000034089 - How to install Access Fulfillment Express (AFX) in RSA Identity Governance and Lifecycle

Document created by RSA Customer Support Employee on Nov 15, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 4Show Document
  • View in full screen mode

Article Content

Article Number000034089
Applies ToRSA Product Set: Identity Governance and Lifecycle
RSA Product/Service Type: Access Fulfillment Express (AFX), Access Request Manager (ARM)
 
IssueThis article includes the steps to install AFX in RSA Identity Governance and Lifecycle on different platforms. 
 
ResolutionThis section describes the process for installing AFX. There are two main components to the AFX installation process:  configuring/installing AFX Server, and installing AFX Connector Packages. The AFX server can either be installed on the same machine as RSA Platform or on a remote machine.
IMPORTANT: Prior to installing AFX, you must have completed the installation procedure for RSA Platform version required by this version of AFX.

Installing AFX Server on RSA Platform Machine


The RSA Platform will auto generate an AFX server configuration named Local AFX Server for installing an AFX server on the RSA Platform machine. To install the Local AFX Server on an RSA appliance, please follow the steps below.


Local AFX Server for RSA Appliance


  1. Connect to the RSA appliance machine. If you are doing a new installation log on as the ‘root’ user; otherwise log on as the 'AVEKSA_OWNER' user (by default this is the 'oracle' user).
  2. Run the AFX server installation script:
cd /tmp/aveksa/staging/deploy
sudo ./installAFX.sh -q

The installation script will run silently and does the following:


  • Installs AFX server files to $AVEKSA_HOME/AFX - by default this is /home/oracle/AFX
  • Configures server SSL certificates
  • Registers “afx_server” service
  • Configures profiles for  AVEKSA_OWNER, AVEKSA_ADMIN, and root users for initializing the AFX server environment

Note: Installation details for the AFX server are written to /tmp/afx-install.log on the installation machine.


  1. Logout and log back in to the RSA appliance machine as the 'AVEKSA_OWNER' user.
  2. Start the AFX server using the afx script located in the top level AFX installation directory. For example, if AFX is installed in /home/oracle/AFX:
/home/oracle/AFX/afx start

  1. If this is a new installation, install the AFX Connector packages for this AFX release version using the RSA Platform application. For more details, please see  Installing AFX Connector Packages below.

Installing an AFX Server Using an Archive Downloaded from RSA Platform


Installing a New AFX Server


  1. Create an unprivileged account (e. g., afxuser) on the machine where you will run the AFX server.  This account will be referred to as afx account with name afxuser through out the remainder of the documentation.  To create an unprivileged account (afx user),
    1. Log in as root user or change to superuser using su.
    2. Create the user:
useradd afxuser -G users -d /home/afxuser

  1. Create a home directory for user:
mkdir /home/afxuser

  1. Change owner for the home directory: This account is referred to as the “afx account” with the name “afxuser”.
chown afxuser:users /home/afxuser

  1. For the afx account, export JAVA_HOME and put $JAVA_HOME/bin on the PATH. Note that JAVA_HOME must point to a JAVA 1.6 installation for V6.9.1 and 1.7 for V7.0.
  2. Connect to the AFX server machine using the afx account.
  3. Copy the AFX Server archive that was downloaded from the RSA Platform to the afx account home directory on the AFX server machine (e. g., /home/afxuser).
  4. Change directory to the afx account home directory and expand the AFX Server archive. For example,
cd /home/afxuser
unzip AFXServer.zip

  1. An AFX directory should have been created in the afx account home directory (i. e., /home/afxuser/AFX) containing the server files.
  2. Change to the AFX directory and execute the setPerms.sh script located in AFX/bin to set file permissions. For example:
cd /home/afxuser/AFX
sh bin/setPerms.sh

  1. Follow the steps described in below section to install the AFX server service.
  2. Start the AFX server 
/home/oracle/AFX/afx start


Installing AFX Server Service


The steps for installing AFX server service must be executed as the root user after initial installation on the server machine. Installing the AFX server service is optional, but it is highly recommended to ensure that when your AFX server machine is restarted, the AFX server instance is properly shutdown and restarted.


  1. Connect to the AFX server machine as root user.
  2. Create a link to the AFX startup script located in <path-to-AFX>/bin.  For example,
ln -s <path-to-AFX>/bin/afx_server /etc/init.d/afx_server

  1. Add the service and enable it using the chkconfig utility:
chkconfig --add afx_server 
chkconfig afx_server on
chkconfig --list afx_server

Updating AFX Server Installation


  1. Connect to the AFX server machine using the “afx account”
  2. Stop the AFX server.
<path-to-AFX>/afx stop

  1. Change directory to afx account home directory and rename AFX folder to AFX-backup:
/home/afxuser/AFX/afx stop
cd /home/afxuser
mv AFX AFX-backup


  1. Copy the AFX Server archive that was downloaded from RSA platform to the afx account home directory on the AFX server machine (e. g., /home/afxuser)
  2. Change directory to the afx account home directory and expand the AFX Server archive. For example,
cd /home/afxuser
unzip AFXServer.zip

  1. An AFX directory should have been created in the afx account home directory (e. g., /home/afxuser/AFX) containing the server files
  2. Change to the AFX directory and execute the setPerms.sh script located in AFX/bin to set file permissions. For example,
cd /home/afxuser/AFX
sh bin/setPerms.sh

  1. Restore the ActiveMQ data directory (and all contents) from prior installation backup to the new AFX install.
cp -rfp <path-to-AFX-backup>/activemq/data  <path-to-AFX>/activemq

  1. Start the AFX server:
<path-to-AFX>/afx start

Installing AFX Connector Packages


The following steps detail the process for installing / importing Connector Packages for this AFX version using the RSA Platform application. You will need to download AFX-<version>-Standard-Connectors.zip from the RSALink.
  1. Login to the RSA Platform.
  2. Select AFX > Import.
  3. Browse to the AFX-<version>-Standard-Connectors.zip file you downloaded from RSA Link.'s Download Central.
  4. Select Next.
  5. Check the Select all items box to select all connector templates listed for import.
  6. Select Import to load all standard connector template packages for this release version into the RSA Platform.
  7. If you are licensed for one or more AFX Premium Connector(s), repeat the above steps for AFX-<version>-Premium-Connectors.zip (also available from RSA Link.'s Download Central).
  8. NOTE: Once the operation completes, connectors and templates in the system that were created from an older version of a package that was imported will be migrated to include enhancements available in the newer version such as new capabilities and settings, fixes for known issues, and any necessary changes to ensure compatibility with the AFX server for this release version.

Attachments

    Outcomes