Installation of the Integrated Authentication Framework must be performed as a separate step. It is not installed automatically with EntireX. Installation instructions for the supported operating systems are provided here.
See also Configuring the Integrated Authentication Framework.
Please note the following before you start to install EntireX:
You need root access rights (su or sudo) during installation.
Before you start the installation, backup your current product version, including the attribute files.
The directory on the disk into which the EntireX distribution files
are installed is identified by the environment variable
SAG (which can be set to an appropriate value in
advance).
The new version of Integrated Authentication Framework is installed under a version-specific directory name. Note however, that some Software AG cross-product components (e.g. SMH) required by Integrated Authentication Framework are installed under $SAG/common and may upgrade previous versions of these components.
Installation prerequisites for all EntireX components are described centrally.
Software AG recommends some common steps for the installation of Software AG products under UNIX. See Installing and Setting Up Software AG Products under UNIX for a detailed description. The installation itself is started with the command:
$ sh <mount_dir>/setup.ux iaf v22
where <mount_dir> is the path under which the DVD has been mounted. The setup procedure checks the hardware platform and operating system version and then starts the appropriate installation program INSTALL. The installation procedure allows for selective installation and configuration of IAF components. It provides
a graphical user interface if an X-Server is available and the DISPLAY variable is set.
a character screen based user interface otherwise.
Some installation steps require super-user (root) permissions. The
installation offers a choice between the su and
sudo commands and asks for the corresponding
password required to become super-user.
To install
Follow the instructions in Installing and Setting Up Software AG Products under UNIX
When you have reached Step 4/3 Install the UNIX component to the SAG home directory, follow the instructions on the screen.
The base directory of the installed product is the directory pointed to by $SAG . In $SAG the installation creates the subdirectories common and iaf. The iaf directory is the root for installing Integrated Authentication Framework product versions. The base directory for the version-dependent parts of Integrated Authentication Framework is iaf/vnn, where nn stands for the version number. The common directory is used for installing components shared by Integrated Authentication Framework and other Software AG products.
| Directory | Description |
|---|---|
| INSTALL | Directory containing the shell scripts and other files used during the installation of Integrated Authentication Framework. |
| etc | Directory containing configuration files. |
| bin | Directory containing executables. |
Integrated Authentication Framework requires some shell environment variables to be set for proper operation. The installation generates the Bourne shell script sagenv.new in the $SAG directory. This script should be executed from within the .profile of the EntireX users.
The sagenv.new script defines the following mandatory product-specific global shell environment variables:
| Variable | Description |
|---|---|
| SAG | Identifies the root directory in which Software AG products are installed. |
| IAFDIR | Identifies the base installation directory for Integrated Authentication Framework (typically $SAG/iaf ) |
| IAFVERS | Identifies the product version. |
In addition sagenv.new modifies the PATH environment variable.
directory $IAFDIR/$IAFVERS/bin is added to the list of directories in the PATH environment variable
See sagenv.new for a complete set of environment settings.
To uninstall Integrated Authentication Framework, execute the sagrm utility, which is located in directory $SAG/common/bin.
This utility uses the deinstall catalog $SAG/common/INSTALL/SAGInst.xml. You can then select which product (or components) you wish to uninstall.
The sagrm utility can operate in graphical mode (requires an X-Server and the DISPLAY variable being set) and in character mode.
For usage information, enter command
sagrm -help
After the installation, the following command is used to start and stop the IAF server starter daemon:
/etc/init.d/sag<n>iafd start/stop
Note:
<n> refers to the number of
installations on this machine in different directories. The first installation
will create sag1iafd. Any further installation will
increment <n> by 1, hence creating new modules
in /etc/init.d.
In addition, please find sample SSL certificates to be used for functionality tests in the installation directory /etc. Do not use these certificates in any productive environments, since the private key used is generally delivered to all customers.
| Certificate | Description |
|---|---|
| IAFAppCert.pem | Sample application certificate to be used by the IAF server. |
| IAFAppKey.pem | Private key for the above certificate, to be used by the IAF server. |
| IAFCaCert.pem | CA certificate that was used to sign the above application certificate. To be used at the IAF client side, e.g. the EntireX Security Exit. |
Please note the following before you start the Integrated Authentication Framework installation:
You need administrator's access rights during the Windows installation.
Before you start installing, backup your current product version, including your attribute files.
If a previous IAF version is installed, it will be upgraded automatically.
A silent installation, once it has been started, requires no additional user interaction.
To perform a silent installation
Enter the command
"\\<server>\Windows\IAF\Setup.exe"
/V"INSTALLDIR="c:\Program Files\Software AG" /Leoi %temp%\IAF22inst.log
/qr" |
 |
Warning: User account SAGUSER added during installation of System Management Hub |
During installation of System Management Hub, a user account SAGUSER is added to the Administrators group of your local machine. SAGUSER is not an interactive account; login to the Windows desktop is not possible, and no other resources can be used. SAGUSER is required by several Software AG services to operate correctly, and therefore must not be deleted or modified. See System Management Hub Installation for more details.
To remove files and registry entries created during installation of
IAF
From the Control Panel, choose .
Select the instance of IAF you wish to uninstall.
Choose and confirm.
After the execution of COPY.JOB, you will find the following template JCL in the data set IAF221.JOBS:
| JCL | Description |
|---|---|
| IAFSTART | Template JCL for the IAF started task. |
| R1ALLOC | Allocate certificate container data sets. |
| R2CDTLST | List the CDT contents. |
| S01ADD | Add a CA certificate. |
| S02APK12 | Add a PKCS#12 file containing the application certificate and private key. |
| S02DEL | Delete certificates. |
| S03ADDKR | Add a keyring. |
| S04CNTKR | Connect certificates to a keyring. |
| S05RULES | Insert RACF resource rules. |
In addition, please find sample SSL certificates to be used for functionality tests in IAF221.SRCE. Do not use these certificates in any productive environments, since the private key used is generally delivered to all customers.
| Certificate | Description |
|---|---|
| APPCERT | Sample application certificate to be used by the IAF server. |
| APPKEY | Private key for the above certificate, to be used by the IAF server. |
| CACERT | CA certificate that was used to sign the above application certificate. To be used at the IAF client side, e.g. the EntireX Security Exit. |
| IAFATTR | Sample attribute file to configure an IAF server. |
| SSLDOC | SSL documentation. |
By default, the service to start/stop an IAF server is not enabled.
To start/stop the Windows Service
Choose .
In addition, please find sample SSL certificates to be used for functionality tests in the installation directory /etc. Do not use these certificates in any productive environments, since the private key used is generally delivered to all customers.
| Certificate | Description |
|---|---|
| IAFAppCert.pem | Sample application certificate to be used by the IAF server. |
| IAFAppKey.pem | Private key for the above certificate, to be used by the IAF server. |
| IAFCaCert.pem | CA certificate that was used to sign the above application certificate. To be used at the IAF client side, e.g. the EntireX Security Exit. |
