Deploying PAM Federated Sign-In Post Installation

 

Pre-requisites

  • Update the software to its latest version using this guide: Software Updates

  • Update the software’s framework using this guide: Updating the Framework

  • Update the software’s web container using this guide: Updating the WEB Container

  • Requirements for a multi-node setup or a High Availability (HA) environment using CAS v6:

    • A correctly configured load balancer setup with sticky sessions with the same managed path across all the nodes.

    • Synchronized properties for HA environments. Please follow this article to review and sync the PAM environment https://help.xtontech.com/content/installation/advanced-deployments/ha-configuration-for-pam-deployments.htm.

    • AD/LDAP integrations and properties between nodes should be checked and synced properly across the HA environment.

    • PAM certificates and all the certificates you use for your installation should be in a healthy state for all nodes across your HA environment.

Please read the entire procedure outlined in the article before beginning. If you have any questions, please contact the Support team: https://community.imprivata.com/.

Deploying PAM Federated Sign-In Post Installation

  1. Download the PAM Federated Sign-In component to your PAM host machine (PAM Federated Sign-In download CAS v5 or CAS v6 (recommended)).
  2. When the download is complete, unpack the downloaded archive and copy its containing file cas.war to $PAM_HOME/web/webapps.
  3. Edit the file $PAM_HOME/web/conf/catalina.properties and make the following modifications (if these any of these lines are not present, please add them):

    1. Set the property cas.managed.path to PAM’s managed path (secured URI) so it will look something like this cas.managed.path=https://pam.company.com:6443

      2.  

    2. Set the property cas.server.name to PAM’s managed path (secured URI) so it will look something like this cas.server.name=https://pam.company.com:6443

      3.  

    3. Set the property cas.server.prefix to PAM’s federated sign-in path (secured URI) so it will look something like this cas.server.prefix=https://pam.company.com:6443/cas

      4.  

    4. Set the property cas.view.defaultRedirectUrl to PAM’s GUI URL (secured URI) so it will look something like this cas.view.defaultRedirectUrl=https://pam.company.com:6443/xtam/

     

    Please take note of the port (:6443) in the above example. If you are using a port other than the default 6443, update this line to reflect the port number being used. If you are using a reverse proxy which is using port 443 then a possible, working value may be https://pam.company.com.

  4. Download and then unpack the web archive located here.
  5. Consider making a copy of the existing web.xml file in $PAM_HOME/web/webapps/xtam/WEB-INF in case of issues.
  6. Copy the downloaded web.xml file to $PAM_HOME/web/webapps/xtam/WEB-INF replacing the file with the same name which already exists.
  7. Restart the PamManagement (Windows) or pammanager (Linux) service.
  8. When the deployment is complete, the federated sign-in page will be available at the Managed Path entered in step 3a followed by /xtam.

Instruction for update Federated Sign-In component from CAS v5.2 to CAS v6.5 is here.

To Deploy PAM Federated Sign-In During Installation