000035603 - How to install and reinstall the Access Fulfillment Express (AFX) server on an RSA Identity Governance & Lifecycle hardware or software appliance

Document created by RSA Customer Support Employee on Oct 9, 2017Last modified by RSA Customer Support Employee on Jun 18, 2018
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000035603
Applies ToRSA Product Set: Identity Governance & Lifecycle
RSA Version/Condition: 7.0.1, 7.0.2, 7.1
IssueThis article is a step by step instruction on how to install and reinstall the Access Fulfillment  Express (AFX) server on an RSA Identity Governance & Lifecycle hardware or software appliance
Tasks

The information below assumes the afxuser is the oracle user. A separate afxuser can be created. See the RSA Identity Governance & Lifecycle Installation Guide for more information.


These are the steps for installing or reinstalling the AFX server component on an RSA Identity Governance & Lifecycle appliance using the AFXServer.zip generated from the Administrative console:

  1. Login to the RSA Governance & Lifecycle Administration Interface (e. g., https://rsa-access.yourcompany.com/aveksa/main).
  2. Download the AFXServer.zip from the UI under AFXServers > AFX ServerDownload Server Archive.
  3. Download server.keystore from the UI under Admin > System > Security  > Download 'Server Certificate Store for Agent SSL Connections.
  4. Transfer the AveksaServer.zip and server.keystore from your PC to the RSA Identity Governance & Lifecycle appliance using a tool like WinSCP or another SFTP client and place the files under /tmp.
  5. Change to the root user.


sudo su -


  1. Shutdown AFX, if it exists, and check that no AFX processes remain.


cd /home/oracle
service afx_server stop
ps -ef | grep AFX


  1. Kill any remaining AFX processes, where xxxx are any AFX processes still running:


kill -9 xxxx


  1. Backup the pre-existing AFX directory, if it exists.


mv AFX AFX.old


  1. Unpack the AFXServer.zip, change file and  group ownership:


unzip /tmp/AFXServer.zip
chown -R oracle:oinstall AFX


  1. Navigate to AFX/bin and run the script to set permissions:


cd AFX/bin
sh ./setPerms.sh


  1. Create symbolic link to from afx_server to /etc/init.d/afx_server, if it does not exist:


ln -s afx_server /etc/init.d/afx_server


  1. Activate the system service.


chkconfig afx_server on


  1. Start AFX:


cd /home/oracle
service afx_server start


  1. Configure the AFX environment by editing /home/oracle/AFX/bin/setAFXEnv.sh and set the AFX home directory from AFX_HOME= to AFX_HOME=/home/oracle/AFX:


cp /home/oracle/AFX/bin/setAFXEnv.sh /home/oracle
cp /home/oracle/AFX/bin/setAFXEnv.sh /root
chown oracle:oinstall /home/oracle/setAFXEnv.sh


  1. A quick and easy check to ensure that your AFX environment variables are set correctly can be determined by running the following command as the oracle user:


env | grep AFX


  1. Start AFX as the oracle user


service afx_server start

Attachments

    Outcomes