Siteminder Wa Install Apache Enu

CA SiteMinder®
Web Agent Installation Guide for

Apache-based Servers
12.52 SP1
This Documentation, which includes embedded help systems and electronically distributed materials, (hereinafter referred to
as the “Documentation”) is for your informational purposes only and is subject to change or withdrawal by CA at any time. This
Documentation is proprietary information of CA and may not be copied, transferred, reproduced, disclosed, modified or
duplicated, in whole or in part, without the prior written consent of CA.
If you are a licensed user of the software product(s) addressed in the Documentation, you may print or otherwise make
available a reasonable number of copies of the Documentation for internal use by you and your employees in connection with
that software, provided that all CA copyright notices and legends are affixed to each reproduced copy.
The right to print or otherwise make available copies of the Documentation is limited to the period during which the applicable
license for such software remains in full force and effect. Should the license terminate for any reason, it is your responsibility to
certify in writing to CA that all copies and partial copies of the Documentation have been returned to CA or destroyed.
TO THE EXTENT PERMITTED BY APPLICABLE LAW, CA PROVIDES THIS DOCUMENTATION “AS IS” WITHOUT WARRANTY OF ANY
KIND, INCLUDING WITHOUT LIMITATION, ANY IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
PURPOSE, OR NONINFRINGEMENT. IN NO EVENT WILL CA BE LIABLE TO YOU OR ANY THIRD PARTY FOR ANY LOSS OR DAMAGE,
DIRECT OR INDIRECT, FROM THE USE OF THIS DOCUMENTATION, INCLUDING WITHOUT LIMITATION, LOST PROFITS, LOST
INVESTMENT, BUSINESS INTERRUPTION, GOODWILL, OR LOST DATA, EVEN IF CA IS EXPRESSLY ADVISED IN ADVANCE OF THE
POSSIBILITY OF SUCH LOSS OR DAMAGE.
The use of any software product referenced in the Documentation is governed by the applicable license agreement and such
license agreement is not modified in any way by the terms of this notice.
The manufacturer of this Documentation is CA.
Provided with “Restricted Rights.” Use, duplication or disclosure by the United States Government is subject to the restrictions
set forth in FAR Sections 12.212, 52.227-14, and 52.227-19(c)(1) - (2) and DFARS Section 252.227-7014(b)(3), as applicable, or
their successors.
Copyright © 2014 CA. All rights reserved. All trademarks, trade names, service marks, and logos referenced herein belong to
their respective companies.
CA Technologies Product References
This document references the following CA Technologies products:
■ CA SiteMinder®
■ CA IdentityMinder™ (formerly CA Identity Manager)
■ CA SiteMinder® Web Services Security (formerly CA SOA Security Manager)
Contact CA Technologies
Contact CA Support
For your convenience, CA Technologies provides one site where you can access the
information that you need for your Home Office, Small Business, and Enterprise CA
Technologies products. At http://ca.com/support, you can access the following
resources:
■ Online and telephone contact information for technical assistance and customer
services
■ Information about user communities and forums
■ Product and documentation downloads
■ CA Support policies and guidelines
■ Other helpful resources appropriate for your product
Providing Feedback About Product Documentation
If you have comments or questions about CA Technologies product documentation, you

can send a message to [email protected].
To provide feedback about CA Technologies product documentation, complete our

short customer survey which is available on the CA Support website at
http://ca.com/docs.
Documentation Changes
The following updates have been made to the 12.52 SP1 documentation, as a result of
issues found in previous releases.
■ Apache-based Server Not Starting (see page 83)—Added troubleshooting
information related to supporting Apache based-servers 2.4.x on Windows.
■ Gather the Information Required by the Configuration Program on Windows (see
page 27)—Revised configuration wizard information to include settings added to
support Apache-based servers 2.4.x and higher on Windows.
The following updates have been made to the 12.52 documentation, as a result of issues
found in previous releases.
■ Uninstall a Web Agent (see page 77)—Removed obsolete material related to
installing a supported JRE and including it in the system path. A JRE is now included
with the software.
■ How to Configure Agents on UNIX/Linux (see page 37)—Revised configuration
procedures for embedded Apache-based web servers included with RedHat Linux.
Resolves CQ175578 and STAR Issue 21482842:01
■ Start an Oracle 11g HTTP server with the apachectl command (see page 60)—Added
start procedure for Oracle 11g HTTP servers. Resolves CQ176028
Contents
Chapter 1: Preparation 9
Only Apache-based Web Server Procedures in this Guide .......................................................................................... 9
Hardware Requirements for CA SiteMinder® Agents ................................................................................................ 10
Preparation Roadmap for Apache-based web servers............................................................................................... 11
How to Prepare for a Web Agent Installation on Apache-based Servers .................................................................. 12
Locate the Platform Support Matrix ................................................................................................................... 12
Apache-based Server Preparations for Windows ............................................................................................... 13
Apache-based Server Preparations on UNIX ....................................................................................................... 14
Apache-based Server Preparations for Linux ...................................................................................................... 15
Preparations for z/OS.......................................................................................................................................... 19
IBM HTTP Server Preparations ............................................................................................................................ 21
Policy Server Requirements ....................................................................................................................................... 22
Chapter 2: Install and Configure Apache-based Agents on Windows 25

Agent Installation Compared to Agent Configuration ................................................................................................ 25
How to Install Apache-based Agents on Windows .................................................................................................... 25
Gather the Information for the Installation Program ......................................................................................... 26
Run the Installation Program on Windows ......................................................................................................... 26
How to Configure Apache-based Agents on Windows .............................................................................................. 27
Gather the Information Required by the Configuration Program on Windows ................................................. 27
Run the Web Agent Configuration Program on Windows .................................................................................. 30
Run the Unattended or Silent Installation and Configuration Programs for Subsequent Agents on
Windows ............................................................................................................................................................. 31
Chapter 3: Install and Configure Apache-based Agents on UNIX/Linux 33

Agent Installation Compared to Agent Configuration ................................................................................................ 33
How to Install Apache-based Agents on UNIX or Linux.............................................................................................. 33
Gather the Information for the Installation ........................................................................................................ 34
Run the Installation Program on UNIX/Linux ...................................................................................................... 34
How to Install Agents on z/OS Systems ..................................................................................................................... 35
Gather the Information for the Installation ........................................................................................................ 35
Run the CA SiteMinder® Agent Installation Program on z/OS ............................................................................ 35
How to Configure Apache-based Agents on UNIX or Linux........................................................................................ 37
Gather the Information that the Configuration Program Requires on UNIX/Linux ............................................ 37
Edit the configuration files for embedded Apache web servers on RedHat Linux.............................................. 40
Source the Agent Environment Script on UNIX or Linux ..................................................................................... 41
Contents 5
Set the Library Path Variable on UNIX or Linux................................................................................................... 41
Run the Web Agent Configuration Program on UNIX/Linux ............................................................................... 42
See the CA SiteMinder® Default Headers ........................................................................................................... 43
Run the Unattended or Silent Installation and Configuration Programs for Agents on UNIX/Linux .................. 44
Set the LD_PRELOAD Variable............................................................................................................................. 45
Set the LD_ASSUME_KERNEL for Apache Agent on SuSE Linux 9 for zSeries ..................................................... 45
Set the CAPKIHOME Variable for Red Hat Linux Systems ................................................................................... 45
How to Configure Agents on z/OS Systems................................................................................................................ 46
Gather the Information that the Configuration Program Requires on z/OS ....................................................... 46
Set the Library Path Variable on z/OS ................................................................................................................. 49
Run the CA SiteMinder® Agent Configuration Program on z/OS ........................................................................ 49
(Optional) Run the Unattended or Silent Installation and Configuration Programs for CA SiteMinder®
Agents on z/OS .................................................................................................................................................... 50
Optional Agent Settings for UNIX/Linux..................................................................................................................... 52
Set Web Agent Variables when using apachectl Script ....................................................................................... 52
Improve Server Performance with Optional httpd.conf File Changes ................................................................ 52
Chapter 4: Dynamic Policy Server Clusters 55

Connect a Web Agent to a Dynamic Policy Server Cluster ......................................................................................... 56
Chapter 5: Starting and Stopping Web Agents 57

Enable a Web Agent ................................................................................................................................................... 57
Disable a Web Agent .................................................................................................................................................. 58
Starting or Stopping Most Apache-based Agents with the apachectl Command ...................................................... 58
Start an IBM HTTP Server with the apachectl Command ........................................................................................... 59
Start an Oracle 11.g.x HTTP Server with the opmnctl Command .............................................................................. 60
Chapter 6: Upgrade a Web Agent to 12.52 SP1 61

Agent Upgrade Roadmap ........................................................................................................................................... 62
How to Prepare for a CA SiteMinder® Agent Upgrade............................................................................................... 63
Upgrade Process from CA SiteMinder® r6.x........................................................................................................ 64
Upgrade Process from CA SiteMinder® r12.0 ..................................................................................................... 65
Upgrade Process from CA SiteMinder® r12.0 ..................................................................................................... 66
Ensure LD_PRELOAD Variable Does Not Conflict with Existing Agent ................................................................ 66
Source the Environment Script on UNIX and Linux Operating Environments .................................................... 67
Run the Installation Wizard to Upgrade your Agent on Windows ...................................................................... 67
Run the Installation Wizard to Upgrade your Agent on UNIX/Linux ................................................................... 68
Set the Library Path Variable Before Configuring your Upgraded Agent on UNIX/Linux.................................... 68
Configure your Upgraded Agent on Windows .................................................................................................... 70
Configure your Upgraded Agent on UNIX/Linux ................................................................................................. 71
6 Web Agent Installation Guide for Apache-based Servers

Chapter 7: Operating System Tuning for Agents 73
Tune the Shared Memory Segments.......................................................................................................................... 74
How to Tune the Solaris 10 Resource Controls .......................................................................................................... 76
Chapter 8: Uninstall a Web Agent 77

Notes About Uninstalling Web Agents ....................................................................................................................... 77
Uninstall a Web Agent from a Windows Operating Environment ............................................................................. 78
Uninstall an Apache-based Agent from a UNIX System ............................................................................................. 80
Uninstall an Apache-based Agent from a z/OS System .............................................................................................. 81
Chapter 9: Troubleshooting 83
Apache-based Server Not Starting ............................................................................................................................. 83
Apache Server Shows shmget Failure On Startup ...................................................................................................... 84
Apache Agent is Enabled but Default Server Page or Protected Resource Not Accessible ....................................... 84
Apache Web Agent Not Operating............................................................................................................................. 84
Non-english Input Characters Contain Junk Characters ............................................................................................. 85
Appendix A: Worksheets 87
Agent Installation Worksheet .................................................................................................................................... 87
Agent Configuration Worksheet ................................................................................................................................ 87
Index 89
Contents 7
Chapter 1: Preparation
This section contains the following topics:
Only Apache-based Web Server Procedures in this Guide (see page 9)
Hardware Requirements for CA SiteMinder® Agents (see page 10)
Preparation Roadmap for Apache-based web servers (see page 11)
How to Prepare for a Web Agent Installation on Apache-based Servers (see page 12)
Policy Server Requirements (see page 22)
Only Apache-based Web Server Procedures in this Guide

This guide only contains procedures for installing or configuring CA SiteMinder® agents
on Apache-based web servers.
To install or configure a CA SiteMinder® agent on any other type of web server or

operating environment, see one of the following guides:
■ Web Agent Installation Guide for Domino.
■ Web Agent Installation Guide for IIS.
■ Web Agent Installation Guide for Oracle iPlanet.
Hardware Requirements for CA SiteMinder® Agents
Hardware Requirements for CA SiteMinder® Agents

Computers hosting CA SiteMinder® agents require the following hardware:
Windows operating environment requirements
agents operating on Windows operating environments require the following
hardware:
■ CPU: x86 or x64
■ Memory: 2-GB system RAM.
■ Available disk space:
■ 2-GB free disk space in the installation location.
■ .5-GB free disk space in the temporary location.
UNIX operating environment requirements
Agents operating on UNIX operating environments require the following hardware:
■ CPU:
■ Solaris operating environment: SPARC
■ Red Hat operating environment: x86 or x64
■ Memory: 2-GB system RAM.
■ Available disk space:
■ 2-GB free disk space in the installation location.
■ .5-GB free disk space in /temp.
Note: Daily operation of the agent requires 10 MB of free disk space in /tmp.
The agent creates files and named pipes under /tmp. The path to which these
files and pipes are created cannot be changed.

Preparation Roadmap for Apache-based web servers
Preparation Roadmap for Apache-based web servers

The following illustration describes how to prepare your web server before you install a
CA SiteMinder® agent:
How to Prepare for a Web Agent Installation on Apache-based Servers
How to Prepare for a Web Agent Installation on Apache-based

Servers
To prepare for a CA SiteMinder® agent installation on an Apache-based server, use the
following process:
1. Locate the Platform Support Matrix (see page 12). Verify that your web server
supports the version of the CA SiteMinder® agent that you want to install.
2. Verify that you have an account with one of the following types of privileges for
your web server:
■ Administrative privileges (for the Windows operating environment)
■ Root privileges (for the UNIX or Linux operating environments)
3. Configure the appropriate additional CA SiteMinder® agents require using one of
the following lists:
■ Apache-based server preparations for Windows operating environments.
■ Apache-based server preparations for UNIX operating environments (see
page 14).
■ Apache-based server preparations for Linux operating environments (see
page 15).
■ IBM HTTP server preparations for all operating environments (see page 21).
4. Verify that the Policy Server is installed and configured.
5. Review the known issues section of the Web Agent Release Notes.
Locate the Platform Support Matrix

Use the Platform Support Matrix to verify that the operating environment and other
required third-party components are supported.
Follow these steps:

1. Go to the CA Support site.
2. Click Product Pages.
3. Enter the product name and click Enter.

4. Open popular links and click Informational Documentation Index.

5. Click Platform Support Matrices.
Note: You can download the latest JDK and JRE versions at the Oracle Developer
Network.
Technology Partners and CA Validated Products
The latest list of partners and their validated products.
Apache-based Server Preparations for Windows

Apache-based servers running on Windows operating environments require the
following preparations before installing a CA SiteMinder® agent:
1. Install the Apache-based web server as a service for all users (see page 13).
2. Verify the presence of a logs subdirectory with the proper permissions (see
page 13).
Install an Apache Web Server on Windows as a Service for All Users
When an Apache-based web server is installed using a single user account, the Agent
configuration cannot detect the Apache-based web server installation.
To correct this problem, select the following option when you install an Apache-based
web server on a Windows operating environment:
"install as a service, available for all users".
Verify Presence of a Logs Subdirectory with Permissions for Apache-based Web Agents
For CA SiteMinder® Agents for Apache-based web servers (including IBM HTTP Server), a
logs subdirectory must exist under the root directory of the Apache-based web server.
This subdirectory needs Read and Write permissions for the user identity under which
the Apache child process runs.
If the logs subdirectory does not exist, create it with the required permissions.
Note: This configuration requirement applies to any Apache-based web server that
writes log files outside the Apache root directory.
Apache-based Server Preparations on UNIX

Apache-based servers running on UNIX operating environments require the following
preparations before installing a CA SiteMinder® agent:
1. Set the display variable (see page 14).
2. Verify the presence of a logs subdirectory (see page 14).
3. Verify that the appropriate patches have been installed for your operating
environment:
■ Solaris patches (see page 15).
■ AIX requirements (see page 15).
Set the DISPLAY For CA SiteMinder® Agent Installations on UNIX
If you are installing the CA SiteMinder® Agent on a UNIX system from a remote terminal,
such as a Telnet or Exceed terminal, be sure the DISPLAY variable is set for the local
system. For example, if your machine is 111.11.1.12, set the variable as follows:
DISPLAY=111.11.1.12:0.0
export DISPLAY
Note: You can also install the agent using the console mode installation, which does not
require the X window display mode.
Verify Presence of a Logs Subdirectory with Permissions for Apache-based CA SiteMinder®

Agents
For any agents for Apache-based web servers (including IBM HTTP Server), a logs
subdirectory must exist under the root directory of the Apache-based web server. This
subdirectory needs Read and Write permissions for the user identity under which the
Apache child process runs.

Required Solaris Patches
Before installing a CA SiteMinder® Agent on a Solaris computer, install the following

patches:
Solaris 9
Requires patch 111711-16.
Solaris 10
Requires patch 119963-08.
You can verify installed patch versions by logging in as the root user and executing the
following command:
showrev -p | grep patch_id
To locate Solaris patches, go to the Oracle Solution Center.
AIX Requirements
CA SiteMinder® agents running on AIX systems require the following components:

■ To run a rearchitected (framework) CA SiteMinder® Apache-based agent on an AIX
system, your C/C++ runtime environment must be version 8.0.0.0.
Apache-based Server Preparations for Linux

Apache-based servers running on Linux operating environments require the following
preparations before installing a CA SiteMinder® agent:
1. Verify that the required patches are installed (see page 15).
2. Verify that the required libraries are installed.
3. Verify that the required tools are installed (see page 18).
4. Compile the Apache-based web server (see page 18).
Required Linux Patches
The following Linux patches are required:

For Web Agents running on 64-bit Linux systems
■ Binutils 2.17
■ GCC 4.1.0
Required Linux Libraries
Certain library files are required for components operating on Linux operating
environments. Failure to install the correct libraries can cause the following error:
java.lang.UnsatisfiedLinkError
If you are installing, configuring, or upgrading a Linux version of this component, the
following packages are required on the host system:
Red Hat 5.x:
■ compat–gcc-34-c++-3.4.6-patch_version.I386
■ libstdc++-4.x.x-x.el5.i686.rpm
■ libidn.so.11.rpm
■ ncurses

Red Hat 6.x:

■ libstdc++-4.x.x-x.el6.i686.rpm
■ libidn-1.18-2.el6.i686
■ libXext.i686.rpm
■ libXrender.i686.rpm
■ linXtst.i686.rpm
■ libidn.so.11.rpm
■ ncurses
Additionally, for Red Hat 6.x (64-bit):
All the RPM packages that are required for 64-bit Red Hat 6.x are 32-bit packages.
■ libXau-1.0.5-1.el6.i686.rpm
■ libxcb-1.5-1.el6.i686.rpm
■ compat-db42-4.2.52-15.el6.i686.rpm
■ compat-db43-4.3.29-15.el6.i686.rpm
■ libX11-1.3-2.el6.i686.rpm
■ libXrender-0.9.5-1.el6.i686.rpm
■ libexpat.so.1 (provided by expat-2.0.1-11.el6_2.i686.rpm)
■ libfreetype.so.6 (provided by freetype-2.3.11-6.el6_2.9.i686.rpm)
■ libfontconfig.so.1 (provided by fontconfig-2.8.0-3.el6.i686.rpm)
■ libICE-1.0.6-1.el6.i686.rpm
■ libuuid-2.17.2-12.7.el6.i686.rpm
■ libSM-1.1.0-7.1.el6.i686.rpm
■ libXext-1.1-3.el6.i686.rpm
■ compat-libstdc++-33-3.2.3-69.el6.i686.rpm
■ compat-db-4.6.21-15.el6.i686.rpm
■ libXi-1.3-3.el6.i686.rpm
■ libXtst-1.0.99.2-3.el6.i686.rpm
■ libXft-2.1.13-4.1.el6.i686.rpm
■ libXt-1.0.7-1.el6.i686.rpm
■ libXp-1.0.0-15.1.el6.i686.rpm
■ libstdc++.i686.rpm
■ compat-libtermcap.rpm
■ libidn.i686.rpm
■ ncurses
Linux Tools Required
Before installing a CA SiteMinder® Agent on a Red Hat Apache 2.2 web server running
on the Red Hat Enterprise Linux operating environment, install all the items included in
the Red Hat Legacy Software Development tools package.
Compile an Apache Web Server on a Linux System
For the CA SiteMinder® Agent to operate with an Apache web server running Linux, you
have to compile the server. Compiling is required because the Agent code uses pthreads
(a library of POSIX-compliant thread routines), but the Apache server on the Linux
platform does not, by default.
If you do not compile with the lpthread option, the Apache server starts up, but then
hangs and does not handle any requests. The Apache server on Linux cannot initialize a
module which uses pthreads due to issues with Linux's dynamic loader.
Follow these steps:

1. Enter the following:
LIBS=-lpthread
export LIBS
2. Configure Apache as usual by entering the following:

configure --enable-module=so --prefix=your_install_target_directory
make
make install

Agents
For agents running on Apache-based web servers (including IBM HTTP Server), a logs

Preparations for z/OS

Before you install and configure a CA SiteMinder® agent on the z/OS operating
environment, perform the preparation steps described in this process.
1. Locate the CA SiteMinder® Platform Support Matrix (see page 12).

2. Locate the installation media (see page 20).
3. Add a supported JRE to the system path (see page 21).
4. Set the DISPLAY variable (see page 20).
Locate the Platform Support Matrix
Use the Platform Support Matrix to verify that the operating environment and other
required third-party components are supported.
Follow these steps:

1. Go to the CA Support site.
2. Click Product Pages.
4. Open popular links and click Informational Documentation Index.

5. Click Platform Support Matrices.
Note: You can download the latest JDK and JRE versions at the Oracle Developer
Network.
Technology Partners and CA Validated Products
The latest list of partners and their validated products.
Locate the Installation Media
If you need a base release, follow these steps:

1. Go to the CA Support site and click Product Pages.
3. Open Quick Access and click Download Center.
4. Log in.
5. Locate your product in the Use the Select a Product list.
6. Select a release and gen level. Click Go.
7. Save the installation zip locally and extract the kit to a temporary location.
If you need a cumulative release (cr), follow these steps:

1. Go to the CA Support site and click Product Pages.
3. Open Quick Access and click Hotfix/Cumulative Release Index.
4. Log in.
5. Click the release you want.
6. Save the installation zip locally and extract the kit to a temporary location.
Set the DISPLAY Variable for CA SiteMinder® Agent Installations on z/OS
If you are installing the CA SiteMinder® agent on a z/OS system from a remote terminal,
verify that the DISPLAY variable is set for the local system. For example, if your server IP
address is 111.11.1.12, set the variable as follows:
export DISPLAY=111.11.1.12:0.0
Note: You can also install the CA SiteMinder® agent using the console mode installation,
which does not require the X window display mode.


Agents
For any agents for Apache-based web servers (including IBM HTTP Server), a logs
Add a Supported JRE to the System Path
On z/OS systems, before installing the CA SiteMinder® agent, verify that a supported JRE
is present on the system and defined in the PATH and JAVA_HOME system variables.
Follow these steps:
Enter the following commands at a command prompt:
export PATH=JRE/bin:$PATH
export JAVA_HOME=JRE
JRE
Specifies the location of the JRE.
For example, /sys/java64bt/v6r0m1/usr/lpp/java/Jversion_number
IBM HTTP Server Preparations

Apache-based IBM HTTP servers require the following preparations before installing a
CA SiteMinder® agent:
■ Verify write permissions exist for the server logs (see page 21).
Enable Write Permissions for IBM HTTP Server Logs
If you install the CA SiteMinder® Agent on an IBM HTTP Server, this web server gets
installed as root and its subdirectories do not give all users in all groups Write
permissions.
For the Low Level Agent Worker Process (LLAWP) to write agent initialization messages
to the web server logs, the user running the web server needs permission to write to
the web server’s log directory. Ensure that you allow write permissions for this user.
Policy Server Requirements

Verify the following criteria:
■ Your Policy Server is installed and configured.
■ Your Policy server can communicate with the computer where you plan to install
the agent.
To install and configure a CA SiteMinder® agent, a Policy Server requires at least the
following items:
■ A CA SiteMinder® administrator that has the right to register trusted hosts.
A trusted host is a client computer where one or more CA SiteMinder® Agents are
installed and registered with the Policy Server. The CA SiteMinder® administrator
must have permissions to register trusted hosts with the Policy Server. Registering a
trusted host creates a unique trusted host name object on the Policy Server.
■ An Agent identity
An Agent identity establishes a mapping between the Policy Server and the name or
IP address of the web server instance hosting an Agent. You define an Agent
identity from the Agents object in the Administrative UI. You assign it a name and
specify the Agent type as a Web Agent.
■ A Host Configuration Object (HCO)
The host configuration object on the Policy Server defines the communication
between the agent and the Policy Server that occurs after an initial connection. The
Initial connections use the parameters in the SmHost.conf file.

■ Agent Configuration Object (ACO)

This object includes the parameters that define the agent configuration. All CA
SiteMinder® agents require at least one of the following configuration parameters
that are defined in the ACO:
AgentName
Defines the identity of the web agent. This identity links the name and the IP
address or FQDN of each web server instance hosting an Agent.
The value of the DefaultAgentName is used instead of the AgentName parameter if
any of the following events occur:
■ The AgentName parameter is disabled.
■ The value of AgentName parameter is empty.
■ The values of the AgentName parameter do not match any existing agent
object.
Note: This parameter can have more than one value. Use the multivalue option
when setting this parameter in an Agent Configuration Object. For local
configuration files, add each value to a separate line in the file.
Default: No default
Limit: Multiple values are allowed, but each AgentName parameter has a 4,000
character limit. Create additional AgentName parameters as needed by adding a
character to the parameter name. For example, AgentName, AgentName1,
AgentName2.
Limits: Must contain 7-bit ASCII characters in the range of 32-127, and include one
or more printable characters. Cannot contain the ampersand (&) and asterisk (*)
characters. The value is not case-sensitive. For example, the names MyAgent and
myagent are treated the same.
Example: myagent1,192.168.0.0 (IPV4)
Example: myagent2, 2001:DB8::/32 (IPV6)
Example: myagent,www.example.com
Example (multiple AgentName parameters): AgentName1, AgentName2,
AgentName3. The value of each AgentNamenumber parameter is limited to 4,000
characters.
DefaultAgentName
Defines a name that the agent uses to process requests. The value for
DefaultAgentName is used for requests on an IP address or interface when no agent
name value exists in the AgentName parameter.
If you are using virtual servers, you can set up your CA SiteMinder® environment
quickly by using a DefaultAgentName. Using DefaultAgentName means that you do
not need to define a separate agent for each virtual server.
Important! If you do not specify a value for the DefaultAgentName parameter, then
the value of the AgentName parameter requires every agent identity in its list.
Otherwise, the Policy Server cannot tie policies to the agent.
Default: No default.
Limit: Multiple values are allowed.
Limits: Must contain 7-bit ASCII characters in the range of 32-127, and include one
or more printable characters. Cannot contain the ampersand (&) and asterisk (*)
characters. The value is not case-sensitive. For example, the names MyAgent and
myagent are treated the same.

Chapter 2: Install and Configure
Apache-based Agents on Windows
Agent Installation Compared to Agent Configuration (see page 25)
How to Install Apache-based Agents on Windows (see page 25)
How to Configure Apache-based Agents on Windows (see page 27)
Agent Installation Compared to Agent Configuration

The concepts of installation and configuration have specific meanings when used to
describe CA SiteMinder® agents.
Installation means installing the CA SiteMinder® agent software on a computer system.

For example, installing an agent creates directories and copies the CA SiteMinder® agent
software and other settings to the computer.
Configuration occurs after installation and means the act of preparing the CA
SiteMinder® agent software for a specific web server on a computer. This preparation
includes registering the agent with CA SiteMinder® Policy Servers, and creating a
runtime server instance for the web server that is installed on the computer.
Use the wizard-based installation and configuration programs to install and configure
your agent on your first web server. The wizard-based programs create a .properties
file.
Use the .properties file and the respective executable file to install or configure the
agent silently on additional web servers.
How to Install Apache-based Agents on Windows

Installing CA SiteMinder® agents on the Windows operating environment requires
several separate procedures. These procedures are described using the following
process:
1. Gather the required information for the installation program (see page 26).
2. Run the wizard based installation program (see page 26).

How to Install Apache-based Agents on Windows
Gather the Information for the Installation Program

Gather the following information about your web server before running the installation
program for the agent:
Installation Directory
Specifies the location of the agent binary files on your web server. The
web_agent_home variable is set to this location.
Limit: The product requires the name "webagent" for the bottom directory in the
path
Run the Installation Program on Windows

The installation program for the agent installs the agent on one computer at a time
using the Windows operating environment. This installation program can be run in
wizard or console modes. The wizard and console-based installation programs also
create a .properties file for subsequent installations and configurations using the
unattended or silent method with the same settings.
For example, suppose the Agents in your environment use the same web server version,
installation directory, Agent Configuration Object and Policy Servers. Use the installation
wizard or console-based installation program for your first installation. Afterwards, you
could create your own script to run the installation program with the .properties file the
wizard or console-based installation program created.
Follow these steps:

1. Copy the Web Agent installation executable file to a temporary directory on your
web server.
2. Do one of the following steps:
■ For wizard-based installations, right-click the installation executable file, and
then select Run as Administrator.
■ For console-based installations, open a command line window and run the
executable as shown in the following example:
executable_file_name.exe -i console
3. Use the information that you gathered previously to complete the installation.

How to Configure Apache-based Agents on Windows

Configuring the agent occurs after the installation. Configuration requires several
separate procedures which are described using the following process:
1. Gather the information for the configuration (see page 27).
2. Run the wizard-based configuration program (see page 30).
3. (Optional) Run the unattended or silent installation and configuration programs for
subsequent web servers in your environment (see page 31).
Gather the Information Required by the Configuration Program on Windows

Gather the following information about the environment for the product before running
the configuration program for the agent:
Register Host
Indicates whether you want to register a trusted host. This registration creates a
trusted host object in the Policy Server and an SmHost.conf file on the web server.
The agent uses this information to make an initial connection to Policy Servers
when it starts. Register each agent instance as a trusted host only once.
Default:Yes
Options: Yes, No
Admin User Name
Specifies the name of a CA SiteMinder® user with Administrative privileges that is
already defined in the Policy Server. This CA SiteMinder® user account requires
privileges to register trusted hosts.
Admin Password
Specifies a password for the Admin User Name that is already defined in the Policy
Server.
Confirm Admin Password
Repeats the password entered in the Admin Password field. This value verifies the
password for the Admin User Name already defined in the Policy Server.
Trusted Host Object Name
Specifies a unique name for the trusted host you are registering. This trusted host
object is stored on the Policy Server.
Host Configuration Object
Specifies the name of a Host Configuration Object that is already defined in the
Policy Server. After the agent initially connects to a Policy Server (using the
SmHost.conf file settings), subsequent connections use the settings from the Host
Configuration Object.

Policy Server IP Address

Specifies the Internet Protocol address of the Policy Servers to which the agent
attempts to connect upon startup. If your Policy Server is behind a firewall, specify a
port number also.
If a hardware load balancer is configured to expose Policy Servers in your
environment through a single Virtual IP Address (VIP), enter the VIP.
Example: (IPV4) 192.168.1.105
Example: (IPV4 with the port number) 192.168.1.105:44443
Example: (IPV6) 2001:DB8::/32
Example: (IPV6) [2001:DB8::/32]:44443
FIPS Mode Setting
Specifies one of the following algorithms:
FIPS Compatibility/AES Compatibility
Uses algorithms existing in previous versions of CA SiteMinder® to encrypt
sensitive data and is compatible with previous versions of CA SiteMinder®. If
your organization does not require the use of FIPS-compliant algorithms, use
this option.
FIPS Migration/AES Migration
Allows a transition from FIPS-compatibility mode to FIPS-only mode. In
FIPS-migration mode, CA SiteMinder® environment continues to use existing
CA SiteMinder® encryption algorithms as you reencrypt existing sensitive data
using FIPS-compliant algorithms.
FIPS Only/AES Only
Uses only FIPS-compliant algorithms to encrypt sensitive data in the CA
SiteMinder® environment. This setting does not interoperate with, nor is
backwards-compatible with, previous versions of CA SiteMinder®.
Default: FIPS Compatibility/AES Compatibility
FIPS is a US government computer security standard that accredits
cryptographic modules which meet the Advanced Encryption Standard (AES).
Important! Use a compatible FIPS/AES mode (or a combination of compatible
modes) for both the CA SiteMinder® agent and the Policy Server.
Name
Specifies the name of the SmHost.conf file which contains the settings the Web
Agent uses to make initial connections to a Policy Server.
Default: SmHost.conf

Location
Specifies the directory where the SmHost.conf file is stored.
Default: web_agent_home\config
Enable Shared Secret Rollover
Select this check box to change the shared secret that the Policy Server uses to
encrypt communications to the Web Agents.
Select Servers
This step has multiple screens. The first screen indicates the server type (Apache),
and the next screen displays the web server instances that the configuration
program finds on the computer. Select the check boxes of the server type, and the
instances you want to configure. Clear the check boxes of those instances from
which you want to remove CA SiteMinder® protection.
Apache 2.4.x Install Location
Specifies the location of the installation directory for your Apache-based server
(version 2.4 or higher).
Agent Configuration Object Name
Specifies the name of an agent configuration object (ACO) already defined on the
Policy Server.
Default: AgentObj
Advanced Authentication Scheme Dialog
Specifies the advanced authentication scheme for the web server instances you
selected previously.

Run the Web Agent Configuration Program on Windows

After gathering the information for your agent configuration, run the agent
configuration program. This program creates an agent runtime instance for the web
servers running on your computer.
This configuration program is wizard or console based, depending on the option you
select. Running the configuration program in the wizard or console mode once creates a
properties file. Use the properties file to run unattended configurations on other
computers with same operating environment in the future.
Follow these steps:

1. Open the following directory on your web server:
web_agent_home\install_config_info
web_agent_home
Indicates the directory where the CA SiteMinder® agent is installed on your
web server.
Default (Windows 32-bit installations only): C:\Program Files\CA\webagent
Default (Windows 64-bit installations only): C:\Program
Files\CA\webagent\win64
Default (Windows 32-bit applications operating on 64-bit systems [Wow64]):
C:\Program Files (x86)\webagent\win32
2. Use one of the following configuration methods:
■ For a GUI-based configuration, go to Step 3.
■ For a console-based configuration, go to Step 5.
3. Right-click the following executable, and then select Run as Administrator:
ca-wa-config.exe
4. Go to Step 8.
5. Open a Command Prompt window with Administrator privileges.
6. Navigate to the executable file listed previously, and then run it with the following
switch:
-i console
7. Go to Step 8.
8. Follow the prompts shown in the configuration program. Provide the requested
values from your agent configuration worksheet.
The agent runtime instance is created for your web servers.

Run the Unattended or Silent Installation and Configuration Programs for

Subsequent Agents on Windows
The unattended or silent installation option can help you automate the installation and
configuration process. This method saves time if you have a large CA SiteMinder®
environment that uses many agents with identical settings.
Follow these steps:

1. Run the following wizards on your first web server (in the order shown):
a. The CA SiteMinder® Web Agent Installation wizard.
b. The CA SiteMinder® Web Agent Configuration wizard.
2. Locate the following file on your first web server:
web_agent_home\install_config_info\ca-wa-installer.properties
Note: If the path contains spaces, surround it with quotes.

web_agent_home
web server.
Default (Windows 32-bit applications operating on 64-bit systems
[Wow64]): C:\Program Files (x86)\webagent\win32
3. Perform each of the following steps on the other web servers in your environment:
Note: To automate this process, create your own customized script to execute
these files on your systems. Use any scripting language that you want.
a. Create a temporary directory on the subsequent web server.
b. Copy the following files from the first web server (Steps 1 and 2) to the
temporary directory on your subsequent web server:
■ The CA SiteMinder® Web Agent Installation executable file.
■ CA SiteMinder® ca-wa-installer properties file.
c. Open a Command Prompt window with Administrative privileges in the
temporary directory.
d. Run the following command:

agent_executable -f properties_file -i silent
The CA SiteMinder® agent is installed and configured on the subsequent server

silently.
e. (Optional) Delete the temporary directory from your subsequent web server.
4. Repeat Step 3 for each additional web server in your CA SiteMinder® environment
that uses the configuration that the settings in your ca-wa-installer.properties file
specify.

Chapter 3: Install and Configure
Apache-based Agents on UNIX/Linux
Agent Installation Compared to Agent Configuration (see page 33)
How to Install Apache-based Agents on UNIX or Linux (see page 33)
How to Install Agents on z/OS Systems (see page 35)
How to Configure Apache-based Agents on UNIX or Linux (see page 37)
How to Configure Agents on z/OS Systems (see page 46)
Optional Agent Settings for UNIX/Linux (see page 52)

The concepts of installation and configuration have specific meanings when used to
describe CA SiteMinder® agents.
Installation means installing the CA SiteMinder® agent software on a computer system.

For example, installing an agent creates directories and copies the CA SiteMinder® agent
software and other settings to the computer.
Configuration occurs after installation and means the act of preparing the CA
SiteMinder® agent software for a specific web server on a computer. This preparation
includes registering the agent with CA SiteMinder® Policy Servers, and creating a
runtime server instance for the web server that is installed on the computer.
Use the wizard-based installation and configuration programs to install and configure
your agent on your first web server. The wizard-based programs create a .properties
file.
Use the .properties file and the respective executable file to install or configure the
agent silently on additional web servers.
How to Install Apache-based Agents on UNIX or Linux

Installing CA SiteMinder® agents on the UNIX or Linux operating environments requires
several separate procedures. These procedures are described using the following
process:
1. Gather the information that the installation program requires (see page 34).
2. Run the wizard based installation program (see page 34).

How to Install Apache-based Agents on UNIX or Linux
Gather the Information for the Installation

path.
Run the Installation Program on UNIX/Linux

The installation program for the CA SiteMinder® agent installs the agent on one
computer at a time using the UNIX or Linux operating environments. This installation
program can be run in wizard or console modes. The wizard and console-based
installation program also creates a .properties file for subsequent installations and
configurations using the unattended or silent method with the same settings.
Follow these steps:

1. Copy CA SiteMinder® agent installation executable file to a temporary directory on
your web server.
2. Log in as a root user.
■ For wizard-based installations, run the installation executable file.
■ For console-based installations, open a command-line window and run the
4. Use the information from your agent Installation worksheet to complete the
installation program.

How to Install Agents on z/OS Systems

To Install CA SiteMinder® agents on the z/OS operating environments, perform the
following process.
1. Gather the information that the installation program requires (see page 34).
2. Run the installation program (see page 35).
Gather the Information for the Installation

path.
Run the CA SiteMinder® Agent Installation Program on z/OS

The installation program for the CA SiteMinder® agent installs the agent on a single
computer running the z/OS operating environment. This installation program can be run
in wizard or console modes. The wizard and console-based installation program also
creates a .properties file for subsequent installations and configurations using the

You install the CA SiteMinder® agent using the installation media on the Technical
Support site.
Note: Verify that you have executable permissions. To add executable permissions to
the installation media, run the following command:
chmod +x installation_media
installation_media
Specifies the CA SiteMinder® agent installer executable.
Follow these steps:

2. Exit all applications that are running.
3. Open a shell and navigate to the installation media.
4. Run the installation program in GUI or console mode by entering one of the
following commands:
GUI Mode:
java -jar installation_media
Console Mode:
java -jar installation_media -i console
5. Use the information from that you gathered earlier to complete the installation
program.

How to Configure Apache-based Agents on UNIX or Linux

Configuring the agent occurs after the installation. Configuration requires several
separate procedures which are described using the following process:
1. Gather the information that the configuration program requires (see page 37).
2. (RedHat Linux only) Edit the configuration files for embedded Apache web servers
on RedHat Linux (see page 40).
3. Source the Agent environment script (see page 41).
4. Set the library path variable on UNIX or Linux systems (see page 41).
5. Run the agent configuration program (see page 42).
6. (Optional) Run the unattended or silent installation and configuration program for
other agents (see page 44).
7. Set the LD_PRELOAD variable (see page 45).
8. (SuSE 9 zSeries only) Set the LD_ASSUME_KERNEL variable (see page 45).
9. (Red Hat Linux only) Set the CAPKIHOME variable (see page 45).
Gather the Information that the Configuration Program Requires on UNIX/Linux

Register Host
Indicates whether you want to register a trusted host. This registration creates
a trusted host object in the Policy Server and an SmHost.conf file on the web
server. The agent uses this information to make an initial connection to Policy
Servers when it starts. Register each agent instance as a trusted host only once.
Default:Yes
Options: Yes, No
Admin User Name
Specifies the name of a CA SiteMinder® user with Administrative privileges that
is already defined in the Policy Server. This CA SiteMinder® user account
requires privileges to register trusted hosts.
Admin Password
Specifies a password for the Admin User Name that is already defined in the
Policy Server.


Repeats the password entered in the Admin Password field. This value verifies
the password for the Admin User Name already defined in the Policy Server.
Specifies a unique name for the trusted host you are registering. This trusted
host object is stored on the Policy Server.
SmHost.conf file settings), subsequent connections use the settings from the
Host Configuration Object.
attempts to connect upon startup. If your Policy Server is behind a firewall,
specify a port number also.
Example: (IPV4) 192.168.1.105
Example: (IPV6) [2001:DB8::/32]:44443

FIPS Mode Setting

sensitive data and is compatible with previous versions of CA SiteMinder®.
If your organization does not require the use of FIPS-compliant algorithms,
use this option.
FIPS-migration mode, CA SiteMinder® environment continues to use
existing CA SiteMinder® encryption algorithms as you reencrypt existing
sensitive data using FIPS-compliant algorithms.
FIPS Only/AES Only
FIPS is a US government computer security standard that accredits
Name
Location
Select this check box to change the shared secret that the Policy Server uses to
encrypt communications to the Web Agents.
Select Servers
Indicates the web server instances that the configuration program finds on the
computer. Select the check boxes of the instances you want to configure. Clear
the check boxes of those instances from which you want to remove CA
SiteMinder® protection.


Specifies the name of an agent configuration object (ACO) already defined on
the Policy Server.
Default: AgentObj
Edit the configuration files for embedded Apache web servers on RedHat Linux
For an embedded Apache web server (included by default) on a RedHat Linux system,
modify certain configuration files to accommodate the product first.
Follow these steps:

1. Log on to the RedHat Linux system.
2. Open the following file with a text editor:
web_agent_home/ca_wa_env.sh
web_agent_home
Indicates the directory where the CA SiteMinder® Agent is installed.
Default (UNIX/Linux installations): /opt/ca/webagent
3. Verify that the line that sets the LD_PRELOAD variable begins with a comment (the
LD_PRELOAD variable setting is disabled).
4. Save the changes and close the ca_wa_env.sh file.
/etc/sysconfig/httpd
6. Add the following line to the end of the file:

PATH=$PATH:web_agent_home/bin
7. Save the changes and close the text editor.

Source the Agent Environment Script on UNIX or Linux

The agent installation program creates an environment script in the following directory:
web_agent_home
For most Apache-based web servers, source this script after doing any of the following
tasks:
■ Running the agent configuration program.
■ Starting the web server.
Note: If you perform all the previous tasks in the same shell, only source the script
once.
For the embedded Apache web server included with RedHat Linux, do one of the
following tasks:
■ Source the script before starting the httpd service.
■ Source the script in the following file (instead of starting it manually each time):
/etc/init.d/htppd
Set the Library Path Variable on UNIX or Linux

Set the library path variable on UNIX or Linux systems before running the agent
configuration program.
The following table lists the library path variables for the various UNIX and Linux
operating environments:
Operating System Name of Library Path Variable
AIX LIBPATH
Linux LD_LIBRARY_PATH
Solaris LD_LIBRARY_PATH

Set the value of the library path variable to the web_agent_home/bin directory.
web_agent_home
Set Web Agent Variables when using apachectl Script
You run your Apache server using the apachectl script (such as when running an Apache
web server on POSIX). Adding a line to the apachectl script sets the environment
variables for the agent.
Follow these steps:

1. Locate a line resembling the following example:
# Source /etc/sysconfig/httpd for $HTTPD setting, etc
2. Add the following line after the line in the previous example:
sh /web_agent_home/ca_wa_env.sh
web_agent_home
Run the Web Agent Configuration Program on UNIX/Linux

Follow these steps:

web_agent_home/install_config_info
web_agent_home


3. Run the following executable file:
ca-wa-config.bin
4. Go to Step 8.
5. Open a Command Prompt window with root privileges.
switch:
-i console
7. Go to Step 8.
See the CA SiteMinder® Default Headers

To see the CA SiteMinder® default headers, such as SMUSER and SMUSERDN, set the
LegacyVariables parameter to No on Apache 2.4.x web servers.

Run the Unattended or Silent Installation and Configuration Programs for Agents
on UNIX/Linux
Follow these steps:

a. The CA SiteMinder® Web Agent Installation wizard.
b. The CA SiteMinder® Web Agent Configuration wizard.
web_agent_home/install_config_info/ca-wa-installer.properties

web_agent_home
3. Perform each of the following steps on the subsequent web server:
b. Copy the following files from the web server where you ran the wizards (from
Steps 1 and 2) to the temporary directory on your subsequent web server:
■ The CA SiteMinder® Web Agent Installation executable file.
■ CA SiteMinder® ca-wa-installer properties file.
c. Open a Command Prompt window with root privileges in the temporary
directory.
agent_executable.bin -f properties_file -i silent
The CA SiteMinder® agent is installed and configured on the web server

silently.
e. (Optional) Delete the temporary directory from your web server.

specify.
Set the LD_PRELOAD Variable

Most Apache-based CA SiteMinder® agents require that the LD_PRELOAD variable is set
to the following value:
LD_PRELOAD=web_agent_home/bin/libbtunicode.so
Note: Embedded Apache web servers included with RedHat Linux require different
configuration procedures (see page 40).
Set the LD_ASSUME_KERNEL for Apache Agent on SuSE Linux 9 for zSeries
After you install the Web Agent on an Apache web server running on SuSE Linux 9 for
zSeries, set the LD_ASSUME_KERNEL environment variable as follows:
LD_ASSUME_KERNEL=2.4.21
export LD_ASSUME_KERNEL
Important! You must set this variable to 2.4.21 because it represents the kernel release
upon which the Web Agent libraries are built.
Without this setting, the following problems occur:

■ The Apache web server will not start properly.
■ Host registration dumps core.
Set the CAPKIHOME Variable for Red Hat Linux Systems

If you want to run an Apache-based Web Agent on a Red Hat Linux system, set the
CAPKIHOME environment variable by entering the following commands:
CAPKIHOME="/usr/local/CA/webagent/CAPKI"
export CAPKIHOME

How to Configure Agents on z/OS Systems

Configure the CA SiteMinder® agent after installation by performing the procedures
described in the following process.
1. Gather the information that the configuration program requires (see page 46).
2. Set the Library Path variable (see page 49).
3. Run the agent configuration program (see page 49).
4. (Optional) Run the unattended or silent installation and configuration program for
agents on other z/OS systems (see page 50).
Gather the Information that the Configuration Program Requires on z/OS

Register Host
Indicates whether you want to register a trusted host. This registration creates
a trusted host object in the Policy Server and an SmHost.conf file on the web
server. The agent uses this information to make an initial connection to CA
SiteMinder® Policy Servers when it starts. Register each agent instance as a
trusted host only once.
Default:Yes
Options: Yes, No
Admin User Name
Specifies the name of a CA SiteMinder® user with Administrative privileges that
is already defined in thePolicy Server. This CA SiteMinder® user account
requires privileges to register trusted hosts.

Admin Password
Specifies a password for the Admin User Name that is already defined in the
Policy Server.
Repeats the password entered in the Admin Password field. This value verifies
the password for the Admin User Name already defined in the Policy Server.
Specifies a unique name for the trusted host you are registering. This trusted
host object is stored on the Policy Server.
SmHost.conf file settings), subsequent connections use the settings from the
Host Configuration Object.
attempts to connect upon startup. If your Policy Server is behind a firewall,
specify a port number also.
Example: (IPV4) 192.168.1.105
Example: (IPV6) [2001:DB8::/32]:44443

FIPS Mode Setting

sensitive data and is compatible with previous versions of CA SiteMinder®.
If your organization does not require the use of FIPS-compliant algorithms,
use this option.
FIPS-migration mode, CA SiteMinder® environment continues to use
existing CA SiteMinder® encryption algorithms as you reencrypt existing
sensitive data using FIPS-compliant algorithms.
FIPS Only/AES Only
Note: FIPS is a US government computer security standard that accredits
Name
Location
Select this check box to change the shared secret that the CA SiteMinder®
Policy Server uses to encrypt communications to the Web Agents.
Select Servers
Indicates the web server instances that the configuration program finds on the
computer. Select the check boxes of the instances you want to configure. Clear
the check boxes of those instances from which you want to remove CA
SiteMinder® protection.

IBM HTTP Server for z/OS Path

Specifies the path of the IBM HTTP Server httpd.conf configuration file.
Default: The home directory of the account that is used to run the
configuration wizard.
Specifies the name of an agent configuration object (ACO) already defined on
the Policy Server.
Default: AgentObj
Set the Library Path Variable on z/OS

Set the library path variable on z/OS systems before running the agent configuration
program.
export LIBPATH=web_agent_home/bin
web_agent_home
Default: /opt/ca/webagent
Run the CA SiteMinder® Agent Configuration Program on z/OS

properties file. Use the properties file to run unattended configurations on other z/OS
systems in the future.
Note: Verify that you have executable permissions. To add executable permissions to
the installation media, run the following command:
installation_media
Specifies the CA SiteMinder® agent installer executable.

Follow these steps:

2. Exit all applications that are running.
3. Open a shell and navigate to the following directory:
web_agent_home
4. Run the configuration program in GUI or console mode by entering one of the
following commands:
GUI Mode:
ca-wa-config.sh
Console Mode:
ca-wa-config.sh -i console
(Optional) Run the Unattended or Silent Installation and Configuration Programs

for CA SiteMinder® Agents on z/OS

Follow these steps:

a. The CA SiteMinder® agent Installation wizard.
b. The CA SiteMinder® agent configuration wizard.
web_agent_home/install_config_info/ca-wa-installer.properties

web_agent_home
3. Perform each of the following steps on the subsequent web server:
b. Copy the following files from the web server where you ran the wizards (from
Steps 1 and 2) to the temporary directory on your subsequent web server:
■ The CA SiteMinder® Agent Installation executable file.
■ The ca-wa-installer properties file.
c. Open a Command Prompt window with root privileges in the temporary
directory.
java -jar installation_media -f ca-installer.properties -i silent
installation_media
Specifies the CA SiteMinder® Agent installer executable.
The CA SiteMinder® agent is installed and configured on the web server
silently.
e. (Optional) Delete the temporary directory from your web server.
specify.

Optional Agent Settings for UNIX/Linux

CA SiteMinder® agents for apache-based servers offer the following optional settings:
■ If you are using the apachectl script, set the agent variables in the script (see
page 42).
■ Improve server performance with optional httpd.conf file changes (see page 52).

You run your Apache server using the apachectl script (such as when running an Apache
web server on POSIX). Adding a line to the apachectl script sets the environment
variables for the agent.
Follow these steps:

1. Locate a line resembling the following example:
# Source /etc/sysconfig/httpd for $HTTPD setting, etc
2. Add the following line after the line in the previous example:
sh /web_agent_home/ca_wa_env.sh
web_agent_home
Improve Server Performance with Optional httpd.conf File Changes

You can improve server performance by modifying the default configuration settings in
the httpd.conf file; however, these changes are not required:
Follow these steps:

1. For Apache- based servers, assign a higher priority level to your
Apache20WebAgent.dll file than any other auth or access modules on your web
server.
2. For low-traffic websites, define the following directives:
■ Set MaxRequestsPerChild>1000 or Set MaxRequestsPerChild=0
■ MinSpareServers >5
■ MaxSpareServers>10
■ StartServers=MinSpareServers>5

3. For high-traffic websites, define the following directives:

■ Set MaxRequestsPerChild>3000 or Set MaxRequestsPerChild=0
■ MinSpareServers >10
■ MaxSpareServers>15
■ StartServers=MinSpareServers>10
Note: CA Services can provide assistance with performance-tuning for your particular
environment.

Chapter 4: Dynamic Policy Server Clusters
Earlier versions of CA SiteMinder® agents did not automatically discover when Policy
Servers were added or removed from a cluster. The agents recognized the changes only
after their respective web servers were restarted.
CA SiteMinder® 12.52 SP1 supports dynamic Policy Server clusters. Agents automatically
discover Policy Servers that are added or removed from an existing cluster when
dynamic Policy Server Clusters are enabled.
For example, suppose that your agent connects to a cluster of the following Policy
Servers:
■ 192.168.2.100
■ 192.168.2.101
■ 192.168.2.103
■ 192.168.2.104
Suppose that you later decide to remove the server 192.168.2.103 to upgrade its
operating system. In this situation, enabling dynamic Policy Server clusters lets your
agents recognize the change in the membership of the cluster without restarting.
Restart your web server if you do any of the following tasks:

■ Change the configuration of an existing Policy Server (using the configuration
wizard).
■ Create a Policy Server cluster.
■ Delete a Policy Server cluster.
■ Change the values for any of the following Policy Server settings:
– EnableFailOver
– MaxSocketsPerPort
– MinSocketsPerPort
– NewSocketStep
– RequestTimeout
Chapter 4: Dynamic Policy Server Clusters 55

Connect a Web Agent to a Dynamic Policy Server Cluster
Connect a Web Agent to a Dynamic Policy Server Cluster

You can connect a Web Agent to one or more dynamic Policy Server clusters by
modifying the SmHost.conf file on your web server.
Follow these steps:

web_agent_home\config\SmHost.conf
web_agent_home
web server.
Default (Windows 32-bit applications operating on 64-bit systems
[Wow64]): C:\Program Files (x86)\webagent\win32
2. Do one of the following tasks:
If this Web Agent has never been connected to dynamic cluster of Policy Servers before,
create a line (anywhere in the file) with the following text:
enableDynamicHCO="YES"
■ If this Web Agent has previously been connected to a dynamic cluster of Policy
Servers, change the value of the existing enableDynamicHCO parameter from
"NO" to "YES".
1. Save the SmHost.conf file, and then close the text editor.
2. Restart your web server.
The Web Agent is connected to dynamic Policy Server clusters.

Chapter 5: Starting and Stopping Web
Agents
Enable a Web Agent

Configure your agent parameters and then enable the agent to protect the resources on
the web server.
Note: No resources are protected until you also define policies in the CA SiteMinder®
Policy Server.
Follow these steps:

1. Open the WebAgent.conf file with a text editor.
Note: Agents for IIS installed on 64-bit operating environments have two
WebAgent.conf files. One file for 32-bit Windows applications. The other file is for
64-bit Windows applications. Modify both WebAgent.conf files when starting or
stopping the Agent for IIS.
2. Change the value of the EnableWebAgent parameter to yes.
3. Save and close the WebAgent.conf file.
4. Restart the web server (the web server itself, not the computer on which it runs).
The Web Agent is enabled.

Disable a Web Agent
Disable a Web Agent

If you want to stop the Web Agent from protecting the resources on your web server,
disable the Web Agent.
Follow these steps:

1. Open the WebAgent.conf file with a text editor.
Note: Agents for IIS installed on 64-bit operating environments have two
WebAgent.conf files. One file for 32-bit Windows applications. The other file is for
64-bit Windows applications. Modify both WebAgent.conf files when starting or
stopping the Agent for IIS.
2. Change the value of the EnableWebAgent parameter to no.
3. Save and close the WebAgent.conf file.
4. Restart the web server (the web server itself, not the computer on which it runs).
The Web Agent is disabled.
Starting or Stopping Most Apache-based Agents with the

apachectl Command
Starting or stopping most Apache-based agents with the apachectl command on UNIX or
Linux operating environments requires setting the environment variables for the
product first.
Note: The Apache-based agents do not support the apachectl -restart option. This
procedure does not apply to Apche-based IBM HTTP servers. Use this procedure (see
page 59) instead.
Follow these steps:

1. For UNIX/Linux operating environments, set the environment variables by running
the following script:
./ca_wa_env.sh
2. Use one of the following commands:

apachectl -stop
apachectl -start

Start an IBM HTTP Server with the apachectl Command
Start an IBM HTTP Server with the apachectl Command

Starting or stopping an Apache-based agent on an IBM HTTP server with the apachctl
command requires extra configuration steps. Before running the apachectl command on
the UNIX or Linux operating environments, do the following tasks:
■ Source the environment variable script.
■ Export appropriate variable for your operating environment from the following list:
– LD_LIBRARY_PATH (32-bit and 64-bit operating environments)
– LD_LIBRARY_PATH_64 (Solaris only)
Follow these steps:

1. For UNIX/Linux operating environments, set the environment variables by running
the following script:
./ca_wa_env.sh
2. Do one of the following tasks:

■ For 32-bit or 64-bit operating environments, set the LD_LIBRARY_PATH variable
to the location of the lib directory of the IBM HTTP web server. Use the
following example as a guide:
export LD_LIBRARY_PATH=/opt/IBM/HTTPServer/lib:$LD_LIBRARY_PATH
■ (Solaris only) For 64-bit operating environments, set the LD_LIBRARY_PATH_64

variable to the location of the lib directory of the IBM HTTP web server. Use the
following example as a guide:
export LD_LIBRARY_PATH_64=/opt/IBM/HTTPServer/lib:$LD_LIBRARY_PATH_64
3. Run the apachectl command, as shown in the following example:

apachectl -start
Note: The Apache-based agents do not support the apachectl -restart option. Use the
-stop and -start commands instead.

Start an Oracle 11.g.x HTTP Server with the opmnctl Command
Start an Oracle 11.g.x HTTP Server with the opmnctl Command

Valid on RedHat Enterprise Linux
Starting or stopping an Oracle HTTP server requires extra configuration steps.
Follow these steps:

1. Open the opmnctl script with a text editor.
2. Update the LD_LIBRARY_PATH variable with the agent installation directory. Use
the following example as a guide:
export LD_LIBRARY_PATH=/opt/CA/webagent/bin:$LD_LIBRARY_PATH
3. Add the following directory to the PATH variable:

CA/webagent/bin
4. Save your changes and close the opmnctl script.

5. Start the agent with the following command:
opmnctl startall

Chapter 6: Upgrade a Web Agent to 12.52
SP1
Agent Upgrade Roadmap (see page 62)
How to Prepare for a CA SiteMinder® Agent Upgrade (see page 63)

Agent Upgrade Roadmap
Agent Upgrade Roadmap

The following illustration describes how to upgrade a CA SiteMinder® Agent to r12.5:

How to Prepare for a CA SiteMinder® Agent Upgrade

Upgrading a CA SiteMinder® agent involves several separate procedures. To prepare for
an upgrade of your agent, follow these steps:
1. Use one of the following diagrams to verify that you are in the proper step of the CA
SiteMinder® upgrade process for an agent upgrade:
■ Upgrade process from r6.x
■ Upgrade process from r12.0 (see page 66)
2. Create backup copies of any customized CA SiteMinder® files on your web server.
Examples of files you could have customized after installing or configuring your
agent include the following examples:
■ LocalConfig.conf
■ WebAgent.conf
3. Gather information for the following CA SiteMinder® programs.
■ Agent installation wizard.
■ Agent configuration wizard.
4. If you are upgrading an agent on a UNIX/Linux operating environment, clear the
LD_PRELOAD variable (see page 66). Otherwise, continue with the next step.
5. Use one of the following procedures to upgrade your agent:
■ Run the installation wizard for Windows operating environments (see page 67).
■ Run the installation wizard for UNIX/Linux operating environments (see
page 68).
6. If you are upgrading an agent on a UNIX/Linux operating environment, set the
LD_LIBRARYPATH variable (see page 68). Otherwise, continue with the next step.
7. Use one of the following procedures to configure the upgraded agent:
■ Configure your upgraded agent on Windows operating environments (see
page 70).
■ Configure your upgraded agent on UNIX/Linux operating environments (see
page 71).

Upgrade Process from CA SiteMinder® r6.x

An agent upgrade to 12.52 SP1 from r6.x occurs at stage three of the CA SiteMinder®
upgrade process, as shown in the following illustration:
Figure 1: r6 SP5 migration. Stages 1 through 3

Upgrade Process from CA SiteMinder® r12.0

An agent upgrade to 12.52 SP1 from r12.x occurs at stage two of the CA SiteMinder®
Figure 2: r12.x migration overview.

Upgrade Process from CA SiteMinder® r12.0

An agent upgrade to 12.52 SP1 from r12.0 occurs at stage two of the CA SiteMinder®
Figure 3: r12.x migration overview.
Note: For more information about the CA SiteMinder® upgrade process, see the
Upgrade Guide.
Ensure LD_PRELOAD Variable Does Not Conflict with Existing Agent

If you are upgrading or reinstalling a Web Agent on a Linux system, from the shell, set
the LD_PRELOAD variable so that it points to a different location from any existing Web
Agent installation directory. For example, if an existing LD_PRELOAD entry is set to:
LD_PRELOAD=web_agent_home/bin/libbtunicode.so
Before you reinstall or upgrade, set the variable to:

export LD_PRELOAD=
This entry sets the variable to a blank value.

Source the Environment Script on UNIX and Linux Operating Environments

If you are upgrading a Web Agent on a UNIX or Linux system, source the environment
script that is available in the following directory:
CA SiteMinder® 6.0
web_agent_home/nete_wa_env.sh
CA SiteMinder® 12.0 and later

web_agent_home
Default: /opt/ca/webagent
Run the Installation Wizard to Upgrade your Agent on Windows

The installation program for the agent installs the agent on one computer at a time
using the Windows operating environment. This installation program can be run in
wizard or console modes. The wizard and console-based installation programs also
create a .properties file for subsequent installations and configurations using the
Follow these steps:

1. Copy the Web Agent installation executable file to a temporary directory on your
web server.
■ For wizard-based installations, right-click the installation executable file, and
then select Run as Administrator.
■ For console-based installations, open a command line window and run the
3. Use the information that you gathered previously to complete the installation.

Run the Installation Wizard to Upgrade your Agent on UNIX/Linux

The installation program for the CA SiteMinder® agent installs the agent on one
computer at a time using the UNIX or Linux operating environments. This installation
program can be run in wizard or console modes. The wizard and console-based
installation program also creates a .properties file for subsequent installations and
configurations using the unattended or silent method with the same settings.
Follow these steps:

1. Copy CA SiteMinder® agent installation executable file to a temporary directory on
your web server.
■ For wizard-based installations, run the installation executable file.
■ For console-based installations, open a command-line window and run the
4. Use the information from your agent Installation worksheet to complete the
installation program.
Set the Library Path Variable Before Configuring your Upgraded Agent on
UNIX/Linux
Set the library path variable on UNIX or Linux systems before running the agent
configuration program.
The following table lists the library path variables for the various UNIX and Linux
operating environments:
Operating System Name of Library Path Variable
AIX LIBPATH
Linux LD_LIBRARY_PATH
Solaris LD_LIBRARY_PATH

Set the value of the library path variable to the web_agent_home/bin directory.
web_agent_home

Configure your Upgraded Agent on Windows

Follow these steps:

web_agent_home\install_config_info
web_agent_home
web server.
Default (Windows 32-bit applications operating on 64-bit systems [Wow64]):
C:\Program Files (x86)\webagent\win32
3. Right-click the following executable, and then select Run as Administrator:
ca-wa-config.exe
4. Go to Step 8.
5. Open a Command Prompt window with Administrator privileges.
switch:
-i console
7. Go to Step 8.

Configure your Upgraded Agent on UNIX/Linux

Follow these steps:

web_agent_home
3. Run the following executable file:
ca-wa-config.bin
4. Go to Step 8.
switch:
-i console
7. Go to Step 8.

Chapter 7: Operating System Tuning for
Agents
Tune the Shared Memory Segments (see page 74)
How to Tune the Solaris 10 Resource Controls (see page 76)

Tune the Shared Memory Segments

If you install an Apache-based agent on Solaris systems, tune the shared memory
settings of the operating environment for the Agent to function correctly. By increasing
the shared memory segments or your operating environment, you improve the
performance of the Agent. The variables that control shared memory segments are
defined in the specification file of your operating environment.
For AIX operating environments, run the following command before starting an
Apache-based server:
export EXTSHM=ON
Note: Sometimes Linux operating environments require tuning the shared memory
segments. For more information about the shared memory segments and how to tune
them, see the documentation for your particular operating environment.
Follow these steps:

1. Follow the appropriate procedure for your operating environment:
■ Solaris: Open the /etc/system file, using the editor of your choice.
2. Modify the shared memory variables using one of the following methods:
■ Solaris: Add the variables shown in the following list and configure them using
the recommended settings shown in the examples. Use the following syntax:
set shmsys:shminfo_shmmax=33554432
shmsys:shminfo_shmmax
Specifies the maximum shared memory segment size. Controls the maximum
size of the Agent resource and session cache.
Note: To estimate the amount of memory segments that are required, allocate
4 KBs per entry in each cache, or view cache usage statistics in the OneView
Monitor. See the Web Agent Configuration Guide for more information about
using the OneView Monitor.
Example: 33554432 (32 MB) for busy sites that require large caches.
shmsys:shminfo_shmmin
(Not required for Solaris) Minimum shared memory segment size. Controls the
minimum size of the Agent resource and session cache.

shmsys:shminfo_shmmni
Specifies the maximum number of shared memory segments that can exist
simultaneously, systemwide.
Example: (except Solaris 9) N/A
Example: (Solaris 9) 200
shmsys:shminfo_shmseg
(Not required for Solaris 9) Specifies the maximum number of shared memory
segments per process.
Example: 24
semsys:seminfo_semmni
Specifies the number of semaphore identifiers. Use 11 for every instance of the
Agent that you run on the system.
Example: (except Solaris 9) 100
semsys:seminfo_semmns
Specifies the number of semaphores in the system. Use 10 for every instance of
the Agent that you run on the system.
semsys:seminfo_semmnu
Specifies the number of processes using the undo facility. For optimal
performance, set the semmnu value so it exceeds the number of Apache child
processes running on the system at any one time. For Apache–based servers,
use a value exceeding the maxclients setting by 200 or more.
3. Save your changes then exit the file or the utility.
4. Reboot the system.
5. Verify your changes by entering the command:
$ sysdef -i

How to Tune the Solaris 10 Resource Controls
How to Tune the Solaris 10 Resource Controls

Tune the resource controls at the project level to improve the performance of the
agent.
Note: See your Solaris documentation for more information.
Tuning the resource controls on Solaris 10 uses the following process:

1. Determine the project that is associated with the user account under which the
Web Agent runs.
2. Increase the settings for any of the following resource controls of that project:
project.max-shm-ids
Specifies the maximum shared memory IDs for a project.
project.max-sem-ids
Specifies the maximum number of semaphore IDs for a project.
project.max-msg-ids
Specifies the maximum number of message queue IDs for a project.
project.max-shm-memory
Specifies the total amount of shared memory allowed for a project.
process.max-sem-nsems
Specifies the maximum number of semaphores allowed per semaphore set.
process.max-sem-ops
Specifies the maximum number of semaphore operations allowed per semop.
process.max-msg-messages
Specifies the maximum number of messages on a message queue.
process.max-msg-qbytes
Specifies the maximum number of bytes of messages on a message queue.

Chapter 8: Uninstall a Web Agent
Notes About Uninstalling Web Agents (see page 77)
Uninstall a Web Agent from a Windows Operating Environment (see page 78)
Uninstall an Apache-based Agent from a UNIX System (see page 80)
Uninstall an Apache-based Agent from a z/OS System (see page 81)
Notes About Uninstalling Web Agents

Be aware of the following:
■ All Web Agents for all installed web servers will be uninstalled.
■ The Password Services and Forms directories, (pw_default, jpw_default,
samples_default) will be removed. However, the non-default copies of these
directories (pw, jpw, samples) are not removed because these directories may
contain customized files.

Uninstall a Web Agent from a Windows Operating Environment

Before you un–install the CA SiteMinder® Web Agent from a Windows operating
environment, consider making backup copies of your registry settings and Web Agent
configuration settings.

Follow these steps:

1. Stop the web server.
2. Remove the configuration settings for the agents on your server with one of the
following procedures:
■ To un-configure the agent with the wizard, go to Step 3.
■ To un-configure the agent with the console-based program, go to Step 6.
3. Click Start, All Programs, CA, CA SiteMinder®.
A shortcut to the Web Agent Configuration wizard appears.
4. Right-click the shortcut, and then select Run as administrator.
Important! If you are running this wizard on Windows Server 2008, run the
executable file with administrator permissions. Use these permissions even if you
are logged in to the system as an administrator. For more information, see the
release notes for your CA SiteMinder® component.
The Web Agent Configuration wizard starts.
5. Clear the check boxes from the agent instances configured on your web server, and
complete the wizard.
7. Navigate to the ca-wa-config.exe file, and then run it with the following switch:
-i console
8. Un-configure the agent instances configured on your web server. Wait for the
configuration program to finish, then go to Step 9.
9. Choose one of the following procedures:
■ To remove the Web Agent using the wizard, go to Step 10.
■ To remove the Web Agent using the console-based program, go to Step 15.
10. Click Start, Control Panel, Programs and Features.

A list of installed programs appears.

11. Click CA CA SiteMinder® Web Agent version_number.
12. Click Uninstall/Change.
The uninstallation wizard appears.
13. Review the information in the Uninstall CA SiteMinder® Web Agent dialog, then
click Uninstall.
The wizard removes the web agent.
14. Wait for the wizard to finish, then go to Step 17.
15. Open a command-line window.
16. Navigate to the following directory.
web_agent_home
web_agent_home
Indicates the directory where the CA SiteMinder® Agent is installed on
your web server.
Default (Windows 32-bit installations of CA SiteMinder® IIS Web Agents
only): C:\Program Files\CA\webagent
Default (Windows 64-bit installations [CA SiteMinder® Web Agents for IIS
only]): C:\Program Files\CA\webagent\win64
Default (Windows 32-bit applications operating on 64-bit systems [Wow64
with CA SiteMinder® Web Agents for IIS only]): C:\Program Files
(x86)\webagent\win32
17. Run the following command:
ca-wa-uninstall.cmd -i console
18. Wait for the un–installation program to finish, then go to Step 19.
19. Start the web server.
Important! Delete the ZeroG registry file from the following location after uninstalling
the Web Agent: C:\Program Files\ZeroG Registry\com.zerog.registry.xml

Uninstall an Apache-based Agent from a UNIX System
Uninstall an Apache-based Agent from a UNIX System

These instructions are for GUI and Console Mode removal.
Note: Removing a Web Agent from a 64-bit SuSE Linux 10 system requires additional
preparations.

The steps for the two modes are the same, with these exceptions for Console Mode:
■ Select the option that you want by entering a corresponding number.
■ Press Enter after each step to proceed through the process instead of "clicking
Next," as stated in the following procedure.
Note: Before you uninstall, we recommend copying your agent configuration settings to
have as a backup.
Follow these steps:

2. Log in to the UNIX system.
3. Run the configuration wizard to remove the configuration settings of the agents
that you want to remove.
4. Navigate to the directory where the Web Agent is installed:
web_agent_home/install_config_info/ca-wa-uninstall
5. If necessary, verify that you have execute permissions on the uninstallation

program by entering chmod +x uninstall.
6. From a console window, enter one of the following commands:
■ GUI mode: ./uninstall
■ Console mode: ./uninstall -i console
The uninstallation program starts.
7. Read the information in the dialog to confirm the removal of the Web Agent, then
click Uninstall. The Web Agent is removed from the system.
8. Click Done to exit the uninstallation program.

Uninstall an Apache-based Agent from a z/OS System
9. (Optional) For Apache-based agents, remove the lines from the httpd.conf file that
the Configuration Wizard added.
10. Change to your home directory (the current directory has been deleted).
11. Restart the web servers.

These instructions are for GUI and Console Mode removal. The steps for the two modes
are the same, with these exceptions for Console Mode:
■ Select the option that you want by entering a corresponding number.
■ Press Enter after each step to proceed through the process instead of "clicking
Next," as stated in the following procedure.
Note: Before you uninstall, we recommend copying your agent configuration settings to
have as a backup.
Follow these steps:

3. Run the configuration wizard to remove the configuration settings of the agents
that you want to remove.
4. Open a shell and navigate to the directory where the CA SiteMinder® agent is
installed:
web_agent_home/install_config_info/ca-wa-uninstall
5. If necessary, verify that you have execute permissions on the uninstallation

program by entering the following command:
installation_media
Specifies the Policy Server installer executable.
6. Perform one of the following procedures:
■ If you installed the agent using GUI mode, enter the following command from a
console window:
./ca-wa-uninstall.sh
The uninstallation program starts.

■ If you installed the agent using console mode, use the Configuration Wizard to
unconfigure the agent and then delete the web_agent_home directory
manually.

7. Read the information in the dialog to confirm the removal of the CA SiteMinder®
agent, then click Uninstall. The CA SiteMinder® agent is removed from the system.
8. Click Done to exit the uninstallation program.
9. (Optional) Remove the lines from the httpd.conf file that the Configuration Wizard
added.
10. Change to your home directory (the current directory has been deleted).
11. Restart the web servers.

Chapter 9: Troubleshooting
Apache-based Server Not Starting (see page 83)
Apache Server Shows shmget Failure On Startup (see page 84)
Apache Agent is Enabled but Default Server Page or Protected Resource Not Accessible
(see page 84)
Apache Web Agent Not Operating (see page 84)
Non-english Input Characters Contain Junk Characters (see page 85)
Apache-based Server Not Starting

Valid on Windows
Symptom:
My Apache based server failed to start after loading the mod_sm24 module.
The following message appears in my Windows event viewer:
Faulting application name: httpd.exe, version: 2.4.9.0, time stamp: 0x5326d7a4

Faulting module name: mod_sm24.dll, version: 12.5.4.914, time stamp: 0x5379ded8
Exception code: 0xc00000fd
Faulting application path: C:\Apache24\bin\httpd.exe
Faulting module path: C:\Program Files\CA\webagent\win64\bin\mod_sm24.dll
Solution:
Do the following tasks:
1. Open the Visual Studio command-line window:
2. Run the following command:
editbin /STACK:524288 httpd.exe
3. Verify that the stack reserve space has been updated to 80000(hex).
Apache Server Shows shmget Failure On Startup
Apache Server Shows shmget Failure On Startup

Symptom:
When starting the web server, you see: shmget failed.
You may be trying to make a cache that is too large or be doing apachectl restart.
Solution:
Make the recommended adjustments to the shared memory segments.
Apache Agent is Enabled but Default Server Page or Protected

Resource Not Accessible
Symptom:
The default web server page or the protected resource is not accessible after enabling
Web Agent.
Solution:
Make the recommended adjustments to the shared memory segments.
Apache Web Agent Not Operating

Symptom:
The Apache Web Agent is not operating.
Solution:
Tune the Apache operating system shared memory.

Non-english Input Characters Contain Junk Characters
Non-english Input Characters Contain Junk Characters

Valid on UNIX/Linux
Symptom:
Some non-English input characters are not displayed correctly in the console window.
Solution:
Verify the terminal settings of your console window. Confirm that the console does not
clear high (eight) bit of input characters. Execute the following command:
stty –istrip
Appendix A: Worksheets
Agent Installation Worksheet (see page 87)
Agent Configuration Worksheet (see page 87)
Agent Installation Worksheet

Use the following table to record the information that the agent installation program
requires:
Information Needed Your Value

Agent Configuration Worksheet

Use the following table to record the information that the agent configuration program
requires:

Host Registration (Yes/No)
Admin User Name
Admin Password
Trusted Host Name
IP Address
FIPS Mode Setting
SmHost.conf file Name
SmHost.conf file Location
Select Server
Appendix A: Worksheets 87
Agent Configuration Worksheet


Index
( E
(Optional) Run the Unattended or Silent Installation
Edit the configuration files for embedded Apache
and Configuration Programs for CA SiteMinder®
web servers on RedHat Linux • 40
Agents on z/OS • 50
Enable a Web Agent • 57
A Enable Write Permissions for IBM HTTP Server Logs •
21
Add a Supported JRE to the System Path • 21 Ensure LD_PRELOAD Variable Does Not Conflict with
Agent Configuration Worksheet • 87 Existing Agent • 66
• 25, 33 G
Agent Installation Worksheet • 87
Gather the Information for the Installation • 34, 35
Agent Upgrade Roadmap • 62
Gather the Information for the Installation Program
AIX Requirements • 15
• 26
Apache Agent is Enabled but Default Server Page or
Gather the Information Required by the
Protected Resource Not Accessible • 84
Configuration Program on Windows • 27
Apache Server Shows shmget Failure On Startup • 84
Gather the Information that the Configuration
Apache Web Agent
Program Requires on UNIX/Linux • 37
uninstalling, UNIX • 80
Gather the Information that the Configuration
Apache Web Agent Not Operating • 84
Program Requires on z/OS • 46
Apache Web server
installing as service • 13 H
installing on windows, caution • 13
Apache-based Server Not Starting • 83 Hardware Requirements for CA SiteMinder® Agents
Apache-based Server Preparations for Linux • 15 • 10
Apache-based Server Preparations for Windows • 13 How to Configure Agents on z/OS Systems • 46
Apache-based Server Preparations on UNIX • 14 How to Configure Apache-based Agents on UNIX or
Linux • 37
C How to Configure Apache-based Agents on Windows
• 27
CA Technologies Product References • 3
How to Install Agents on z/OS Systems • 35
Compile an Apache Web Server on a Linux System •
How to Install Apache-based Agents on UNIX or
18
Linux • 33
Configure your Upgraded Agent on UNIX/Linux • 71
How to Install Apache-based Agents on Windows •
Configure your Upgraded Agent on Windows • 70
25
Connect a Web Agent to a Dynamic Policy Server
Cluster • 56
• 63
Contact CA Technologies • 3
How to Prepare for a Web Agent Installation on
D Apache-based Servers • 12
How to Tune the Solaris 10 Resource Controls • 76
Disable a Web Agent • 58 HP-UX
Documentation Changes • 4 uninstalling, Sun Java System Web Agent • 80
Domino Web Agent
uninstalling, UNIX • 80 I
Dynamic Policy Server Clusters • 55
IBM HTTP Server Preparations • 21
Index 89
Improve Server Performance with Optional Run the Installation Wizard to Upgrade your Agent
httpd.conf File Changes • 52 on Windows • 67
Install an Apache Web Server on Windows as a Run the Unattended or Silent Installation and
Service for All Users • 13 Configuration Programs for Agents on UNIX/Linux
Install and Configure Apache-based Agents on • 44
UNIX/Linux • 33 Run the Unattended or Silent Installation and
Install and Configure Apache-based Agents on Configuration Programs for Subsequent Agents on
Windows • 25 Windows • 31
Run the Web Agent Configuration Program on
L UNIX/Linux • 42
Linux Run the Web Agent Configuration Program on
compiling Apache server • 18 Windows • 30
Linux Tools Required • 18
Locate the Installation Media • 20
S
Locate the Platform Support Matrix • 12, 19 See the CA SiteMinder® Default Headers • 43
Set the CAPKIHOME Variable for Red Hat Linux
N Systems • 45
Non-english Input Characters Contain Junk Set the DISPLAY For CA SiteMinder® Agent
Characters • 85 Installations on UNIX • 14
Notes About Uninstalling Web Agents • 77 Set the DISPLAY Variable for CA SiteMinder® Agent
Installations on z/OS • 20
O Set the LD_ASSUME_KERNEL for Apache Agent on
SuSE Linux 9 for zSeries • 45
Only Apache-based Web Server Procedures in this
Set the LD_PRELOAD Variable • 45
Guide • 9
Set the Library Path Variable Before Configuring your
Operating System Tuning for Agents • 73
Upgraded Agent on UNIX/Linux • 68
Optional Agent Settings for UNIX/Linux • 52
Set the Library Path Variable on UNIX or Linux • 41
P Set the Library Path Variable on z/OS • 49
Policy Server Requirements • 22 • 42, 52
Preparation • 9 Source the Agent Environment Script on UNIX or
Preparation Roadmap for Apache-based web servers Linux • 41
• 11 Source the Environment Script on UNIX and Linux
Preparations for z/OS • 19 Operating Environments • 67
Start an IBM HTTP Server with the apachectl
R Command • 59
Required Linux Libraries • 16 Start an Oracle 11.g.x HTTP Server with the opmnctl
Required Linux Patches • 15 Command • 60
Required Solaris Patches • 15 Starting and Stopping Web Agents • 57
Run the CA SiteMinder® Agent Configuration Starting or Stopping Most Apache-based Agents with
Program on z/OS • 49 the apachectl Command • 58
Run the CA SiteMinder® Agent Installation Program Sun Java System Web Agent
on z/OS • 35 uninstalling, UNIX • 80
Run the Installation Program on UNIX/Linux • 34
Run the Installation Program on Windows • 26 T
Run the Installation Wizard to Upgrade your Agent Troubleshooting • 83
on UNIX/Linux • 68 Tune the Shared Memory Segments • 74

U
Uninstall a Web Agent • 77
Uninstall a Web Agent from a Windows Operating
Environment • 78
Uninstall an Apache-based Agent from a UNIX
System • 80
Uninstall an Apache-based Agent from a z/OS
System • 81
Upgrade a Web Agent to 12.52 SP1 • 61
Upgrade Process from CA SiteMinder® r12.0 • 65, 66
Upgrade Process from CA SiteMinder® r6.x • 64
upgrading
setting LD_PRELOAD • 66
V
Verify Presence of a Logs Subdirectory with
Permissions for Apache-based CA SiteMinder®
Agents • 14, 18, 21
Verify Presence of a Logs Subdirectory with
Permissions for Apache-based Web Agents • 13
W
Web Agent
uninstalling, UNIX • 80
Worksheets • 87
Index 91

Siteminder Wa Install Apache Enu

Uploaded by

Copyright:

Available Formats

Siteminder Wa Install Apache Enu

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Siteminder Wa Install Apache Enu

Uploaded by

Copyright:

Available Formats

CA SiteMinder®

Web Agent Installation Guide for

Providing Feedback About Product Documentation

If you have comments or questions about CA Technologies product documentation, you

To provide feedback about CA Technologies product documentation, complete our

Chapter 2: Install and Configure Apache-based Agents on Windows 25

Chapter 3: Install and Configure Apache-based Agents on UNIX/Linux 33

Chapter 4: Dynamic Policy Server Clusters 55

Chapter 5: Starting and Stopping Web Agents 57

Chapter 6: Upgrade a Web Agent to 12.52 SP1 61

6 Web Agent Installation Guide for Apache-based Servers

Chapter 8: Uninstall a Web Agent 77

Only Apache-based Web Server Procedures in this Guide

To install or configure a CA SiteMinder® agent on any other type of web server or

Hardware Requirements for CA SiteMinder® Agents

10 Web Agent Installation Guide for Apache-based Servers

Preparation Roadmap for Apache-based web servers

How to Prepare for a Web Agent Installation on Apache-based

Locate the Platform Support Matrix

Follow these steps:

12 Web Agent Installation Guide for Apache-based Servers

4. Open popular links and click Informational Documentation Index.

Technology Partners and CA Validated Products

The latest list of partners and their validated products.

Apache-based Server Preparations for Windows

Install an Apache Web Server on Windows as a Service for All Users

"install as a service, available for all users".

Apache-based Server Preparations on UNIX

Set the DISPLAY For CA SiteMinder® Agent Installations on UNIX

Verify Presence of a Logs Subdirectory with Permissions for Apache-based CA SiteMinder®

14 Web Agent Installation Guide for Apache-based Servers

Required Solaris Patches

Before installing a CA SiteMinder® Agent on a Solaris computer, install the following

showrev -p | grep patch_id

To locate Solaris patches, go to the Oracle Solution Center.

CA SiteMinder® agents running on AIX systems require the following components:

Apache-based Server Preparations for Linux

Required Linux Patches

The following Linux patches are required:

Required Linux Libraries

16 Web Agent Installation Guide for Apache-based Servers

Red Hat 6.x:

Additionally, for Red Hat 6.x (64-bit):

Linux Tools Required

Compile an Apache Web Server on a Linux System

Follow these steps:

2. Configure Apache as usual by entering the following:

Verify Presence of a Logs Subdirectory with Permissions for Apache-based CA SiteMinder®

18 Web Agent Installation Guide for Apache-based Servers

Preparations for z/OS

1. Locate the CA SiteMinder® Platform Support Matrix (see page 12).

Locate the Platform Support Matrix

Follow these steps:

4. Open popular links and click Informational Documentation Index.

Technology Partners and CA Validated Products

The latest list of partners and their validated products.

Locate the Installation Media

If you need a base release, follow these steps:

If you need a cumulative release (cr), follow these steps: