EMC Documentum My Documentum for Microsoft SharePoint Version 6.5 SP2 Installation and Configuration Guide P/N 300-009-826 A02 EMC Corporation Corporate Headquarters: Hopkinton, MA 01748-9103 1-508-435-1000 www.emc.com
Copyright 2009 EMC Corporation. All rights reserved. Published November 2009 EMC believes the information in this publication is accurate as of its publication date. The information is subject to change without notice. THE INFORMATION IN THIS PUBLICATION IS PROVIDED AS IS. EMC CORPORATION MAKES NO REPRESENTATIONS OR WARRANTIES OF ANY KIND WITH RESPECT TO THE INFORMATION IN THIS PUBLICATION, AND SPECIFICALLY DISCLAIMS IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Use, copying, and distribution of any EMC software described in this publication requires an applicable software license. For the most up-to-date listing of EMC product names, see EMC Corporation Trademarks on EMC.com. All other trademarks used herein are the property of their respective owners.
Table of Contents Preface... 9 Chapter 1 Introducing My Documentum for Microsoft SharePoint... 11 My Documentum for Microsoft SharePoint overview... 11 How My Documentum for Microsoft SharePoint works... 11 Chapter 2 Chapter 3 Planning for My Documentum for Microsoft SharePoint Installation... 15 Typical installation scenario... 15 My Documentum for Microsoft SharePoint prerequisites... 16 Obtaining the installer files... 17 Preparing for SSO... 17 Preparing the Active Directory service... 18 Creating the keytab file... 19 Encrypting the super user password... 20 Preinstallation checklist... 22 Installing and Configuring My Documentum for Microsoft SharePoint... 23 Deploying the EAR files... 24 Deploying the EAR files on JBoss... 24 Deploying the emc-dfs.ear file... 24 Deploying the emc-spa.ear file... 25 Copying the MDSP JAR files to DFS... 26 Referencing the JAAS login module... 27 Setting up the DFS handler chain... 28 Copying the runtime properties file to the EAR extraction folder... 28 Deploying the EAR files on BEA WebLogic... 29 Deploying the EAR files on Oracle AS... 30 Deploying the EAR files on IBM WebSphere... 32 Installing My Documentum for Microsoft SharePoint... 34 Deploying the solution in Central Administration... 34 Modifying the web.config file... 35 Activating the feature in SharePoint... 36 Completing the solution configuration... 36 Setting the Java memory allocation... 37 Setting logging permissions for the Application Pool account... 38 Completing SSO configuration... 38 Setting up LDAP authentication in Content Server... 38 Enabling SSO in the cssp.config file... 42 Chapter 4 Configuring Documentum Web Parts... 45 EMC Documentum My Documentum for Microsoft SharePoint Version 6.5 SP2 Installation and Configuration Guide 3
Table of Contents Overview... 45 Add a Web Part... 46 Remove a Web Part... 48 Modifying Web Parts... 49 Modify Web Parts overview... 49 Modify a shared Web Part... 51 Appearance... 52 Title... 52 Height... 53 Width... 53 Chrome state... 53 Chrome type... 54 Layout... 54 Hidden... 54 Direction... 54 Zone... 55 Zone Index... 55 Advanced... 55 Allow... 56 Export mode... 56 Title URL... 56 Description... 57 Help URL... 57 Help mode... 57 Catalog icon image URL... 57 Title icon image URL... 57 Import error message... 57 Target audiences... 58 EMC Documentum ToolPane... 58 Libraries... 59 Inactive menu item options... 60 Display options... 60 Advanced features options... 61 Modify my Web Part... 61 Documentum Log In... 61 Appearance... 62 Title... 63 Height... 64 Width... 64 Chrome state... 64 Chrome type... 64 Layout... 64 Hidden... 65 Direction... 65 Zone... 65 Zone Index... 65 EMC My Documentum for Microsoft SharePoint... 66 My Documentum for SharePoint Site Settings... 67 DFS path configuration... 68 Library manager... 68 Advanced features configuration... 70 Property display options... 72 Column header settings... 74 Display options... 75 Documentum Library... 77 Documentum Search... 79 4 EMC Documentum My Documentum for Microsoft SharePoint Version 6.5 SP2 Installation and Configuration Guide
Table of Contents Chapter 5 Customizing My Documentum for Microsoft SharePoint... 83 Configuring SSL... 83 Using a BOCS server... 83 Configuring BOCS in DA... 84 Modifying the MDSP config file... 84 Enabling CTS transformations... 85 Chapter 6 Removing My Documentum for Microsoft SharePoint... 87 Chapter 7 Troubleshooting Installation... 89 Locating the log files... 89 Your system fails the test for installation prerequisites... 90 There is a Web Part Error on the SharePoint site... 90 There are multiple DFS instances running... 90 Appendix A Configurable Settings... 91 Glossary... 93 EMC Documentum My Documentum for Microsoft SharePoint Version 6.5 SP2 Installation and Configuration Guide 5
Table of Contents List of Figures Figure 1. Depiction of MDSP functionality... 13 Figure 2. Typical installation scenario... 16 Figure 3. Example of selected site... 46 Figure 4. Edit page for selected site... 47 Figure 5. Web Parts shared view edit options... 47 Figure 6. Changing the shared view to the personal view... 48 Figure 7. Web Parts personal view edit options... 48 Figure 8. Personalize this page... 49 Figure 9. Modify My Web Part... 50 Figure 10. Show Shared View... 50 Figure 11. Show Personal View... 50 Figure 12. Selecting Modify Shared Web Part... 51 Figure 13. Web Part editing pane... 51 Figure 14. Modify Shared Web Part Appearance... 52 Figure 15. Builder text entry box... 53 Figure 16. Modify Shared Web Part Layout... 54 Figure 17. Modify Shared Web Part Advanced (top and bottom halves of section)... 55 Figure 18. EMC Documentum ToolPane... 58 Figure 19. Library editing dialog box... 60 Figure 20. Modify My Web Part... 61 Figure 21. Documentum Login screen... 62 Figure 22. Modify My Web Part Appearance... 63 Figure 23. Builder text entry box... 63 Figure 24. Modify My Web Part Layout... 65 Figure 25. Site collection features page... 66 Figure 26. Site collection settings for EMC My Documentum... 67 Figure 27. DFS path configuration screen... 68 Figure 28. Library manager default screen... 69 Figure 29. Documentum login screen... 69 Figure 30. Modify Documentum libraries... 70 Figure 31. Advanced features configuration default screen... 71 Figure 32. Modify advanced features options... 72 Figure 33. Properties display options default screen... 73 Figure 34. Column header settings screen... 74 Figure 35. Modify column header settings... 75 Figure 36. Display options default settings... 76 Figure 37. Modify display options... 77 6 EMC Documentum My Documentum for Microsoft SharePoint Version 6.5 SP2 Installation and Configuration Guide
Table of Contents Figure 38. Reordering according to selected attribute... 78 Figure 39. User actions for Web Parts... 78 Figure 40. Logging in... 78 Figure 41. Logged in... 79 Figure 42. Documentum Search log in... 79 Figure 43. Documentum search log in... 80 Figure 44. Simple Search... 80 Figure 45. Default screen for Documentum Search... 81 Figure 46. Logging out... 81 EMC Documentum My Documentum for Microsoft SharePoint Version 6.5 SP2 Installation and Configuration Guide 7
Table of Contents List of Tables Table 1. MDSP installer packages and host locations... 17 Table 2. Windows domain functional levels for SSO... 18 Table 3. Preinstallation checklist... 22 Table 4. Configurable settings in cssp.config file... 91 8 EMC Documentum My Documentum for Microsoft SharePoint Version 6.5 SP2 Installation and Configuration Guide
Preface This guide describes how to install and configure My Documentum for Microsoft SharePoint as an integration to an existing SharePoint deployment. It provides preinstallation guidance for My Documentum for Microsoft SharePoint as well as information relating to removal and troubleshooting. Intended audience This manual is intended primarily for administrators who are installing this application as an integration to an existing SharePoint deployment. You should have SharePoint knowledge and experience and be familiar with SharePoint s Central Administration interface. Revision history The following changes have been made to this document. Revision date October 2009 November 2009 Description Initial publication. Republished to reflect corrections to Deploying the emc-spa.ear file procedures in Chapter 3. EMC Documentum My Documentum for Microsoft SharePoint Version 6.5 SP2 Installation and Configuration Guide 9
Preface 10 EMC Documentum My Documentum for Microsoft SharePoint Version 6.5 SP2 Installation and Configuration Guide
Introducing My Documentum for Microsoft SharePoint Chapter 1 This chapter describes My Documentum for Microsoft SharePoint and its main functions: My Documentum for Microsoft SharePoint overview, page 11 How My Documentum for Microsoft SharePoint works, page 11 My Documentum for Microsoft SharePoint overview My Documentum for Microsoft SharePoint (MDSP) provides a set of Web Parts that can be easily deployed to Windows SharePoint Services (WSS) or Microsoft Office SharePoint Server (MOSS). These Web Parts provide direct client-level access to Documentum Content Server through a SharePoint interface. End users can access Documentum from SharePoint through the Documentum Library and Documentum Search Web Parts. Either Kerberos Single sign-on (SSO) or session-based SSO can be used to securely access Documentum features and content. How My Documentum for Microsoft SharePoint works In a My Documentum for Microsoft SharePoint deployment, SharePoint users have seamless access to content in a Documentum library. Several processes work together to manage this functionality, as illustrated in Figure 1, page 13. EMC Documentum My Documentum for Microsoft SharePoint Version 6.5 SP2 Installation and Configuration Guide 11
Introducing My Documentum for Microsoft SharePoint Client access to Documentum is handled as follows: 1. After starting a SharePoint session, a SharePoint user logs in to either the Documentum Library or Documentum Search Web Part. 2. The SharePoint server service gathers login information to pass to Documentum. 3. The Documentum Foundation Service (DFS) service passes user credentials to Content Server to obtain a session for the SharePoint user. 4. The SharePoint user is granted access to the Documentum library. Depending on which MDSP Web Part was invoked, the user can browse or search the library and perform actions such as check in, check out, and edit. The My Documentum for Microsoft SharePoint User Guide describes Documentum Web Part functionality in detail. 12 EMC Documentum My Documentum for Microsoft SharePoint Version 6.5 SP2 Installation and Configuration Guide
Introducing My Documentum for Microsoft SharePoint Figure 1. Depiction of MDSP functionality EMC Documentum My Documentum for Microsoft SharePoint Version 6.5 SP2 Installation and Configuration Guide 13
Introducing My Documentum for Microsoft SharePoint 14 EMC Documentum My Documentum for Microsoft SharePoint Version 6.5 SP2 Installation and Configuration Guide
Planning for My Documentum for Microsoft SharePoint Installation Chapter 2 This chapter describes a typical installation, highlights any software or hardware considerations that you should be aware of before installing My Documentum for Microsoft SharePoint, and outlines preinstallation tasks: Typical installation scenario, page 15 My Documentum for Microsoft SharePoint prerequisites, page 16 Obtaining the installer files, page 17 Preparing for SSO, page 17 Preinstallation checklist, page 22 Typical installation scenario My Documentum for Microsoft SharePoint provides Web Parts that enable SharePoint users to search, browse, and access content in a Documentum Content Server. EMC Documentum Foundation Services (DFS) and SharePoint server services handle authentication requests between the SharePoint client and Documentum. Windows Active Directory service plays a role in handling Single sign-on (SSO). Many components of My Documentum for Microsoft SharePoint are installed on the DFS host. The installer executable (setup.exe) is deployed on all web front-end (WFE) servers in the SharePoint farm, and the solution is deployed to the farm through SharePoint Central Administration. Figure 2, page 16 illustrates an installation scenario in which DFS resides on the Content Server host; other configurations are possible. EMC Documentum My Documentum for Microsoft SharePoint Version 6.5 SP2 Installation and Configuration Guide 15
Planning for My Documentum for Microsoft SharePoint Installation Figure 2. Typical installation scenario In distributed environments, content transfer performance can be improved for remote users by configuring a Documentum Branch Office Caching Services (BOCS) server for MDSP. See Using a BOCS server, page 83 for details. My Documentum for Microsoft SharePoint prerequisites Successful MDSP installation requires these prerequisite applications: Microsoft Office SharePoint Server (MOSS) or Windows SharePoint Server (WSS) EMC Documentum Content Server The My Documentum for Microsoft SharePoint Release Notes specifies the certified versions of these prerequisites and provides more detailed requirements information. A specific build of Documentum Foundation Services (DFS) is required for My Documentum for Microsoft SharePoint. If you have previously deployed DFS, you will overwrite its files with the DFS EAR file supplied with MDSP. You do not need to uninstall an existing DFS application before deploying MDSP. If you plan to use BOCS in your MDSP deployment, BOCS and Documentum Administrator (DA) are additional prerequisites. 16 EMC Documentum My Documentum for Microsoft SharePoint Version 6.5 SP2 Installation and Configuration Guide
Planning for My Documentum for Microsoft SharePoint Installation Obtaining the installer files The MDSP installer files are packaged in three ZIP files on the EMC Documentum Download Center site. Before proceeding with installation or SSO preparation (where applicable), you should obtain the installer packages as FTP downloads from the Powerlink website (http://powerlink.emc.com) and save the packages to the hosts listed below. Table 1. MDSP installer packages and host locations Name of installer package Contents Deployed to... My Documentum for Microsoft SharePoint setup.exe SSO folder containing: handler folder (contains SSO handler JAR files) samplefiles folder (contains authorized-service-handlerchain.xml, krb5.conf, local-dfs-runtime.properties, login-config.xml (for JBoss application servers only), login.config) Each WFE in the SharePoint farm DFS server host machine My Documentum for Microsoft SharePoint Services Documentum Foundation Services Hot Fix Build 230 tool folder (contains the trustpassword tool) emc-spa.ear emc-dfs.ear DFS server host machine DFS server host machine Preparing for SSO My Documentum for Microsoft SharePoint includes Kerberos Single sign-on (SSO) functionality. The procedures in Completing SSO configuration, page 38 cover the configuration tasks that are performed on the DFS server side to enable SSO. Administrators must also configure the SharePoint server to enable Kerberos authentication and impersonation. For example, you must deploy Windows Active Directory service and create a DFS service principal account (with the recommended name of dfsservice@domain) in the Kerberos domain. It is also important to ensure that the application pool user is a member of the WSS_WPG and IIS_WPG groups. Consult Microsoft documentation for instructions on configuring Kerberos authentication on MOSS or WSS. If the SharePoint server is not explicitly configured to support Kerberos SSO, My Documentum for Microsoft SharePoint will use session-based SSO. EMC Documentum My Documentum for Microsoft SharePoint Version 6.5 SP2 Installation and Configuration Guide 17
Planning for My Documentum for Microsoft SharePoint Installation It is recommended that you complete the following Kerberos SSO procedures before proceeding with MDSP installation: Preparing the Active Directory service, page 18 Creating the keytab file, page 19 Encrypting the super user password, page 20 If you do not wish to configure SSO, skip to Preinstallation checklist, page 22. Preparing the Active Directory service As part of SSO preinstallation, you need to configure some settings in Windows Active Directory (AD). The following procedure is performed on the Active Directory server and pertains to the domain functional levels outlined in Table 2, page 18. Table 2. Windows domain functional levels for SSO Domain functional level Domain controller operating system Windows Server 2003 Windows Server 2008 Windows 2000 mixed Windows 2000 native Windows Server 2003 interim Windows Server 2003 Windows Server 2008 Windows Server 2008 R2 To prepare Windows Active Directory for SSO: 1. If you have not already done so, create a DFS service principal account in Active Directory Server. This account will be used for creating a keytab file on the DFS server later on. For example, create an account named dfsservice. The principal account name will be dfsservice@<your domain name>. Note that the domain name should be in all uppercase letters. 2. On Windows Server 2003 only, modify the registry to allow the session key in TGT (ticket granting ticket): a. Go to Start > Run; enter regedit and click OK. b. Under HKEY_LOCAL_MACHINE, navigate to System\CurrentControlSet\Control\Lsa\Kerberos\Parameters. c. Ensure that the registry setting for allowtgtsessionkey is: Value Type: REG_DWORD Value: (1) 18 EMC Documentum My Documentum for Microsoft SharePoint Version 6.5 SP2 Installation and Configuration Guide
Planning for My Documentum for Microsoft SharePoint Installation 3. On the domain controller, open a command prompt. Run the setspn command to add the service principal name (<service name>/<fully qualified host name>) to the domain controller. In the following example, the service name (DFS) and host name of DFS server (dfsserver.spa.bj.local) is registered: setspn A DFS/dfsserver.spa.bj.local dfsservice Creating the keytab file Before a server can be configured to use the Kerberos protocol, a Kerberos keytab file must be created for the DFS server. This keytab file stores the DFS Service Principal s service key. Note: Creation of the DFS Service Principal account is a preinstallation task described earlier in this section. You use the kinit and ktab command tools provided by Java Development Kit (JDK) 1.5 to create the keytab file and manage the principal names and service keys stored in a local key table. Consult the JDK documentation for more information about these command tools. To create the keytab file: 1. Locate the krb5.conf file located in the SSO\sampleFiles folder of the My Documentum for Microsoft SharePoint installer package. Open the file in a text editor and configure the attributes in bold text with the appropriate values for your environment: [libdefaults] default_realm = MOSSTEST.LOC default_tkt_enctypes = des cbc md5 rc4 hmac aes128 cts default_tgs_enctypes = des cbc md5 rc4 hmac aes128 cts noaddresses = true [realms] MOSSTEST.LOC = { kdc = 192.168.20.90 default_domain = MOSSTEST.LOC } where: MOSSTEST.LOC is your domain name. Be sure to use all uppercase letters. 192.168.20.90 is your Active Directory server IP address. Note: Java supports more encryption types than are configured by default in the MDSP krb5.conf sample file. If you are using a different encryption type in your Active Directory environment, consult the JDK 1.5 documentation to ensure that your encryption type is supported for Kerberos SSO. Additional supported encryption types can then be added to the krb5.conf file. Ensure that des cbc md5 encryption remains in this file, because the super user password tool uses the DES key for encryption. 2. Save the modified krb5.conf file to the <java home>\jre\lib\security directory. EMC Documentum My Documentum for Microsoft SharePoint Version 6.5 SP2 Installation and Configuration Guide 19
Planning for My Documentum for Microsoft SharePoint Installation 3. For verification purposes, run the kinit tool to obtain and cache the Kerberos ticket for the DFS Service Principal: kinit <your DFS service account> Here is an example: C:\Documents and Settings\dmadmin>kinit dfsservice You will be prompted to enter the password for this account and then you should get this message: New ticket is stored in cache file C:\Documents and Settings\dmadmin\krb5cc_dmadmin 4. Run the ktab tool to create a keytab file for the DFS service principal: ktab a <principal_name> k <keytab_name> where: The principal_name is the DFS account you created in Active Directory Server. The keytab_name is your keytab file name. You can name it anything and the file will be created at your current location. Here is an example: C:\Documents and Settings\dmadmin>ktab a dfsservice k dfsservice.ktab Note that after you enter <principal_name>, you will be prompted for your password. For security reasons, the password should never be specified on the command line or in a script. Caution: The generated keytab file is critical for the SSO solution to authenticate itself to a Kerberos domain. It must be protected by the highest security level. The keytab file should always be stored on a local disk; ensure it is always readable only by the DFS running account. Encrypting the super user password The super user account for Content Server authentication does not need to be an Active Directory domain account. The super user account, user name, and password must be the same across multiple repositories if all of these repositories are to be accessed via SSO. Perform the following procedure on the DFS host. 20 EMC Documentum My Documentum for Microsoft SharePoint Version 6.5 SP2 Installation and Configuration Guide
Planning for My Documentum for Microsoft SharePoint Installation To encrypt the super user password for Content Server authentication: 1. Configure a standard JAAS login configuration file that defines the same JAAS login as the DFS server login: Locate the login.config file (not the login-config.xml file) located in the SSO\sampleFiles folder of the My Documentum for Microsoft SharePoint installer package. Open the file in a text editor such as WordPad. Change the value for the principal attribute so that it matches the DFS service principal account (such as dfsservice@spa.bj.local) created in Preparing the Active Directory service, page 18. Save the modified login.config file in another location: On WebLogic, the recommended location is the %USER_DOMAIN%\security folder. On all other application servers, save the file anywhere on the DFS host. 2. Locate the local-dfs-runtime.properties file located in the SSO\sampleFiles folder of the My Documentum for Microsoft SharePoint installer package. Open the file in a text editor. Configure the following five values for your environment: dfs.kerberos.realm This is the Kerberos domain name; for example, SPA.BJ.LOCAL. This value should be in all capital letters. dfs.kerberos.kdc This is the Kerberos domain controller s IP address or host name. dfs.kerberos.dfc.trustedprincipal This is the super user name for Content Server; for example, suser. This user may be the Content Server installation owner. dfs.kerberos.dfc.trustedcred.file This is the path to the encrypted password file; for example, C:\\contentservertrust.password. dfs.kerberos.signature.verify This value specifies whether the Kerberos signature should be verified. By default, this value is false. Save the modified local-dfs-runtime.properties file to a temporary location. Later on, you will copy this file to the DFS EAR extraction folder. 3. Run the trustpassword tool: a. Copy the SSO\tool folder (along with its lib subfolder) from the My Documentum for Microsoft SharePoint installer package to your DFS host. b. Run trustpassword.bat in a DOS command prompt window using the following command: trustpassword l <JAAS LOGIN FILE> p <LOCAL DFS RUNTIME PROPERTIES FILE> where: JAAS LOGIN FILE is the login.config file configured in Step 1 LOCAL DFS RUNTIME PROPERTIES FILE is the file modified in Step 2 EMC Documentum My Documentum for Microsoft SharePoint Version 6.5 SP2 Installation and Configuration Guide 21
Planning for My Documentum for Microsoft SharePoint Installation For example, if the login.config and local-dfs-runtime.properties files are in the current directory, the command would be: trustpassword l login.config p local dfs runtime.properties The program first logs itself in Kerberos domain according to configurations in the <JAAS LOGIN FILE>. c. When prompted to do so, enter the password of the super user (dfs.kerberos.dfc. trustedprincipal) added to the local-dfs-runtime.properties file in Step 2. You will receive confirmation that the super user s password was successfully encrypted and saved. The password is encrypted with the DFS Service Principal s secret key at the location specified in local-dfs-runtime.properties with the following parameter: dfs.kerberos.dfc.trustedcred.file. Preinstallation checklist Before you install MDSP, complete the following tasks: Table 3. Preinstallation checklist Requirement Review the system requirements documented in the My Documentum for Microsoft SharePoint Release Notes. Ensure that the prerequisite applications are installed and configured. Obtain installers and save them to the appropriate hosts. Ensure that the SharePoint server SSO requirements have been met if you wish to enable Kerberos functionality. Complete the Kerberos SSO preinstallation procedures listed in Preparing for SSO, page 17. If MDSP was previously installed on this host, be sure to remove it before reinstalling. For more information Refer to the My Documentum for Microsoft SharePoint Release Notes for the version you are installing. See My Documentum for Microsoft SharePoint prerequisites, page 16. Refer to Obtaining the installer files, page 17. See Preparing for SSO, page 17. Follow the procedures in Chapter 6, Removing My Documentum for Microsoft SharePoint. 22 EMC Documentum My Documentum for Microsoft SharePoint Version 6.5 SP2 Installation and Configuration Guide
Chapter 3 Installing and Configuring My Documentum for Microsoft SharePoint My Documentum for Microsoft SharePoint installation requires you to perform a number of installation tasks on Documentum Foundation Services (DFS) host machines in addition to configuration tasks in SharePoint Central Administration and SharePoint sites. Also, configuration files must be modified to enable successful integration between MDSP and the DFS server, and various authentication configuration tasks are required if you are using Kerberos SSO in your environment. The only Documentum Foundation Services (DFS) version that can be used with MDSP is provided in the Documentum Foundation Services Hot Fix Build 230 installer package. Before proceeding with installation, you should determine which host machine will serve as the DFS server. If you already have deployed DFS, either on the Content Server host or a separate host, you can overwrite its files with the DFS EAR file supplied with MDSP. You do not need to uninstall an existing DFS application before deploying MDSP. Consult the DFS documentation for additional information about DFS requirements and deployment scenarios. This chapter outlines the installation and configuration tasks required to install My Documentum for Microsoft SharePoint: Deploying the EAR files, page 24 Installing My Documentum for Microsoft SharePoint, page 34 Deploying the solution in Central Administration, page 34 Modifying the web.config file, page 35 Activating the feature in SharePoint, page 36 Completing the solution configuration, page 36 Setting the Java memory allocation, page 37 Setting logging permissions for the Application Pool account, page 38 Completing SSO configuration, page 38 is required only if you are enabling Kerberos SSO. EMC Documentum My Documentum for Microsoft SharePoint Version 6.5 SP2 Installation and Configuration Guide 23
Installing and Configuring My Documentum for Microsoft SharePoint Deploying the EAR files This section provides procedures for deploying the two MDSP EAR files on the DFS host on the following application servers: JBoss BEA WebLogic Oracle Application Server WebSphere Some SSO configuration steps are also included in these deployment procedures. Completing SSO configuration, page 38 outlines the remaining SSO steps that are performed after installation is complete. Tip: At certain times during EAR file deployment, you are asked to restart the application server. To ensure that configuration changes take effect and to avoid having multiple DFS instances running, you should delete temporary working folders on the application server before performing the restart. Deploying the EAR files on JBoss This section includes procedures for DFS hosts residing on JBoss application servers, in addition to SSO configuration: Deploying the emc-dfs.ear file, page 24 Deploying the emc-spa.ear file, page 25 Copying the MDSP JAR files to DFS, page 26 (for SSO only) Referencing the JAAS login module, page 27 (for SSO only) Setting up the DFS handler chain, page 28 (for SSO only) Copying the runtime properties file to the EAR extraction folder, page 28 (for SSO only) Deploying the emc-dfs.ear file The first installation step involves deploying the DFS EAR file, which is packaged in the DFS Hot Fix installer for MDSP. This EAR file comprises a DFS build that includes a number of MDSP specific patches that are essential for this application. Follow the procedure that is appropriate for your deployment scenario. To deploy the DFS hot fix on the Content Server host: 1. Locate the EMC DFS 6.5 SP2 Hot Fix Build 230 installer ZIP file that was downloaded during preinstallation (see Obtaining the installer files, page 17). Extract the emc-dfs.ear file to the emc-dfs folder, and then change the folder name to dfs.ear. 2. Go to the APP-INF\classes directory and update the dfc.properties file by copying the settings from your Content Server installation. On a Windows installation, the dfc.properties file you can 24 EMC Documentum My Documentum for Microsoft SharePoint Version 6.5 SP2 Installation and Configuration Guide
Installing and Configuring My Documentum for Microsoft SharePoint copy is usually located at C:\Documentum\config; use this file to overwrite the dfc.properties file located in the APP-INF\classes\ directory. 3. From Windows Start > Run, open services.msc. Stop the Documentum Java Method Server service. 4. Go to C:\Documentum\jboss4.2.0\server\DctmServer_MethodServer\deploy. Delete the old dfs.ear folder, and then copy the new dfs.ear folder that was created in Step 1. 5. From Windows Start > Run, open services.msc. Start the Documentum Java Method Server service. To deploy the DFS hot fix on a separate host from Content Server: 1. Locate the EMC DFS 6.5 SP2 Hot Fix Build 230 installer ZIP file that was downloaded during preinstallation (see Obtaining the installer files, page 17). Extract the emc-dfs.ear file to the emc-dfs folder, and then change the folder name to dfs.ear. 2. Go to the APP-INF\classes directory and update the dfc.properties file by copying the settings from your Content Server installation. On a Windows installation, the dfc.properties file you can copy is usually located at C:\Documentum\config; use this file to overwrite the dfc.properties file located in the \APP-INF\classes\ directory. 3. From Windows Start > Run, open services.msc. Stop the EMC Documentum Foundation Services service. 4. Go to C:\Documentum\jboss4.2.0\server\DctmServer_DFS\deploy. Delete the old dfs.ear folder, and then copy the new dfs.ear folder that was created in Step 1. 5. From Windows Start > Run, open services.msc. Start the EMC Documentum Foundation Services service. The next procedure is Deploying the emc-spa.ear file, page 25. Deploying the emc-spa.ear file The emc-spa.ear file includes DFS web service extensions that are required by MDSP. Follow the procedure that is appropriate for your deployment scenario. To deploy the emc-spa.ear file with DFS on Content Server: 1. Locate the EMC My Documentum for Microsoft SharePoint Services file that was downloaded during preinstallation (see Obtaining the installer files, page 17). 2. Extract the emc-spa.ear file to the emc-spa folder, and then change the folder name to spa.ear. 3. Go to the APP-INF\classes directory and update the dfc.properties file by copying the settings from your Content Server installation. On a Windows installation, the dfc.properties file you can copy is usually located at C:\Documentum\config; use this file to overwrite the dfc.properties file located in the APP-INF\classes\ directory. 4. From Windows Start > Run, open services.msc. Stop the Documentum Java Method Server service. 5. Copy the spa.ear folder to C:\Documentum\jboss4.2.0\server\DctmServer_ MethodServer\deploy. EMC Documentum My Documentum for Microsoft SharePoint Version 6.5 SP2 Installation and Configuration Guide 25
Installing and Configuring My Documentum for Microsoft SharePoint 6. From Windows Start > Run, open services.msc. Start the Documentum Java Method Server service. 7. Test to ensure that it deployed correctly by verifying that WSDL can be viewed for one of the services. This can be done from a Web browser by navigating to: http://[dfsserver]:port/services/spa/alertmeservice?wsdl. For DFS 6.5, the default port is 9080. To deploy the emc-spa.ear file with DFS on a separate host from Content Server: 1. Locate the EMC My Documentum for Microsoft SharePoint Services file that was downloaded during preinstallation (see Obtaining the installer files, page 17). 2. Extract the emc-spa.ear file to the emc-spa folder, and then change the folder name to spa.ear. 3. Go to the APP-INF\classes directory and update the dfc.properties file by copying the settings from your Content Server installation. On a Windows installation, the dfc.properties file you can copy is usually located at C:\Documentum\config; use this file to overwrite the dfc.properties file located in the \APP-INF\classes\ directory. 4. From Windows Start > Run, open services.msc. Stop the EMC Documentum Foundation Services service. 5. Copy the spa.ear folder to C:\Documentum\jboss4.2.0\server\DctmServer_DFS\deploy. 6. From Windows Start > Run, open services.msc. Start the EMC Documentum Foundation Services service. 7. Test to ensure that it deployed correctly by verifying that WSDL can be viewed for one of the services. This can be done from a Web browser by navigating to: http://[dfsserver]:port/services/spa/alertmeservice?wsdl. For DFS 6.5, the default port is 9080. If you are enabling Kerberos SSO, proceed to Copying the MDSP JAR files to DFS, page 26. Otherwise, the next step is to run the MDSP installer. Copying the MDSP JAR files to DFS Several MDSP JAR files need to be copied to the DFS host to enable the SSO solution. Note: This procedure is required only for Kerberos SSO. To copy the SSO JAR files to the DFS host: 1. Stop the Documentum Java Method Server service. 2. Locate the following JAR files in the SSO\handler folder within the My Documentum for Microsoft SharePoint installer package: bcprov-jdk14 140.jar commons-logging-1.1.jar krbhandler.jar opensaml-1.1.jar 26 EMC Documentum My Documentum for Microsoft SharePoint Version 6.5 SP2 Installation and Configuration Guide
Installing and Configuring My Documentum for Microsoft SharePoint serializer.jar wss4j-1.5.4.jar xalan-2.7.1.jar xmlsec-1.4.2.jar 3. Copy these JAR files to the following locations on the DFS host: C:\Documentum\jboss4.2.0\server\DctmServer_MethodServer\deploy\dfs.ear\APP- INF\lib C:\Documentum\jboss4.2.0\server\DctmServer_MethodServer\deploy\spa.ear\APP- INF\lib 4. Start the Documentum Java Method Server service. The next SSO procedure is Referencing the JAAS login module, page 27. Referencing the JAAS login module The login-config.xml file that resides on the DFS host requires an additional node for the DFSServer policy. You will copy this node from the login-config.xml sample file provided and then configure certain values in this node. The DFSServer <application-policy> node references the Java Authentication and Authorization Service (JAAS) login module, which represents a JDK 1.5 built-in Kerberos login module that will be used to authenticate DFS to the Kerberos domain. Note: This procedure is required only for Kerberos SSO. To configure the login-config.xml file for JAAS: 1. On the DFS host, locate the following login-config.xml files: The login-config.xml file located in the SSO\sampleFiles folder of the My Documentum for Microsoft SharePoint installer package. The login-config.xml file located at: C:\Documentum\jboss4.2.0\server\DctmServer_MethodServer\conf (if DFS resides on the Content Server host) C:\Documentum\jboss4.2.0\server\DctmServer_DFS\conf (if DFS resides on a separate host from Content Server) 2. Open both files for editing. 3. Copy the DFSServer <application-policy> node from the sample file into the login-config.xml file in the JBoss folder. 4. Close the sample file. EMC Documentum My Documentum for Microsoft SharePoint Version 6.5 SP2 Installation and Configuration Guide 27
Installing and Configuring My Documentum for Microsoft SharePoint 5. Configure the following attributes in the DFSServer <application-policy> node: <login-module code> This attribute represents the Kerberos login module that will be used to authenticate DFS to the Kerberos domain. usekeytab The value used in this option indicates the Keytab file that was created in Creating the keytab file, page 19. principal This is the DFS service principal account (such as dfsservice@spa.bj.local) created in Preparing the Active Directory service, page 18. Note: The value of <application-policy name> must be DFSServer. Consult the JDK 1.5 documentation for details about the other module options. 6. Save the login-config.xml file in the JBoss folder. Now proceed to Setting up the DFS handler chain, page 28. Setting up the DFS handler chain Note: This procedure is required only for Kerberos SSO. To enable the Kerberos handler in the DFS handler chain: 1. Locate the authorized-service-handler-chain.xml file located in the SSO\sampleFiles folder of the My Documentum for Microsoft SharePoint installer package. Open the file in a text editor and uncomment the Kerberos Handler tag; save this file to the directory in which you saved the emc-dfs.ear file from the DFS Patch for My Documentum for SharePoint installer package. You will be replacing the existing authorized-service-handler-chain.xml at this location with the modified version from the samplefiles folder. 2. Save the modified version of the authorized-service-handler-chain.xml from Step 1 to spa.ear\app-inf\classes. 3. Restart the DFS server so that it will be ready to receive the WSS-Kerberos message. Now proceed to Copying the runtime properties file to the EAR extraction folder, page 28. Copying the runtime properties file to the EAR extraction folder Locate the local-dfs-runtime.properties file that you modified in Step 2 of Encrypting the super user password, page 20. Copy the local-dfs-runtime.properties file to the dfs.ear\app-inf\classes and spa.ear\app-inf\classes folders. The next step is to run the MDSP installer. 28 EMC Documentum My Documentum for Microsoft SharePoint Version 6.5 SP2 Installation and Configuration Guide
Installing and Configuring My Documentum for Microsoft SharePoint Deploying the EAR files on BEA WebLogic The first installation step involves deploying the: DFS EAR file (emc-dfs.ear), which is packaged in the DFS Hot Fix installer. This EAR file comprises a DFS build that includes a number of MDSP specific patches that are essential for this application. SPA EAR file (emc-spa.ear), which is packaged in the MDSP Services download. This file includes DFS web service extensions that are required by MDSP. The following procedure describes how to deploy both EAR files to the DFS host on WebLogic. If you are using SSO in your deployment, it is necessary to perform some SSO configuration during this process so that this configuration is reflected in the EAR folders that are deployed using the WebLogic administration console. To deploy the MDSP EAR files on WebLogic application servers: 1. Locate the EMC DFS 6.5 SP2 Hot Fix Build 230 and EMC My Documentum for Microsoft SharePoint Services files that were downloaded during preinstallation (see Obtaining the installer files, page 17). 2. Extract the emc-dfs.ear and emc-spa.ear files to separate folders (such as dfs/ and spa/). 3. Go to the APP-INF\classes directory of each folder created in Step 2 and update the dfc.properties file by copying the settings from your Content Server installation. On a Windows installation, the dfc.properties file you can copy is usually located at C:\Documentum\config; use this file to overwrite the dfc.properties file located in the \APP-INF\classes\ directory. 4. For SSO only: a. Locate the following JAR files in the SSO\handler folder within the My Documentum for Microsoft SharePoint installer package: bcprov-jdk14 140.jar commons-logging-1.1.jar krbhandler.jar opensaml-1.1.jar serializer.jar wss4j-1.5.4.jar xalan-2.7.1.jar xmlsec-1.4.2.jar b. Copy these JAR files to the APP-INF\lib directory of each folder created in Step 2. c. Locate the authorized-service-handler-chain.xml file located in the SSO\sampleFiles folder of the My Documentum for Microsoft SharePoint installer package. Open the file in a text editor and uncomment the Kerberos Handler tag; save this file to the APP-INF\classes directory of each folder created in Step 2. You will be replacing the existing authorized-service-handler-chain.xml at these locations with the modified version from the samplefiles folder. EMC Documentum My Documentum for Microsoft SharePoint Version 6.5 SP2 Installation and Configuration Guide 29
Installing and Configuring My Documentum for Microsoft SharePoint d. Locate the local-dfs-runtime.properties file that you modified in Step 2 of Encrypting the super user password, page 20. Copy the local-dfs-runtime.properties file to the dfs.ear\app-inf\classes and spa.ear\app-inf\classes folders. 5. Deploy the two EAR folders in the WebLogic administration console. 6. For SSO only, navigate to %DOMAIN_HOME%\bin and update the startweblogic.cmd file by adding the following line: set JAVA_OPTIONS=%JAVA_OPTIONS% -Djava.security.auth.login.config= <pathto>login.config where <pathto> references the login.config file created in Encrypting the super user password, page 20. 7. Restart the WebLogic application server. The next step is to run the MDSP installer. Deploying the EAR files on Oracle AS The first installation step involves deploying the: DFS EAR file (emc-dfs.ear), which is packaged in the DFS Patch download. This EAR file comprises a DFS build that includes a number of MDSP specific patches that are essential for this application. SPA EAR file (emc-spa.ear), which is packaged in the MDSP Services download. This file includes DFS web service extensions that are required by MDSP. The following procedure describes how to deploy both EAR files to the DFS host on Oracle Application Server. If you are using SSO in your deployment, it is necessary to perform some SSO configuration during this process so that this configuration is reflected in the EAR files that are deployed using the Oracle Enterprise Manager Application Server Control console. To deploy the MDSP EAR files on Oracle Application Server: 1. Locate the EMC DFS 6.5 SP2 Hot Fix Build 230 and EMC My Documentum for Microsoft SharePoint Services files that were downloaded during preinstallation (see Obtaining the installer files, page 17). 2. Extract the emc-dfs.ear and emc-spa.ear files to separate folders (such as dfs/ and spa/). 3. Go to the APP-INF\classes directory of each folder created in Step 2 and update the dfc.properties file by copying the settings from your Content Server installation. On a Windows installation, the dfc.properties file you can copy is usually located at C:\Documentum\config; use this file to overwrite the dfc.properties file located in the \APP-INF\classes\ directory. 4. For SSO only: a. Locate the following JAR files in the SSO\handler folder within the My Documentum for Microsoft SharePoint installer package: bcprov-jdk14 140.jar commons-logging-1.1.jar krbhandler.jar 30 EMC Documentum My Documentum for Microsoft SharePoint Version 6.5 SP2 Installation and Configuration Guide
Installing and Configuring My Documentum for Microsoft SharePoint opensaml-1.1.jar serializer.jar wss4j-1.5.4.jar xalan-2.7.1.jar xmlsec-1.4.2.jar b. Copy these JAR files to the APP-INF\lib directory of each folder created in Step 2. c. Locate the authorized-service-handler-chain.xml file located in the SSO\sampleFiles folder of the My Documentum for Microsoft SharePoint installer package. Open the file in a text editor and uncomment the Kerberos Handler tag; save this file to the APP-INF\classes directory of each folder created in Step 2. You will be replacing the existing authorized-service-handler-chain.xml at these locations with the modified version from the samplefiles folder. d. Locate the local-dfs-runtime.properties file that you modified in Step 2 of Encrypting the super user password, page 20. Copy the local-dfs-runtime.properties file to the dfs.ear\app-inf\classes and spa.ear\app-inf\classes folders. e. Update the classpath by adding the following lines: APP-INF/lib/bcprov jdk14 140.jar APP-INF/lib/commons logging 1.1.jar APP-INF/lib/krbhandler.jar APP-INF/lib/opensaml-1.1.jar APP-INF/lib/serializer.jar APP-INF/lib/wss4j 1.5.4.jar APP-INF/lib/xalan 2.7.1.jar APP-INF/lib/xmlsec 1.4.2.jar to the end of these manifest files located in the EAR folders created in Step 2: \services-bpm.war\meta-inf\manifest.mf \services-ci.war\meta-inf\manifest.mf \services-collaboration.war\meta-inf\manifest.mf \services-core.war\meta-inf\manifest.mf \services-search.war\meta-inf\manifest.mf f. Open the system-jazn-data.xml file (located at $ORACLE_HOME$/j2ee/$OC4J_Instance_ Home$/config/) for editing and add: <application> <name>dfsserver</name> <login modules> <login module> <class>com.sun.security.auth.module.krb5loginmodule</class> <control flag>required</control flag> <options> <option> <name>keytab</name> <value>c:\dfsservice.ktab</value> </option> <option> <name>usekeytab</name> <value>true</value> </option> EMC Documentum My Documentum for Microsoft SharePoint Version 6.5 SP2 Installation and Configuration Guide 31
Installing and Configuring My Documentum for Microsoft SharePoint <option> <name>principal</name> <value>dfsservice@spa.bj.local</value> </option> <option> <name>storekey</name> <value>true</value> </option> <option> <name>debug</name> <value>false</value> </option> </options> </login module> </login modules> </application> 5. Restart Oracle Application Server. 6. Package the EAR folders back to EAR files. 7. Open the Oracle Enterprise Manager Application Server Control console. Deploy emc-dfs.ear and emc-spa.ear. Ensure that the Search Local Classes First option is selected for the Web Module Class Loaders. Refer to Oracle documentation for details. 8. Complete the deployment using the Oracle Enterprise Manager Application Server Control console. The next step is to run the MDSP installer. Deploying the EAR files on IBM WebSphere The first installation step involves deploying the: DFS EAR file (emc-dfs.ear), which is packaged in the DFS Patch download. This EAR file comprises a DFS build that includes a number of MDSP specific patches that are essential for this application. SPA EAR file (emc-spa.ear), which is packaged in the MDSP Services download. This file includes DFS web service extensions that are required by MDSP. The following procedure describes how to deploy both EAR files to the DFS host on a WebSphere application server. If you are using SSO in your deployment, it is necessary to perform some SSO configuration during this process so that this configuration is reflected in the EAR files that are deployed using the IBM Integrated Solutions Console. To deploy the MDSP EAR files on IBM WebSphere: 1. Locate the EMC DFS 6.5 SP2 Hot Fix Build 230 and EMC My Documentum for Microsoft SharePoint Services files that were downloaded during preinstallation (see Obtaining the installer files, page 17). 2. Extract the emc-dfs.ear and emc-spa.ear files to separate folders (such as dfs/ and spa/). 3. Go to the APP-INF\classes directory of each folder created in Step 2 and update the dfc.properties file by copying the settings from your Content Server installation. On a Windows installation, the dfc.properties file you can copy is usually located at C:\Documentum\config; use this file to overwrite the dfc.properties file located in the \APP-INF\classes\ directory. 32 EMC Documentum My Documentum for Microsoft SharePoint Version 6.5 SP2 Installation and Configuration Guide
Installing and Configuring My Documentum for Microsoft SharePoint 4. Complete the procedure in the Deploying on IBM WebSphere section of the EMC Documentum Foundation Services 6.5 Deployment Guide to copy the required JAR files, create a shared library, and configure the class loader. 5. For SSO only: a. Locate the following JAR files in the SSO folder within the My Documentum for Microsoft SharePoint installer package: bcprov-jdk14 140.jar commons-logging-1.1.jar krbhandler.jar opensaml-1.1.jar serializer.jar wss4j-1.5.4.jar xalan-2.7.1.jar xmlsec-1.4.2.jar b. Create a new shared library for the SSO JAR files. Copy the JAR files listed in Step a to this shared library. c. Create a JAAS login module using the Websphere console. In the console, navigate to Security > Secure administration, applications, and infrastructure > Java Authentication and Authorization Service > Application logins. Set the following parameters: Name: DFSServer Module name class: com.ibm.security.auth.module.krb5loginmodule; Authentication strategy: required Custom Properties: credstype = both debug = false principal = dfsservice@spa.bj.local usekeytab = file:///c:/dfs.keytab Note: The value shown here for principal is an example. d. Locate the authorized-service-handler-chain.xml file located in the SSO\sampleFiles folder of the My Documentum for Microsoft SharePoint installer package. Open the file in a text editor and uncomment the Kerberos Handler tag; save this file to the APP-INF\classes directory of each folder created in Step 2. You will be replacing the existing authorized-service-handler-chain.xml at these locations with the modified version from the samplefiles folder. e. Locate the local-dfs-runtime.properties file that you modified in Step 2 of Encrypting the super user password, page 20. Copy the local-dfs-runtime.properties file to the dfs.ear\app-inf\classes and spa.ear\app-inf\classes folders. 6. Package the EAR folders back to EAR files. If the folders reside on the DFS server, the folders can be deployed using the console without being packaged back to EAR files. EMC Documentum My Documentum for Microsoft SharePoint Version 6.5 SP2 Installation and Configuration Guide 33