Skip to main content

Siteminder installation into Apache

By df
We had a recent installation of Siteminder (Web Access management tool) into our systems and had to be configured into existing apache installation.

Here are some issues which came up and the tips which you could look into:



1. Did you give write permission to "site minder user"? for Apache Conf directory

(<apache_root>/apache/conf). Write permission for  "httpd.conf"  file as well.

2. Created directory "/opt/netegrity".
Ideally this should be created in separate filesystem as a good practice.
This would become much helpful for clustering and promotional model.

3. Add entries in the "load module section" within the Apache "httpd.conf"  file

 LoadModule sm_module /opt/netegrity/webagent/bin/libmod_sm22.so
 SmInitFile <location of apache>/conf/WebAgent.conf

4. Manually add handlers
 # Manually added for siteminder 
 # Add handlers
 # Siteminder .exe #
 AddHandler cgi-script .exe
 # Siteminder .fcc
 AddHandler smformsauth-handler .fcc
 # Siteminder .sfcc
 AddHandler smsslformsauth-handler .sfcc
 # Siteminder .scc
 AddHandler smadvancedauth-handler .scc
 # Siteminder .ccc
 AddHandler smcookieprovider-handler .ccc

5. Did you add "Alias" entries from httpd.conf.
Be careful the apache installation MAY NOT restart until unless you have the mod_alias installed

6. Add entry into  "<apache_root>/apache/bin/apachectl" file.
# Entry made as per siteminder installation document
 export EXTSHM=ON
 [[ -r /opt/netegrity/webagent/nete_wa_env.sh ]] && . /opt/netegrity/webagent/nete_wa_env.sh

Please note, that this shell level export won't be killed normally. Hence chance of accumulating such process is high.
ps -ef | grep LLAWP

to find any zombie processes which are being run and kill them off if you encounter below error...

 (67)Address already in use: make_sock: could not bind to address [::]:443
 (67)Address already in use: make_sock: could not bind to address 0.0.0.0:443
 no listening sockets available, shutting down

So kill the identified process and restart again.
kill -9 <processid>
apachectl -k stop
apachectl -k start

Issues you might encounter: Not able to shutdown LLAWP process which prevents Apache to restart

If I try shutting down
# LLAWP /opt/apacheinstallation/apache/conf/WebAgent.conf -APACHE20 -shutdown
 [01/May/2012:11:27:59] [Info] [CA WebAgent IPC] [20906050] [CSmSem::getSem] Attempted to attach to non-existent semaphore with key 0xf4a818d7
 [01/May/2012:11:27:59] [Error] [CA WebAgent IPC] [20906050] [CSmIpcEvent::CSmIpcEvent] Error initializing semaphore -1
 [01/May/2012:11:27:59] [Error] [CA WebAgent IPC] [20906050] [CSmSem::GetValue] Error performing GETVAL operation on semaphore -1 - Invalid argument (22)
 [01/May/2012:11:27:59] [Info] [CA WebAgent IPC] [20906050] [CSmSem::getSem] Attempted to attach to non-existent semaphore with key 0xf4a818d7
 [01/May/2012:11:27:59] [Error] [CA WebAgent IPC] [20906050] [CSmIpcEvent::SetEvent] Error reinitializing event with key base 0x1f4
 [01/May/2012:11:27:59] [Error] [CA WebAgent LLAWP] [20906050] [Failed to send shutdown signal to the LLAWP. Ensure that the process is running and the path to the WebAgent.conf is correct.]
 The process was running at the time of above shutdown command.

The only workaround I was able to do is to
1. Kill the LLAWP process    # kill -KILL $pidofLLAWP
2. Remove all the shared memory and semaphores from the system
# Bit dangerous: kill shared memory of LLAWP
 ipcs -m | awk ' $5 == "nobody" {print $2}' | awk '{ print $1}' | while read sharedMemory; do
 sudo su - -c "ipcrm -m $sharedMemory"
 done

# To kill all the semaphores
 ipcs -s | awk ' $5 == "nobody" {print $2}' | awk '{ print $1}' | while read semaphore; do
 sudo su - -c "ipcrm -s $semaphore"
 done

Update:

Found a solution for above Problem.




Create another directory say "some_New_directory" within the "<apache_installation_dir>" and specify this as the "ServerPath" in WebAgent.conf
ServerPath=<apache_installation_dir>/<some_New_directory>

 
Labels:

Popular posts from this blog

Create your own Passport Photo using GIMP

By df
This tutorial is for semi-techies who knows a bit of GIMP (image editing).   This tutorial is for UK style passport photo ( 45mm x 35 mm ) which is widely used in UK, Australia, New Zealand, India etc.  This is a quick and easy process and one can create Passport photos at home If you are non-technical, use this link   .  If you want to create United States (USA) Passport photo or Overseas Citizen of India (OCI) photo, please follow this link How to Make your own Passport Photo - Prerequisite GIMP - One of the best image editing tools and its completely Free USB stick or any memory device to store and take to nearby shop A quality Digital camera Local Shops where you can print. Normally it costs (£0.15 or 25 US cents) to print 8 photos Steps (Video Tutorial attached blow of this page) Ask one of your colleague to take a photo  of you with a light background. Further details of how to take a photo  yourself       Take multiple pictures so that you can choose from th
Read more

Syslog Standards: A simple Comparison between RFC3164 & RFC5424

By
Syslog Standards: A simple Comparison between RFC3164 (old format) & RFC5424 (new format) Though syslog standards have been for quite long time, lot of people still doesn't understand the formats in detail. The original standard document is quite lengthy to read and purpose of this article is to explain with examples Some of things you might need to understand The RFC standards can be used in any syslog daemon (syslog-ng, rsyslog etc.) Always try to capture the data in these standards. Especially when you have log aggregation like Splunk or Elastic, these templates are built-in which makes your life simple. Syslog can work with both UDP & TCP  Link to the documents the original BSD format ( RFC3164 ) the “new” format ( RFC5424 ) RFC3164 (the old format) RFC3164 originated from combining multiple implementations (Year 2001)
Read more

VS Code & Portable GIT shell integration in Windows

By df
Visual Studio Code & GIT Portable shell Integration Summary Many of your corporate laptop cannot install programs and it is quite good to have them as portable executables. Here we find a way to have Portable VS Code and Portable GIT and integrate the GIT shell into VS Code Pre-Reqs VS Code (Install version or Portable ) GIT portable Steps Create a directory in your Windows device (eg:  C:\installables\ ) Unpack GIT portable into the above directory (eg it becomes: C:\installables\PortableGit ) Now unpack Visual Studio (VS) Code and run it. The default shell would be windows based Update User or Workspace settings of VS Code (ShortCut is:  Control+Shift+p ) Update the settings with following setting { "workbench.colorTheme": "Default Dark+", "git.ignoreMissingGitWarning": true, "git.enabled": true, "git.path": "C:\\installables\\PortableGit\\bin\\git.exe", "terminal.integrated.shell.windows"
Read more