Skip navigation
All People > Andrew Nguyen > Andrew Nguyen's Tech Tips

When you configure the JBoss application server as a web service, it automatically runs when the computer starts.

Follow these steps:

  1.            Browse to the JBoss community download websiteand download the jboss-native-2.0.9-windows-x86-ssl.zip file.
  2.         Copy and decompress the jboss-native-2.0.9-windows-x86-ssl.zip file to the following directory:
  3.        gm_install\eurekify-jboss

Note: gm_install is the CA Identity Governance installation directory.

New directories and files are created.

  • Create a backup of the service.bat file in the following subdirectory:
  •        gm_install\eurekify-jboss
  • Edit the service.bat file in the gm_install\eurekify-jboss\bin subdirectory as follows:
  1. Search the file and replace the string batwith the string <Install-location>\ca-gm-run.bat. (Make sure it points to the right location)
    • File is located under CA-RCM-12.6.x-Core\Utils&Conf\JBossEAP6
  2. Locate and delete the following strings in the file:
    • > run.log
    • >> run.log
    • > shutdown.log
    • >> shutdown.log
    • 2>&1
  3. Save changes to the file.
  • In the standalone file set the welcome parameter from “true” to “false”.
  • Open a command line window from the Start menu and navigate to this directory:
  • ...\jboss-native-2.0.9-windows-x86-ssl\bin
  • Enter service install.

This guide is to help set JBoss as a service when an upgrade is performed from Jboss 5.1 to JBoss 6.

 

Files to take note of:

ca-gm-run.bat

eurifky.bat (Located in jboss\bin)

standalone.xml (Located in <JBoss install>\standalone\configuration\)

service.bat

 

-  Edit the service.bat file changing "call eurekify.bat " to "call ca-gm-run.bat".

- Inside the JBoss installation navigate to standalone\configuration\ then edit standalone.xml

- Locate the line "<virtual-server name="default-host" enable-welcome-root="true">" and set the value to false

 

From the root JBoss folder, open an admin command line window and type service install.

- Open services.msc then navigate to the JBoss application service.

- Open properties then change start from manual to automatic.
- Then start the service.

Question:

Does CA Identity Manager support using Service Name as a connection for JasperSoft Reporting Server?

 

Answer:

CA Identity Manager only supports SID (Site Identifier). If Service Name is used, the error is shown below:

 

SIDerror2.png

 

JasperSoft Reporting supports both SID and Service Name. Since CA Identity Manager only supports SID, SID should only be used in the "Service" field on JasperSoft as seen in the example below:

jaspSID.png

Question:

Does the PeopleSoft connector on CA Provisioning Manager have failover support similiar to
the functionality seen in Active Directory connector for failover?

 

Answer:

CA Provisioning Manager does not have an option for PeopleSoft failover support like in
Activity Directory. Failover support for PeopleSoft is done internally within the
PeopleSoft application through Oracle's "Jolt Failover" mechanism.

The list of option for PeopleSoft are seen below:

Verify which version of Java is being used:

java -version

 

If java version is not correct, update .bash_profile with following lines:

JAVA_HOME=<LOCATION_OF_JAVA>

 

export JAVA_HOME

 

add JAVA_HOME to PATH

 

Example: PATH=<OLD_VALUE_OF_PATH>:<JAVA_HOME>/bin

 

export PATH

 

Install java and javac onto machine:

sudo update-alternatives --install /usr/bin/java java <JAVA_HOME>/bin/java 100
sudo update-alternatives --install /usr/bin/javac javac <JAVA_HOME>/javac 100

Update java to desired version:

sudo update-alternatives --config java

sudo update-alternatives --config javac

 

Navigate to the following directory:

<CA_Directory_HOME>\dxserver\config\ssld\personalities

Locate certificate file: corporateuserstore.pem

 

Stop application server

 

Run the command

keytool -keystore "<JAVA_HOME>\jre\lib\security\cacerts" -import -file "<LOCATION_OF_PEM_FILE>\corporateuserstore.pem" -trustcacerts -alias CADIRTrusted

 

Start application server

 

Using incorrect version of Java:

Update standalone.sh file

 

Look for lines: "# ----------------------- start CA IAM FW changes -----------------------"

 

Then update JAVA_HOME value with desired JAVA_HOME

Linked Knowledge Doc:

Install Client Tools with Documentation option

 

When selecting the "Documentation" option to install Client Tools, the installer will not complete and fail due to this option being selected. A workaround would be to uncheck the documentation option or to follow the below steps:

 

1. Install client tools

2. Select the Documentation

3. It should ask for the Language zip. Before selecting the language zip edit the file C:\Program Files\CA\Identity Governance\Client Tools\Software\assembly-Docs.txt and remove DNA in 19th line. That means, change the following from:

 

"..\Docs\BOOKSHELF,docs.zip\CA-IdentityGovernance-12.6.05-Language-Files\i18n\en\DNA,*,,,,"

to

"..\Docs\BOOKSHELF,docs.zip\CA-IdentityGovernance-12.6.05-Language-Files\i18n\en,*,,,,"

 

4. Then proceed to select the zip file in installer.

5. The installer should complete now.

When creating an environment in 12.6.8, an error is produced after Corporate User Store and Provisioning store are created successfully. This is the error Identity Manager states:

 

"Error: The screen definition "JasperReportTypeSelectionScreen" referenced on the screen "Endpoint Accounts Report Search Screen" is not defined"

 

Solution:

If previously applied a hotfix to environment and an upgrade was preformed to 12.6.7 or 12.6.8, be sure to use the original jar files on install and request a new hotfix to be made if problem still exists. Do not change the jars. Before 12.6.7, Jaspersoft was not integrated with the product and will not be in the Identity Manager library. This will cause it to generate errors of something it was not expecting.

In the CA Provisioning Manager, the default log location is in: ...\CA\Identity Manager\Provisioning Server\logs. To change the location of your logs you would need to navigate to this location: System->Domain Configuratio->Transaction Log

 

This can be seen as pictured below:

 

 

The value: "etatrans" can be changed to adjust where the logs will be stored. By default, this makes the log file named C:\Program Files\CA\Identity Manager\Provisioning Server\Logs\etatransYYYYMMDD-HHMM.log. If I change value of "etatrans" to D:\ProvisioningData\Logs\etatrans This would place the logs in the D: drive at this location: D:\ProvisioningData\Logs\etatransYYYYMMDD-HHMM.log

 

The im_ps.log and im_cs.log locations are defined in the im_ps.conf file and im_cs.conf file located in the Provisioning Server\data folder. The satrans log and sa log locations are also configured in the im_ccs.conf. The jcs daily log would be controlled by the org.ops4j.pax.logging.cfg

Question:

On a brand new install of Identity Manager, I would get the error:

 

Unsupported application server detected

---------------------------------------

You have selected an unsupported version of the application Server. Consult the

platform matrix for the supported versions.

 

Answer:

Please check if your environment meets the requirements found here:

CA Identity Manager Informational Documentation Index - CA Technologies

 

The Unsupported Version message appears when the application server files are either corrupted, incomplete or not moved over completely. Make sure you move the file as a .zip and unzip on the machine where the install is being performed. Then perform the application install again.

Question:

I would like to change the Java versions on my RHEL machine. How would I go about doing this?

 

Answer:

 

Simply run these commands:

/usr/sbin/alternatives --config java

Follow the on-screen directions to ensure that the correct version of java is selected

 

/usr/sbin/alternatives --config javac

 

Follow the on-screen directions to ensure that the correct version of javac is selected

 

Run java -version to test which version of Java you are using.

Question:

Seeing WARNING messages of "management_console.war  does not point to a valid jar for a Class-Path reference."

 

Answer:

This issue related to an incompatible Java version. Ensure Java JDK is a supported version. If not, please delete the TMP directory and update the Java to the correct version.

 

CA IDM 12.6.5 Support Matrix

Question:

How to start Weblogic 12c CA Identity Manager managed servers on a fresh install?

 

Answer:

On the command line for startup in Weblogic 12c, this should be run have have the server startup correctly:

./startManagedWebLogic.sh <IDM_Server-Name> -Xms256m -Xmx1024m -XX:ReservedCodeCacheSize=50m -XX:MaxPermSize=256m -Dweblogic.management.server=localhost:7001

 

In Weblogic 11g, this parameter is used "-Djavax.xml.stream.XMLInputFactory=weblogic.xml.stax.XMLStreamInputFactory". This parameter is Weblogic 11g specific and only should be used in that version.

What this guide covers:

  • Setup X11 forwarding to allow GUI setup
  • Install Linux Dependencies
  • Install CA Directory
  • Install CA Identity Manager product
  • Silent Install Example File
  • Installer in DEBUG mode
  • Applications Servers Specific Instructions for Clusters
  • Possible Errors during Install

 

Setup X11 forwarding to allow GUI setup

https://www.ca.com/us/services-support/ca-support/ca-support-online/knowledge-base-articles.tec1423021.html 

Download an X11 forwarding client like Xming or Cywin/X. In the example below, I'll use Xming as a reference.

Once Xming is downloaded, make sure you setup your ssh client to use X11 forwarding.

1) Use an X11 server application such as Xming or Cygwin/X

2) Enable X11 forwarding in your client (Putty is used as an example. See image below)

x forwarding.png

Note: Stop here if you don't need to run Xming as a different user.

How to run Xming as different user:

  1. Enable X-11 Forwarding in your client
  2. Log in as your normal user
  3. echo $DISPLAY to get the associated display
  4. xauth list, find the display number which corresponds with what you found in #3 and copy it (Make sure you copy everything in the output)
  5. Sudo to root xauth add <paste in what you copied from #4>
  6. Now you can execute commands as root and will be able to se the X11 Forwarding connection

 

Install Linux Dependencies

Make sure these commands are run (the "-y" parameter forces the library to install):

Note: These are the 32-bit packages and must be installed even if the Linux Distro is in 64-bit. In RHEL 7.x an extra command needs to be run to install packages:

 

RHEL 7.x:

subscription-manager register --username <username> --password <password> --auto-attach
subscription-manager refresh

 

RHEL 6.x and lower:

yum install -y glibc.i686

yum install -y libXext.i686

yum install -y libXtst.i686

yum install -y ncurses-devel.i686

yum install -y compat-libstdc++.i686

yum install -y libstdc++-libc6.2-2.so.3

yum install -y libstdc++.i686

yum install -y libidn.i686

yum install -y libgcc.i686

yum install -y libX11.i686

yum install -y libxcb.i686

yum install -y libXau.i686

yum install -y libXi.i686

yum install -y nss-softokn-freebl.i686

yum install -y libXmu.i686

yum install -y libXft.i686

yum install -y libXpm.i686

yum install -y ncurses-devel.i686

yum install -y ksh

 

This is required from the IDM 12.6.8 CR1 installer:

yum install - y xrender.i686

 

mv /dev/random /dev/random.orig

ln -s /dev/urandom /dev/random

chkconfig iptables off

service iptables stop

vi /etc/selinux/config

SELINUX=permissive

setenforce 0

 

Install CA Directory product:

Run the setup.sh file from .../CADirectory.../dxserver

Get a copy of NeteAuto.ldif from the CA Identity Manager samples folder and upload it to any desired directory
su - dsa
dxnewdsa <insert-dsa-name> 11389 dc=security,dc=com
dxserver stop <insert-dsa-name>
dxloaddb <insert-dsa-name> /CA_Install/NeteAuto.ldif
dxserver start <insert-dsa-name>
dxserver status

 

Install CA Identity Manager product:

Be sure to check the CA Identity Manager Support Matrix

   - For CA IDM 12.6.8 or lower: click here

   - For CA IDM 14.0: click here

From the install directory where the file was unzipped, run the installer:

./ca-im-<IM-VERSION_NUMBER>-linux.bin

 

Note: Make sure this command is not run in console mode and Xming is enabled! Console mode prevents the installer from installing as a cluster.

 

Silent Install Example File

For IDM version 12.6.x and later, this file was used to perform an Identity Manager install without the addtional components. Please use this guide as it has an example file available:

Successful install of CA Identity Manager using a silent install file 

 

After the sample file has been created, use this command to begin the install (assuming the file you created is named im-installer.properties):

 

Windows:

      ca-im-release-win32.exe -f im-installer.properties -i silent

 

UNIX:

      ./ca-im-release-sol.bin -f im-installer.properties -i silent

 

Changing default temp location

Set the variable IATEMPDIR

 

Linux: Ex. export IATEMPDIR=/<newlocation>

 

Installer in DEBUG mode

Execute this command before running the installer:

export LAX_DEBUG=true

 

Further References for Logging in DEBUG:

http://www.ca.com/us/support/ca-support-online/product-content/knowledgebase-articles/tec489216.aspx

 

Applications Servers Specific Instructions:

- Weblogic

  • In the AdminServer field, "AdminServer" must be typed in!
  • In the URL field the format should look like this: http:\\<hostname>:7001 (Default AdminServer port is 7001)
  • Cluster name can be anything you choose to be
  • During the startup of the weblogic nodes:
    • 11g uses this command line instruction: ./startManagedWebLogic.sh <IM_NODE_NAME> -Xms256m -Xmx1024m -XX:ReservedCodeCacheSize=50m -XX:MaxPermSize=256m -Djavax.xml.stream.XMLInputFactory=weblogic.xml.stax.XMLStreamInputFactory -Dweblogic.management.server=<ADMINSERVER_HOSTNAME>:<ADMIN-PORT>
    • 12c uses this command line instruction: ./startManagedWebLogic.sh <IM_NODE_NAME> -Xms256m -Xmx1024m -XX:ReservedCodeCacheSize=50m -XX:MaxPermSize=256m  -Dweblogic.management.server=<ADMINSERVER_HOSTNAME>:<ADMIN-PORT>
  • POST Weblogic Install Specific Instructions
    • Create a Distributed JMS Server
      1. Make an IM_JMS_filestore directory (Ex. WL_HOME\user_projects\IM_JMS_filestore)
      2. Under Admin Console, go to Services -> Messaging -> JMS Servers (See attached image below)

- JBoss

  • JBoss App Server and Identity Manager needs to be installed on x numbered of nodes in environment. During the install, Identity Manager asks for the nodes "Peer Server ID" (This is determined by the installer).
  • Recommended options are to select "Unicast" for Master Node procedure
  • Configuring journal files recommended option would be for "Shared Store"
  • Configure the JK Connector
    • Fill in the worker.workerN.host field with your corresponding nodes’ hostnames.
      For example, consider a cluster where the CA Identity Manager server is installed on three JBoss hosts named myhostA, myhostB, and myhostC, using Peer IDs 1, 2, and 3.

-Websphere

  • Pre-install items
    • Set the Sun Reference Implementation as the JSF Implementation Container
    • Disable Global Security
  • Remove the contents of the following folders:

    • Temp Directory:
      • Windows: %temp%
      • Unix: /tmp/*
    • Websphere_home/profiles/WAS_PROFILE/temp/*
    • Websphere_home/profiles/WAS_PROFILE/wstemp/*
    • Websphere_home/profiles/WAS_PROFILE/tranlog/*
    • Websphere_home/profiles/WAS_PROFILE/configuration/*
    • Websphere_home/deploytool/itp/configuration/org.*, leaving only config.ini in this directory

 

Possible Errors during Install:

 

32 bit ncurses library is not installed.

Reason: On a 64 bit system the 32 bit library libncurses is necessary.

Action: \Please install the ncurses 32 bit package with version >= 5.

 

There are 2 possible solutions to this error:

 

Please make sure that the following 32 bit RPMs are installed:

libncurses6-32bit

ncurses-devel-32bit

glibc-32bit

glibc-locale-32bit

libstdc++33-32bit

libstdc++43-32bit

 

or

 

Creating a symbolic link in /usr/lib to the 32 bit library in /lib:

/usr/lib # ln –s /lib/libncurses.so.5.6 libncurses.so.5.6

 

Weblogic node doesn't start up after fresh install

 

Please refer to this TEC DOC:

http://www.ca.com/us/support/ca-support-online/product-content/knowledgebase-articles/tec1194868.aspx

 

JBoss RPM Linux Install failed to complete due to "Unsupported Version" even though version is listed as compatible on Compatibility Matrix (Support Matrix)

 

CA Identity Manager does not support RPM installs. This type of install has not been tested with our engineering and will not be supported.

 

Linked TEC DOC:

http://www.ca.com/us/support/ca-support-online/product-content/knowledgebase-articles/tec1423021.aspx

 

Unable to announce backup" issue when using HornetQ with NFS in JBoss EAP

 

Delete all the journal files and server.lock then restart JBoss EAP and let HornetQ rebuild the journal.

This tool is available on all Windows machine and can be used by creating an empty txt file on your Machine. The file can be named anything you want. You just need to make sure the extension is set to as UDL. Then, double-click on the file and up pops a SQL connectivity window to allow testing of remote SQL connections.

Here is an example as seen below:

 

If it can't connect to the machine, you would get this error:

 

If it can't find or locate the database name, the error would be that it "Cannot open datebase "<database-name>" requested by the login. The login failed."

 

On success, the prompt should look like this:

 

 

Another test to ensure is to check:

  • Open SQL Server configuration manager
  • Select SQL Server Network Configuration
  • Select protocol for MSSQLSERVER
  • Check whether tcp/ip is enabled or not. If not, enable it.

Prerequisites

 

Configuring Your Environment

In order to run the commands described in this document, you will need ant 1.7 or later and Java JDK 1.5 or later. Both ant and Java JDK must be on your path.  These can be added with the following WINDOWS commands:

PATH %JAVA_HOME%\bin;%PATH%

PATH %ANT_HOME%\bin;%PATH%

 

Enable Language Switching

Navigate to your Management Console (…/iam/immanage). Then navigate here: Environments -> <environment-name> -> Advanced Settings -> User Console -> Check the “Enable Language Switching” checkbox

 

ewnablelangue.png

 

Single Language Environment:

To translate your Roledefinitions.xml into a different language, there are ones available in the samples folder included with the product. These are located here: ...\Identity Manager\IAM Suite\Identity Manager\tools\samples\Localization. Each folder is labelled with their respective language. Select the RoleDefinition.xml and import it using the management console:

r&amp;tiamge.png

Multi-language Environment:

Note: If you are going to support multiple languages in your Identity Manager environment, you develop roles in English, export the roles into a role definitions file, tokenize the role definitions file, add the additional resources to a resource bundle and then translate the resulting resource bundle to multiple languages.

 

These steps need to be followed in this order:

  1. Export Roles and Tasks XML from the Identity Manager Management Console (As seen above)
  2. Tokenize the RolesDefinition.xml
  3. Translate the tokenized RolesDefinition.xml
  4. Follow the Translating Resource Bundle steps
  5. Restart the application server
  6. Upload the tokenized RolesDefintion.xml into your environment

Notes are located below if encountering any issues.

 

Tokenizing Role Definitions

To tokenize the resource file and generate the additional resources, navigate to the Localization directory, and then run the following command:

ant tokenizeroledef -Dinputfile=RoleDefinitions.xml

 

This will produce RoleDefinitions_Tokenized.xml and  RoleDefinitions_Tokenized.properties.

 

Translating Role Definitions

Note: When using multi-language environment, be sure to use the tokenized rolesdefinition.xml file. It should look something like this: "RolesDefinition_Tokenized.xml"

Translate role definitions using the dictionary included in the Localization directory.  Run the following command in the Localization directory.

ant translateroledef -Dinputfile=RoleDefinitions.xml

 

This will produce a RoleDefinitions_languagecode.xml for each supported language. Append the properties to your English resources. Strings that could not be translated with the dictionaries will remain in English.

 

Translating Resource Bundles

Translate resource bundles using the dictionary included in the Localization directory.  Write missing dictionary entries to a file.  Run the following command in the Localization directory.

ant translateresourcebundle -Dinputfile=bundlename.properties

 

This will produce a bundlename_languagecode.properties for each supported language and add any strings that could not be translated to a bundlename_languagecode.missing file.

 

Wildfly Version:

These files should be placed here: <Wildfly_Home>\standalone\deployments\iam_im.ear\custom\resourceBundles

 

JBoss Version:

 

<Jboss_directory>\server\default\deploy\iam_im.ear\custom\provisioning\resourceBundles

 

Uploading RolesDefinitions.xml

Navigate to the Identity Manager Management Console and upload the tokenized English Rolesdefinition.xml first and then any other language that you would require into your environment.

 

 

Reference: Additional information can be located here ...\Identity Manager\IAM Suite\Identity Manager\tools\samples\Localization\readme.htm

 

Notes:

 

Missing Roles: Reattached the System Manager user in the Identity Manager Management console and then restart the environment

Languages not changing: Please upload both tokenized languages including the english version into the environment.