WIXLIB

CA Identity Manager Installation Guide (WebSphere)12.6.4

This Documentation, which includes embedded help systems and electronically distributed materials, (hereinafter referred toas the “Documentation”) is for your informational purposes only and is subject to change or withdrawal by CA at any time. ThisDocumentation is proprietary information of CA and may not be copied, transferred, reproduced, disclosed, modified orduplicated, in whole or in part, without the prior written consent of CA.If you are a licensed user of the software product(s) addressed in the Documentation, you may print or otherwise makeavailable a reasonable number of copies of the Documentation for internal use by you and your employees in connection withthat software, provided that all CA copyright notices and legends are affixed to each reproduced copy.The right to print or otherwise make available copies of the Documentation is limited to the period during which the applicablelicense for such software remains in full force and effect. Should the license terminate for any reason, it is your responsibility tocertify in writing to CA that all copies and partial copies of the Documentation have been returned to CA or destroyed.TO THE EXTENT PERMITTED BY APPLICABLE LAW, CA PROVIDES THIS DOCUMENTATION “AS IS” WITHOUT WARRANTY OF ANYKIND, INCLUDING WITHOUT LIMITATION, ANY IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULARPURPOSE, OR NONINFRINGEMENT. IN NO EVENT WILL CA BE LIABLE TO YOU OR ANY THIRD PARTY FOR ANY LOSS OR DAMAGE,DIRECT OR INDIRECT, FROM THE USE OF THIS DOCUMENTATION, INCLUDING WITHOUT LIMITATION, LOST PROFITS, LOSTINVESTMENT, BUSINESS INTERRUPTION, GOODWILL, OR LOST DATA, EVEN IF CA IS EXPRESSLY ADVISED IN ADVANCE OF THEPOSSIBILITY OF SUCH LOSS OR DAMAGE.The use of any software product referenced in the Documentation is governed by the applicable license agreement and suchlicense agreement is not modified in any way by the terms of this notice.The manufacturer of this Documentation is CA.Provided with “Restricted Rights.” Use, duplication or disclosure by the United States Government is subject to the restrictionsset forth in FAR Sections 12.212, 52.227-14, and 52.227-19(c)(1) - (2) and DFARS Section 252.227-7014(b)(3), as applicable, ortheir successors.Copyright 2014 CA. All rights reserved. All trademarks, trade names, service marks, and logos referenced herein belong totheir respective companies.

CA Technologies Product ReferencesThis document references the following CA Technologies products: CA CloudMinder Identity Management CA Directory CA Identity Manager CA Identity Governance (formerly CA GovernanceMinder) CA SiteMinder CA User Activity Reporting CA AuthMinder Contact CA TechnologiesContact CA SupportFor your convenience, CA Technologies provides one site where you can access theinformation that you need for your Home Office, Small Business, and Enterprise CATechnologies products. At http://ca.com/support, you can access the followingresources: Online and telephone contact information for technical assistance and customerservices Information about user communities and forums Product and documentation downloads CA Support policies and guidelines Other helpful resources appropriate for your productProviding Feedback About Product DocumentationIf you have comments or questions about CA Technologies product documentation, youcan send a message to techpubs@ca.com.To provide feedback about CA Technologies product documentation, complete ourshort customer survey which is available on the CA Support website athttp://ca.com/docs.

ContentsChapter 1: Installation Overview11Sample CA Identity Manager Installations . 11Example: Single Node Installation . 12Example: Installation with Multiple Endpoints . 14Example: SiteMinder and CA Identity Manager Installation . 16High Availability Installation . 17Example: High Availability Installation . 18CA Identity Manager Server Architecture . 19Provisioning Components Architecture . 19Overall Installation Process . 20Chapter 2: Installation Prerequisites21Installation Status . 21Prerequisite Knowledge . 22How to Install Prerequisite Components . 22Check Hardware Requirements . 23Install CA Directory. 25Create a FIPS 140-2 Encryption Key . 26Create an Encryption Parameters File. 26(Optional) Integrate with SiteMinder . 27Create the Database . 28WebSphere Application Server . 28Solaris Requirements . 31Linux Requirements . 32IPv6 Support . 34Complete the Installation Worksheets . 35UNIX and Console Mode Installation . 38Non-Provisioning Installation . 39Chapter 3: Single Node Installation41Installation Status . 41CA Identity Manager Components . 42How to Perform a Single Node Installation . 42Install CA Identity Manager Components . 43Configure Workflow for Your Profile. 44Verify the CA Identity Manager Server Starts . 45Contents 5

Install Optional Provisioning Components . 46Configure a Remote Provisioning Manager . 47Chapter 4: Installation on a WebSphere Cluster49Installation Status . 49WebSphere Cluster Setup . 49WebSphere Cluster Prerequisites . 51Install WebSphere on each Node . 51Create the Cluster with One Member . 52How to Install CA Identity Manager on a WebSphere Cluster . 52Objects Created by the Installation . 52Run the Installation from the Deployment Manager . 53Add Cluster Members . 57Assign the Core Group Policy . 57Configure Workflow for Cluster Members . 58Configure the Proxy Plug-In for the Web Server . 59Set the Virtual Host Alias. 60Start the WebSphere Cluster . 60Verify the Clustered Installation. 61Configure a Remote Provisioning Manager . 61Chapter 5: Separate Database Configuration63Installation Status . 63Create Separate Databases . 64How to Create Separate Databases . 65Create an MS SQL Server Database Instance . 65Create an Oracle Database Instance . 66Create JDBC Resources. 66Edit the Data Source . 68Set Connection Pool Properties . 70Run the SQL Scripts . 70Run the Script for Workflow . 72Chapter 6: Manual EAR Deployment73How to Deploy Manually . 73Prerequisites to Manual Deployment . 74Create the Primary Resources . 74Assign the Core Group Policy . 76Generate the EAR Files . 77Deploy the castylesr5.1.1.ear File . 776 Installation Guide (WebSphere)

Deploy the iam im.ear . 78Deploy the iam im.ear with a JACL Script . 78Deploy the iam im.ear from the WebSphere Administrative Console. 79Create Policy Server and Workflow Objects . 82Create Message Driven Bean Listener Bindings . 83Edit the user console.war . 84Edit the wpServer.Jar . 85Connect to SiteMinder . 85Connect to RCM . 87Create a Provisioning Server Shared Secret . 88Perform Post-Deployment Steps for the Cluster. 88Add Cluster Members . 89Assign the Core Group Policy . 89Configure Workflow for Cluster Members . 90Configure the Proxy Plug-In for the Web Server . 91Start the WebSphere Cluster . 92Verify the Clustered Installation . 92Chapter 7: Report Server Installation95Installation Status . 95Reporting Architecture . 96Reporting Considerations . 96Hardware Requirements . 97How to Install the Report Server . 97Reports Pre-Installation Checklist . 98Reporting Information . 99Open Ports for the Report Server . 100Install the CA Report Server . 101Run the Registry Script . 103Copy the JDBC JAR Files . 105Bypass the Proxy Server . 106Deploy Default Reports . 106BusinessObjects XI 3.x Post-Installation Step. 107Secure the Report Server Connection on WebSphere . 108Verify the Reporting Installation . 109Silent Installation . 109How to Uninstall Reporting . 110Remove Leftover Items . 110Chapter 8: Connector Server Installation113Connector Server Prerequisites . 113Contents 7

System Requirements . 113Time Zone Considerations . 113File Locations . 11432-bit and 64-bit Applications . 114Linux Requirements . 115Install CA IAM CS . 116Provisioning Server Registration . 119Install the C Connector Server . 119Install CA IAM CS Silently. 120Install the SDK for CA IAM CS . 121Install the Connector Samples . 121Set Up JDBC Support . 122Set Up License Files for the DB2 for z/OS Connector . 123Set Up License Files for the Sybase Connector . 124Set Up Windows Authentication for the SQL Server Connector . 125More Information about Setting Up Connectors . 125Chapter 9: High Availability Provisioning Installation127Installation Status . 127How to Install High Availability Provisioning Components . 128Redundant Provisioning Directories . 128Install Alternate Provisioning Directories . 129Reconfiguring Systems with Provisioning Directories . 130Redundant Provisioning Servers . 131Router DSA for the Provisioning Server . 132Install Provisioning Servers . 132Configure Provisioning Server Failover . 134Redundant Connector Servers . 134Installing Multiple Connector Servers . 135Connector Server Framework . 135Load-Balancing and Failover . 136Reliability and Scalability . 137Multi-Platform Installations . 137Configure Connector Servers . 138C Connector Server on Solaris . 143Failover for Provisioning Clients . 143Enable User Console Failover . 144Enable Provisioning Manager Failover . 145Test the Provisioning Manager Failover . 1458 Installation Guide (WebSphere)

Appendix A: Uninstallation and Reinstallation147How to Uninstall CA Identity Manager . 147Remove CA Identity Manager Objects with the Management Console. 148Remove the CA Identity Manager Schema from the Policy Store . 148Remove the CA Identity Manager schema from a SQL Policy Store . 148Remove the CA Identity Manager schema from an LDAP Policy Store . 149Uninstall CA Identity Manager Software Components . 150Remove CA Identity Manager from WebSphere . 151Reinstall CA Identity Manager . 152Appendix B: Unattended Installation153How to Run an Unattended Installation. 153Modify the Configuration File . 153Initial Choices . 154CA Identity Manager Server . 154Provisioning Components . 157Extensions for SiteMinder . 157Configuration File Format . 158Appendix C: Installation Log Files163Log Files on Windows . 163Log files on UNIX . 163Appendix D: Windows Services Started by CA Identity Manager165Index167Contents 9

Chapter 1: Installation OverviewThis guide provides instructions for installing CA Identity Manager and also includesinformation about optional components for installation such as Provisioning and CASiteMinder.This section contains the following topics:Sample CA Identity Manager Installations (see page 11)Example: Single Node Installation (see page 12)Example: Installation with Multiple Endpoints (see page 14)Example: SiteMinder and CA Identity Manager Installation (see page 16)High Availability Installation (see page 17)Overall Installation Process (see page 20)Sample CA Identity Manager InstallationsWith CA Identity Manager, you can control user identities and their access toapplications and accounts on endpoint systems. Based on the functionality you need,you select which CA Identity Manager components to install.In all CA Identity Manager installations, the CA Identity Manager Server is installed on anapplication server. You use the CA Identity Manager Installer to install the othercomponents you need.The following sections illustrate some ex

CA Technologies Product References This document references the following CA Technologies products: A loudMinder Identity Management CA Directory A Identity Manager CA Identity Governance (formerly CA GovernanceMinder) CA SiteMinder CA User Activity Reporting A AuthMinder Contact CA Technologies