This documentation supports the 8.1 version of BMC Atrium Single Sign-On.

To view the latest version, select the version from the Product version menu.

Installing BMC Atrium Single Sign-On on an external Tomcat server

This section explains how to install BMC Atrium Single Sign-On on an external Tomcat server. This installation option allows the BMC Atrium Single Sign-On server to be installed using versions of Tomcat and Java VM that are different from those provided by the standalone installation option.

Using this option allows greater flexibility in choosing the Tomcat server and Java Virtual Machine (JVM), but at the expense of adding administration of the Tomcat server and JVM. In addition, correct version selection must also be performed to avoid incompatibilities. Due to these added responsibilities, BMC recommends that this option be performed only when the default selections are not sufficient.

Before you begin

Description

Before installation, make sure you have performed the tasks in Prerequisites for installation.

Verify that no other product or application is installed on your Tomcat server.

Note: The BMC Atrium Single Sign-On Tomcat server cannot be shared with any product that integrates with BMC Atrium Single Sign-On. BMC recommends that BMC Atrium Single Sign-On be the only application in the Tomcat server.

Modify the external Tomcat policy file. See Policy file additions for external Tomcat installations.

Configure JVM that will run the Tomcat server. See Configuring a JVM for the Tomcat Server.

Modify the Tomcat server hosting the BMC Atrium Single Sign-On application to define an HTTPS connection with an explicit truststore and explicit keystore declaration. See Setting an HTTPS connection.

Add JVM initialization parameters to the JVM that is running the external Tomcat. See JVM parameter additions for external Tomcat installations.

If you plan to enable FIPS, perform the tasks in Configuring an external Tomcat instance for FIPS-140 and the FIPS-140 preparation steps in Configuring FIPS-140 mode.

To install BMC Atrium Single Sign-On on an external Tomcat server

  1. If autorun does not automatically launch the appropriate file, launch the setup executable.
    The setup executable is located in the Disk1directory of the extracted files:
    • (Microsoft Windows) Run setup.cmd.
    • (UNIX) Run setup.sh (which automatically detects the appropriate subscript to execute).
  2. Accept the default destination directory or browse to select a different directory and click Next.
  3. Verify that the hostname presented is the Fully Qualified Domain Name (FQDN) for the host, correct the value as needed, and click Next.
  4. Click Use External Tomcat.
    The Tomcat server options are:
    • Install New Tomcat (default)
    • Use External Tomcat
  5. At the prompt, enter the Tomcat directory (or use the browse button to specify the Tomcat directory) and click Next.
  6. At the Tomcat Application Server Selection panel, enter the path to the Tomcat server.
    After clicking Next, the installer verifies that:
    • The directory has a webapps directory that can be written to.
    • The main program, tomcat6.exe, is present (even on UNIX).
    • The server.xml file contains a connector with port and secure defined and with scheme set to https. The installer parses important information from this Connector entry and stores it.
      As the installer deploys the BMC Atrium Single Sign-On web application to the Tomcat server, it will ask that you start or stop it when necessary.
  7. (Windows) You will be asked whether your external Tomcat server is started by using scripts or as a Windows service. If the Tomcat server is started as a Windows service, enter the name of this service.
  8. Enter additional information at the prompts.
    Be prepared with information about:
    • JDK directory location
    • Tomcat HTTPS server port
    • Tomcat truststore certificate location and password
    • Tomcat keystore password, alias, and certificate
    • Tomcat cookie domain
    • Tomcat administrator name and password
  9. Stop the Tomcat server.
  10. During installation, follow the installer directions to restart the Tomcat server.
  11. Verify that your BMC Atrium Single Sign-On installation was successful:
    1. Launch the BMC Atrium Single Sign-On administrator console and confirm that you can view BMC Atrium SSO Admin Console.
      The Tomcat server can now be used as the BMC Atrium Single Sign-On application server. If you make modifications to the server configuration, be sure to test each change to insure that the BMC Atrium Single Sign-On application functions correctly.
  12. (Optional) Create an administrative user account for BMC Products to perform search functions on the user data store (for example, to list user names, emails, and so on).

    Note

    If you are using the BMC Atrium Single Sign-On server's internal LDAP, assign the BMCSearchAdmins group to the new user account.

  13. If you are using an external system for authentication (such as AR System, LDAP, or Active Directory), assign the BmcSearchAdmins group to either an already existing user account or a new user account.

Where to go from here

Was this page helpful? Yes No Submitting... Thank you

Comments