/></modules>to the following lines:
<classloader xmi:id="Classloader_1202404294500" mode="PARENT_FIRST"/><modules xmi:type="appdeployment:WebModuleDeployment" xmi:id="WebModuleDeployment_1202404294500" deploymentId="1" startingWeight="4000" uri="user_console.war" classloaderMode="PARENT_LAST"><targetMappings xmi:id="DeploymentTargetMapping_1202404294501" target="ServerTarget_1202404294500"/><classloader xmi:id="Classloader_1202404294501"/></modules>Restart the WebSphere application server.
7. Create JDBC resources in Websphere.
7.1 Prerequisites
Oracle 10g database.
Initial DBA access on Identity Manager database. It can be revoked later
7.2 Creation of resources
Within the WebSphere administrative console, open the appropriate data source descriptor.
Change the JndiName in the data source descriptor according to the following:
Task Persistence: jdbc/idm
Workflow: jdbc/WPDS
Auditing: auditDbDataSource
Reporting: jdbc/reportsnapshot (Please read highlighted note below for this JNDI)
Object Store: jdbc/objectstore
IMCUSTOM: jdbc/IMCUSTOM
Change the DatabaseName, User, and Password in the data source descriptor to the appropriate values for the new database.
The database schema (SQL scripts) will be automatically applied when you restart Identity Manager.
Add the following to Custom Properties:
user=<username>, password=<password>Note: the schema name(user) for reporting JNDI (jdbc/reportsnapshot) is different than remaining JNDI
Note: Ensure that the JDBC provider is created as XA. Below is the screenshot for datasource Object store. Provide similar information for remaining datasources and make sure you can test the connections successfully.
<Please see attached file for image>