6 Post-deployment tasks

6.1 General tasks

6.1.1 Configure Allowed Referers

When you run Configuration Manager, the default host, IPv4 address, IPv6 address, loopback address, and localhost address are added to the Allowed Referer list. These addresses are added only for the machine where LCM is executed. For a LiveCycle cluster, manually add all the other cluster nodes to the list:

  1. In Administration Console, click Settings > User Management > Configuration > Configure Allowed Referer URL’s. The Allowed Referer list appears at the bottom of the page.

  2. To add an allowed referer:

    1. Type a host name or IP address in the Allowed Referers box. To add more than one allowed referer at a time, type each host name or IP address on a new line. Provide hostName and IP address of all the cluster nodes/load balancer.

    2. In the HTTP Port and HTTPS Ports boxes, specify which ports to allow for HTTP, HTTPS, or both. If you leave those boxes empty, the default ports (port 80 for HTTP and port 443 for HTTPS) are used. If you enter 0 (zero) in the boxes, all ports on that server are enabled. You can also enter a specific port number to enable only that port.

    3. Click Add.

  3. Click Save.

    If the Allowed Referer List is empty, the CSRF feature stops working and the system becomes insecure.

  4. After changing the Allowed Referer list, restart the LiveCycle cluster.

6.1.2 Configure CRX Repository Clustering

Note: The Configure CRX Repository Clustering section described in this article is updated for LiveCycle ES4 Service Pack 1. If you are on the LiveCycle ES4 base release, follow the steps described in Key Distinctions in LiveCycle ES4 from LiveCycle ES4 Service Pack 1.
Perform the following steps to configure CRX repository clustering:
  1. Go to http://[Host]:[Port]/lc/libs/granite/cluster/content/admin.html. Login as an administrator.

  2. Change the master URL to http://[Master_host]:[port]/lc. Provide hostname and port of the node that should act as a master.

  3. Change the username/password to admin/admin and click Join. It may take some time to complete the configuration. Do not press refresh or back. On completion of configuration, a success message appears.

  4. To connect more slave nodes , repeat steps 1-4 on each slave node. for each slave, provide the master URL mentioned in the step 4.

Note: Do not perform above steps on the master node.

On starting a cluster, ensure that the master node is started before all the slave nodes. On stopping the cluster, stop all slaves before stopping the master node. In some specific scenarios, Master node and Slave nodes can switch roles; ensure your master before stopping the cluster.

The particular start /stop cluster order is enforced for CRX clustering but since it is embedded in LiveCycle, ensure that you follow above procedure while starting and stopping LiveCycle cluster.

A slave node waits for the specified number of seconds for the master node to be up and running. If the master node is not up in specified seconds, the slave node stops its repository. To join the slave node in the cluster, restart the slave node. The default wait time for a node is 60 seconds. Use the following JVM argument to configure the number of seconds for the slave nodes:

-Dcom.day.crx.core.cluster.WaitForMasterRetries=<value>

If you start all the nodes of the cluster at once, the start order dependency fails and slave nodes of a cluster fail to start. To avoid such issues, ensure that the wait time for a node is 300 seconds or more.

Note: Restart the slave instance to avoid stale sessions.
Important: All author instances in the cluster should be time synchronized. You can use an NTP (Network Time Protocol) server to ensure time synchronization.

6.1.3 Perform a system image backup

After LiveCycle is installed and deployed into production areas and before the system is live, it is recommended that you perform a system image backup of the servers on which LiveCycle is implemented. Also take backup of CRX repository.

The LiveCycle database, GDS directory, and application servers must be part of this backup. This is a complete system backup that you can use to restore the contents of your computer if your hard drive or entire computer stops working. See the LiveCycle Backup and Recovery topic in Administration Help .

6.1.4 Restart the application server

When you first deploy LiveCycle, the server is in a deployment mode in which most modules are in memory. As a result, the memory consumption is high and the server is not in a typical production state. You must restart the application server to get the server back into a clean state.

Note: You may skip to restart the LiveCycle server, if you have restarted the server after configuring CRX clustering or after updating Allowed Referer list
Note: When you upgrade the LiveCycle Server or deploy a Service pack, ensure that you delete the [Jboss_root]\server\<server name>\work and[Jboss_root]\server\<server name>\tmp folders before restarting the application server.

6.1.5 Verify the deployment

You can verify the deployment by logging in to Administration Console. If you log in successfully, then LiveCycle is running on the application server and the default user is created in the database. To verify the CRX repository deployment, access the CRX welcome page.

You can review the application server log files to ensure that components were deployed correctly or to determine the cause of any deployment issues you may encounter.

6.1.5.1 Accessing LiveCycle Administration Console

Administration Console is the web-based portal for accessing a variety of configuration pages where you can set run-time properties that control the way LiveCycle operates. When you log in to Administration Console, you can access User Management, Watched Folder, and Email client configuration, and administrative configuration options for other services. Administration Console also provides access to Applications and Services, which administrators use for managing archives and deploying services to a production environment.

The default user name and password for logging in is administrator and password. After you log in the first time, access User Management and change the password.

Before you access Administration Console, LiveCycle must be deployed and running on your application server.

For information about using Administration Console, see Administration Help.

  1. Type the following URL in a web browser:

    http://[hostname]:[port]/adminui

    For example: http://localhost:8080/adminui

  2. If you have upgraded to LiveCycle, enter the same administrator user name and password as that of your previous LiveCycle installation. In case of a fresh installation, enter the default user name and password.

  3. After you log in, click Services to access the service administration pages or click Settings to access the pages on which you can administer settings for different modules.

6.1.5.2 Change the default password of LiveCycle Administrator

LiveCycle creates one or more default users during the installation. The password for these users is in the product documentation and is publicly available. You must change this default password, depending on your security requirements.

The LiveCycle administrator user password is set to “password” by default. You must change it in Administration Console > Settings > User Management.

Also, it is recommended to change the default password for CRX Administrator.

For detailed information, see Change the default administrator password.

6.1.5.3 Accessing CQ Welcome Page

CQ welcome page is the web-based portal for accessing various CQ components, administration, deployment and development tools. The default user name and password for logging in is administrator and password (same as LiveCycle Administrator).

Access the welcome page using the following steps:

  1. Type the following URL in a web browser:

    http://[hostname]:[port]/lc/welcome

  2. Enter the same administrator user name and password as mentioned above.

  3. After you log in, you can access various components, administration, deployment and development UIs.

6.1.5.4 Accessing OSGi Management Console

In CQ, components are in form of OSGi bundles which are deployed to Apache Felix OSGi container. OSGi console provides a way to manage OSGi bundles and services configurations. The default user name and password for logging in is admin and admin (same as CRX Administrator).

Access the OSGi Management console using the following steps:

  1. Type the following URL in a web browser:

    http://[hostname]:[port]/lc/system/console

  2. Enter the same administrator username and password as mentioned above.

  3. After you log in, you can access various components, services, bundles and other configurations.

6.1.5.5 Change CQ Administrator default password

CQ embedded within LiveCycle has two administrator users as mentioned below.

  • Super Administrator (administrator): The Super Administrator user can access various CQ/CRX UIs and perform admin operations. The default username and password are same as LiveCycle Administrator, administrator/password. This user doesn't have access to OSGi Management Console. The default password of this user can be changed using LiveCycle Administrator console only as mentioned in section Change default LiveCycle password. The changed password will be applicable for both LiveCycle and CQ.

  • Administrator (admin): This user can access to OSGi console in addition to CQ/CRX UIs and has administrator privileges. The default username and password for the user are admin/admin. To change the default password follow the below mentioned steps:

    1. Type the following URL in a web browser.

      http://[hostname]:[port]/lc/libs/granite/security/content/admin.html

    2. Login using following credential:

      Username: admin

      Password: admin.

    3. Search for user Administrator.

    4. Click on the user in left pane, the user details is displayed in the right pane.

    5. Click on Edit icon in the right pane.

    6. On the edit page in the right pane, provide new password in the New Password field and current password in Your Password field.

    7. Click Save icon in the right pane.

    8. Re-login using the changed password to verify.

6.1.5.6 View the log files

Events, such as run-time or startup errors, are recorded to the application server log files. If you have problems deploying to the application server, you can use the log files to help you find the problem. You can open the log files by using any text editor.

Log files, in case of manually-configured JBoss, are located at:

  • (Standalone JBoss)[appserver root]/server/standard/logs directory

  • (Cluster)[appserver root]/server/all/logs directory

Log files, in case of Adobe-preconfigured JBoss, are located at:

  • (Standalone)[appserver root]/server/lc_<dbname>/logs directory

  • (Cluster)[appserver root]/server/lc_<dbname>_cl/logs directory

The log files are:

  • server.log

  • boot.log

Following CRX log files are located at [CRX_home]/
  • error.log

  • audit.log

  • access.log

  • request.log

  • update.log

6.2 Verify the LiveCycle cluster

  1. Ensure that all application server instances of the cluster are started.

  2. View the Gemfire.log file, located in the directory appropriate to your application server:

    • Jboss: [lc_temp_dir]/adobejb_[idp_server_name]/caching

      Note: idp_server_name is the value of the JVM argument -Dadobeidp.serverName passed to the JBoss instance.
  3. Messages such as the following confirm that the cache is connected to all servers of the cluster:

        [info 2008/01/22 14:24:31.109 EST GemfireCacheAdapter <UDP mcast 
        receiver> nid=0x5b611c24] Membership: received new view 
        [server-0:2916|1] [server-0:2916/2913, server-1:3168/3165]  
        [info 2008/01/22 14:24:31.125 EST GemfireCacheAdapter <View Message 
        Processor> nid=0x7574d1dc] DMMembership: admitting member 
        <server-1:3168/3165>; now there are 2 non-admin member(s)
Note: Ensure that the number of non-admin members (two in the example log entry above) matches the number of members in your cluster. A discrepancy indicates that some members of the cluster are not connected to the cache.

6.3 Verify the CRX Cluster

  1. Go to http://<authorHost>:<authorPort>/lc/system/console. Login with OSGi Management Console user credentials. The default credential is admin/admin

  2. Navigate to Main>JMX, locate the row with domain: com.adobe.granite and type: Repository.

  3. Click Repository and locate Attribute Name: ClusterNodes.

    The ClusterNodes attribute contains a table. Each row in the table represents a node in the cluster. Each row contains Operating System, hostname, id, and repositoryHome of a cluster node.

On all the slave node, value of crx.cluster.master is false and on the master node vale of crx.cluster.master is true.

6.4 Accessing module web applications

After LiveCycle is deployed, you can access the web applications that are associated with the following modules:

  • Reader Extensions

  • Adobe® LiveCycle® Workspace 11

    Note: The Flex Worksapce is deprecated for AEM forms. It is available for the LiveCycle ES4 release.
  • HTML Workspace

  • User management

  • Correspondance management

  • PDF Generator web application

  • Adobe® LiveCycle® PDF Generator 11

  • Adobe® LiveCycle® Rights Management 11

After accessing the web applications by using the default administrator permissions to ensure that they are accessible, you can create additional users and roles so that others can log in and use the applications. (See Administration Help.)

6.4.1 Access the Reader Extensions web application

Note: You must apply a Reader Extensions credential and apply the user roles for a new user. (See “Configuring credentials for use with Reader Extensions” in LiveCycle Administration Help.)
  1. Open a web browser and enter this URL:

    http://[hostname]:[port]/ReaderExtensions

  2. Log in using the user name and password for LiveCycle.

    Note: You must have administrator or superuser privileges to log in. To allow other users to access the Reader Extensions web application, you must create the users in User Management and grant them the Reader Extensions Web Application role.

6.4.2 Access Workspace

  1. Open a web browser and enter this URL:

    http://[hostname]:[port]/workspace

  2. Log in using the user name and password for LiveCycle.

Note: The Flex Worksapce is deprecated for AEM forms. It is available for the LiveCycle ES4 release.

6.4.3 Access HTML Workspace

  1. Open a web browser and enter this URL:

    http://[hostname]:[port]/lc/ws

  2. Log in using the user name and password for LiveCycle.

6.4.4 Access Forms Manager

  1. Open a web browser and enter this URL:

    http://[hostname]:[port]/lc/fm

  2. Log in using the user name and password for LiveCycle.

6.4.5 Access PDF Generator Web Application

  1. Open a web browser and enter this URL:

    http://[hostname]:[port]/pdfgui

  2. Log in using the user name and password for LiveCycle.

6.4.6 Access Rights Management

You must create a user with the Rights Management End User role in User Management and log in to the Rights Management administrator or end-user applications by using the login information that is associated with that user.

Note: The default administrator user cannot access the Rights Management end-user web application but you can add the appropriate role to its profile. You can create a new user or modify an existing user through Administration Console.

Access the Rights Management end-user web application

 Open a web browser and enter this URL:
http://[hostname]:[port]/edc 

Access the Rights Management administration web application

  1. Open a web browser and enter this URL:

    http://[hostname]:[port]/adminui 
  2. Click Services > LiveCycle Rights Management 11.

    For information about setting up users and roles, see Administration Help.

Assign the Rights Management End User role

  1. Log in to Administration Console. (See 6.1.5.1 Accessing LiveCycle Administration Console.)

  2. Click Settings > User Management > Users and Groups.

  3. In the Find box, type all and, in the In list, select Groups.

  4. Click Find and, for the required domains, click All Principals in the list that appears.

  5. Click the Role Assignments tab and click Find Roles.

  6. In the list of roles, select the check box next to Rights Management End User.

  7. Click OK and then click Save.

6.4.7 Accessing User Management

By using User Management, administrators can maintain a database of all users and groups, synchronized with one or more third-party user directories. User Management provides authentication, authorization, and user management for LiveCycle modules, including Reader Extensions, Workspace, Rights Management, Adobe® LiveCycle® Process Management 11, Adobe® LiveCycle® Forms Standard 11 and PDF Generator.

  1. Log in to Administration Console.

  2. On the home page, click Settings > User Management.

    Note: For information about configuring users with User Management, click User Management Help in the upper-right corner of the User Management page.

6.4.8 Access Correspondence Management Solution template

You can verify the Correspondence Management Solution deployment by visiting http://[hostname]:[port]/lc/cm and logging in using LiveCycle administrator credentials. Solution template is a reference implementation of Correspondence Management Solution.

Note: In a non-turnkey deployment, if you encounter an error while accessing the solution template, you must integrate LiveCycle with Correspondence Management Solution. For more information, see the Configure Publish nodes to Integrate with LiveCycle section of this document.

6.5 Configure Correspondence Management Solution

Perform the following tasks to configure Correspondence Management Solution.

For a recommended setup for the Correspondence Management Solution, see Correspondence Management Solution Topology.

6.5.1 Configure the Author instance

The Author instance is embedded within the LiveCycle server. This implies that you do not need to make any configuration updates to the Author instance. The instance inherits all the configuration settings from the LiveCycle server.

6.5.2 Configure the Publish instance

You must run separate Author and Publish instances for Correspondence Management Solution. However, you can configure the two instances on the same or on different machines. An author instance is embedded in the LiveCycle Core application and runs on the LiveCycle server. For publish instance, LCM configures a publish ear (adobe-livecycle-cq-publish.ear). Deploy the publish ear on a separate server instance.

Note: Before configuring the Publish instance, ensure that your author instance is configured and deployed. You can verify by successfully logging in to the solution template for Correspondence management Solution. For more information, see the Access Correspondence Management Solution template section of this document.
  1. Create a new server for the publish instance. Perform JBoss installation and use standard profile.

  2. Copy the [LiveCycle root]/crx-repository directory from the author instance to the publish instance machine.

  3. From the crx-repository directory on the publish instance machine, open the crx-repository/install folder. Keep the following packages and delete all other packages from the install folder:
    • dataservices-pkg.zip

    • platform-common-pkg.zip

    • platform-content-pkg.zip

    • platform-security-pkg.zip

    • solution-correspondencemanagement-pkg.zip

  4. Start the Publish server with -Dcom.adobe.livecycle.crx.home=<location for crx-repository> parameter, where <location for crx-repository> is the location where you copied the crx-repository directory for the Publish instance.

    For details on how to configure generic JVM arguments for WebSphere and WebLogic, see the Configuring the JVM arguments section for WebSphere and WebLogic.

  5. Copy the adobe-livecycle-cq-publish.ear file and deploy it to the appserver profile created in step 1.

Note: If author and Publish instances are on the same machine, ensure that you start the Publish instance using a different port.

Now that the Publish instance is up and running, you need to configure the two instances to communicate with each other.

6.5.3 Configure Publish nodes to Integrate with LiveCycle

Perform these steps on all publish instances. To enable communication between publish instance and LiveCycle Server:

  1. Go to http://[publishhost]:[publishport]/lc/system/console/configMgr and Login with OSGi Management Console user credentials. The default credential are admin/admin.

  2. Search and click Edit next to the Adobe LiveCycle Client SDK Configuration setting.

  3. In the Server Url field, ensure that http://[lchost]:[lcport] is specified.
    Important: Ensure that the LiveCycle server is listening on the specified host and port combination. The following three scenarios are possible in the case of a LiveCycle server cluster:
    • All LiveCycle server instances are running on localhost and the same port. In this case use localhost:[port].

    • All LiveCycle server instances are running on localhost but on different ports. In this case, use a load balancer host name and port combination—[loadbalancer_host]:[loadbalancer_port].

    • All LiveCycle server instances are running on a particular host name (not localhost) and different/same ports. In this case, use a load balancer host name and port—[loadbalancer_host]:[loadbalancer_port].

    If you need to use a load balancer URL to access the LiveCycle server cluster (as mentioned above), ensure that the required communication ports between Author instances and the load balancer are open.

  4. Specify LiveCycle administrator credentials in the Username as Password fields.

  5. Click Save.

6.5.4 Communicating between the Author and Publish instances

You need to perform certain configuration changes to enable two-way communication between the Author and Publish instances.

6.5.4.1 Configure Replication Agents (Define publish instance URL)

On the Author instance, you need to configure replication agents for each Publish instance. These agents replicate content from the Author instances to all the Publish instances.

  1. Log in to Tools UI at http://<authorHost>:<authorPort>/lc/miscadmin

  2. Select Replication, then Agents on author in the left panel.

    On the right panel, you see various agents configured for the Author instance.

  3. On the right panel, Select New.... and click New Page.

    The Create Page dialog displays.

  4. Set the Title and Name, then select Replication Agent.

  5. Click Create to create new agent.

  6. Double-click the new agent item to open the configuration panel.

  7. Click Edit - the Agent Settings dialog displays.

    1. In the Settings tab:

      • Enter a Description.

      • Check Enabled.

      • Select Serialization Type as Default.

      • Set the Retry Delay to 60000.

      • Set the Log Level as Info.

    2. In the Transport tab:

      • Enter the required URI for the Publish instance http://<publishHost>:<publishPort>/lc/bin/receive?sling:authRequestLogin=1

      • Set User and Password. The default credential are admin/admin.

  8. Click OK to save the settings.

  9. On the agent configuration panel, click Test Connection.

    Successful connection ensures that the configuration is done correctly.

Note: : In case, you have only one Publish instance you can use the default Replication Agent named as publish. You need to edit it for specifying Publish URI in the Transport tab as mentioned in the step b(i). In this case, you do not need to create a new replication agent.
Note: : In case, you have a publish farm(multiple non-clustered publish instances), you need to create a replication agent for each Publish instance as mentioned in Steps 1-9. For each such replication agent, Title and Name should be significant and unique, so the identification of the corresponding Publish instance can be simpler. Each such replication agent has a different URI in the Transport tab pointing to a particular Publish instance. For multiple publish instances, you can also create replication agents by copying the default agent publish and then editing Name and URI in transport tab of the created agent. If you are not using the default Replication Agent, disable it, so an unnecessary replication attempt can be avoided.
Note: For Author clusters, these steps need to be performed on one Author instance (preferably a master instance).

6.5.4.2 Define Publish instance URL for ActivationManagerImpl

  1. Go to http://<authorHost>:<authorPort>/lc/system/console/configMgr. Login with OSGi Management Console user credentials. The default credential is admin/admin.

  2. Find and click the Edit icon next to the com.adobe.livecycle.content.activate.impl.ActivationManagerImpl.name setting.

  3. In the ActivationManager Publish URL field, specify the URL for accessing the Publish instance ActivationManager. You can provide the following URLs.

    1. Load Balancer URL (Recommended): Provide load balancer URL, If you have a webserver acting as load balancer in front of publish farm (multiple non-clustered publish instances).

    2. Publish instance URL: Provide any publish instance URL, If you have a single publish instance or the webserver fronting the publish farm is not accessible from the author environment due to any restrictions. In case, the specified publish instance is down, there is a fallback mechanism to deal with on the author side.

    URL string: http://<hostname>:<port>/lc/bin/remoting/lc.content.remote.activate.activationManager

  4. Click Save.

6.5.4.3 Configure reverse replication queue

On the Author instance, you need to configure reverse replication agents for each Publish instance. These agents replicate content from the Publish instance to the Author instance.

  1. Log in to Tools UI at http://<authorHost>:<authorPort>/lc/miscadmin

  2. Select Replication, then Agents on author in the left panel.

    On the right panel, you see various agents configured for the Author instance.

  3. On the right panel, Select New, and click New Page.

    The Create Page dialog appears.

  4. Set the Title and Name, then select Reverse Replication Agent.

  5. Click Create to create new agent.

  6. Double-click the new agent item to open the configuration panel.

  7. Click Edit - the Agent Settings dialog displays.

    1. In the Settings tab:

      • Enter a Description

      • Check Enabled.

      • Set the Retry Delay to 60000.

      • Set the Log Level as Info.

    2. In the Transport tab:

      • Enter the required URI for the Publish instance - http://<publishHost>:<publishPort>/lc/bin/receive?sling:authRequestLogin=1

      • Set User and Password - admin/admin

    3. In the Extended tab: Set HTTP Method as GET

  8. Click OK to save the settings.

  9. On the agent configuration panel, click Test Connection.

Successful connection ensures that the configuration is done correctly.

Note: : In case, you have only one Publish instance you can use the default Reverse Replication Agent named as publish_reverse. You need to edit it for specifying Publish URI in the Transport tab as mentioned in the step b(i). In this case, you do not need to create a new reverse replication agent.
Note: In case, you have a publish farm(multiple non-clustered publish instances), you need to create a reverse replication agent for each Publish instance as mentioned in Steps 1-9. For each such replication agent, Title and Name should be significant and unique, so the identification of the corresponding Publish instance can be simpler. Each such replication agent has a different URI in the Transport tab pointing to a particular Publish instance. For multiple publish agents, you can also create reverse replication agents by copying the default agent publish_reverse and then editing Name and URI in transport tab of the created agent. If you are not using the default Reverse Replication Agent, disable it, so an unnecessary replication attempt can be avoided.
Note: For Author clusters, these steps need to be performed on one Author instance (preferably a master instance).

6.5.4.4 Define author instance URL for VersionRestoreManagerImpl

  1. Go to http://<publishHost>:<publishPort>/lc/system/console/configMgr. Login with OSGi Management Console user credentials. The defaults credential are admin/admin.

  2. Find and click the Edit icon next to the com.adobe.livecycle.content.activate.impl.VersionRestoreManagerImpl.name setting.

  3. In the VersionRestoreManager Author URL field, specify the URL of the author instance VersionRestoreManager.

    URL string: http://<hostname>:<port>/lc/bin/remoting/lc.content.remote.activate.versionRestoreManager

    Note: If there are multiple author instances( Clustered) fronted by a Load Balancer, specify the URL to the load balancer in the VersionRestoreManager Author URL field.
  4. Click Save.

6.5.5 Install sample users and assets

You can install sample users with predefined user permissions to further explore the solution template, which you can customize to build your own solution.

  1. Go to http://<authorHost>:<authorPort>/lc/crx/explorer/index.jsp.

  2. Log in using LiveCycle administrator credentials and click Package Manager.

  3. In Package Manager, upload the samples-correspondencemanagement-pkg-<version>.zip package from <LC_HOME>/deploy/crx.

  4. Click Install once the package uploads successfully.

  5. Click Install on the confirmation dialog to install the sample users and assets.

Correspondence Management Sample Users

Correspondence Management Solution Accelerator contains the following sample users. These user are expected to participate in the activities leading to generation of interactive customer communication.

The following roles mentioned are automatically assigned to the users during package Installation:

User name

Assigned role

Responsibilities

Todd Goldman

Correspondence Management Administrator

This user is the general system administrator. This role enables the user to modify all assets. This role also lets define the categories.

Heather Douglas

Correspondence Management Subject Matter Expert

This persona has the role enabling him to CRUD texts and images.

Caleb Lopez

Correspondence Management Application Specialist

This user defines the letter template by judicious usage of the text, picture, condition, list objects. With this role, the user can CRUD the letter templates, layouts, lists, conditions, texts and images.

Gloria Rios

Correspondence Management Claim Adjustor

An agent user would use the letter template defined by the business user to produce the letter communication to deliver to the customer.

Jocelyn Robinson

Correspondence Management Form Designer

This user has the skills to design form layouts using LiveCycle Designer. Having equipped with the necessary know-how to design form layouts for use in correspondence management, this user will use LiveCycle Designer and design the XDP templates, which would serve as the boilerplate for the letter.

Frank Kricfalusi

Correspondence Management Developer

This user has the knowledge about XSD schema and data modelling concepts and is responsible for creation and maintenance of Data Dictionaries.

For more information about the sample users and guidelines to implement a solution using the solution template, see Correspondence Management Solution Guide.
Note: For author clusters, these steps need to be performed on one author instance (preferably a master instance).

6.5.6 Configure IPv6 implementation

Note: Perform these steps only if Correspondence Management Solution is running on a machine that uses an IPv6 address.

To map the IPv6 address to a hostname on the server and client machines:

  1. Navigate to the C:\Windows\System32\drivers\etc directory.

  2. Open the hosts file in a text editor.

  3. Add a mapping for the IPv6 address to a host name. For example:

    2001:1890:110b:712b:d1d:9c99:37ef:7281 <ipv6_hostname>
  4. Save and close the file.

Ensure that you use the mapped host name instead of the IPv6 address to access Correspondence Management Solution.

6.5.7 Install Japanese fonts for Adobe Reader

If your Correspondence Management assets use Japanese fonts, you must install the Japanese Language Support Package for Adobe Reader. Otherwise, your letters and forms will not render and function properly. For installing language packs, visit the downloads page for Adobe Reader.

6.6 Configuring PDF Generator

If you installed PDF Generator as part of your LiveCycle, complete the following tasks:

6.6.1 Environment variables

If you installed the PDF Generator module and configured it to convert files to PDF, for some file formats, you must manually set an environment variable that contains the absolute path of the executable that is used to start the corresponding application. The table below lists the environment variables for the native applications that you have installed.

Note: Ensure that the required applications are installed on all nodes in the cluster.
Note: All environment variables and respective paths are case-sensitive.

Application

Environment variable

Example

Adobe Acrobat

Acrobat_PATH

C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrobat.exe

Adobe FrameMaker®

FrameMaker_PATH

C:\Program Files (x86)\Adobe\FrameMaker8.0\FrameMaker.exe

Notepad

Notepad_PATH

C:\WINDOWS\notepad.exe

You can leave the Notepad_PATH variable blank.

OpenOffice

OpenOffice_PATH

C:\Program Files (x86)\OpenOffice.org 3.3

Adobe PageMaker®

PageMaker_PATH

C:\Program Files (x86)\Adobe\PageMaker 7.0.2\PageMaker.exe

WordPerfect

WordPerfect_PATH

C:\Program Files (x86)\WordPerfect Office 12\Programs\wpwin12.exe

Adobe Photoshop®

Photoshop_PATH

C:\Program Files (x86)\Adobe\Adobe Photoshop CS4\Photoshop.exe

Note: These environment variables must be set for all nodes in the cluster.
Note: The environment variable OpenOffice_PATH is set to the installation folder instead of the path to the executable.

You do not need to set up the paths for Microsoft Office applications such as Word, PowerPoint, Excel, Visio, and Project, or for AutoCAD. The Generate PDF service starts these applications automatically if they are installed on the server.

Create a new Windows environment variable

  1. Select Start > Control Panel > System.

  2. Click the Advanced tab and click Environment Variables.

  3. In the System variables section, click New.

  4. Enter the environment variable name you need to set (for example, enter Photoshop_PATH). This folder is the one that contains the executable file. For example, type the following path:
    D:\Program Files\Adobe\Adobe Photoshop CS4\Photoshop.exe

Set the PATH variables on Linux or UNIX (OpenOffice only)

Execute the following command:

export OpenOffice_PATH=/opt/openoffice.org3.3

6.6.2 Configuring the application server to use HTTP proxy server

If the computer that LiveCycle is running on uses proxy settings to access external web sites, the application server should be started with the following values set as Java virtual machine (JVM) arguments:

    -Dhttp.proxyHost=[server host] 
    -Dhttp.proxyPort=[server port]

Complete the following procedure to start your application server with HTTP proxy host setting.

  1. From a command line, edit the run script in the [appserver root]/bin/ directory:

    • (Windows)

      • run.conf.bat

    • (Linux, UNIX)

      • run.conf

  2. Add the following text to the script file:

            Set JAVA_OPTS=%JAVA_OPTS%  
            -Dhttp.proxyHost=[server host] 
            -Dhttp.proxyPort=[server port]
  3. Save and close the file.

6.6.3 Setting the Adobe PDF Printer as the default printer

You must set the Adobe PDF Printer to be the default printer on the server. If the Adobe PDF Printer is not set as the default, PDF Generator cannot convert files successfully.

For clusters, you must set Adobe PDF Printer as the default printer on all nodes.

Set the default printer

  1. Select Start > Printers and Faxes.

  2. In the Printers and Faxes window, right-click Adobe PDF and select Set as Default Printer.

6.6.4 Configuring Acrobat Professional (Windows-based Computers Only)

Note: This procedure is required only if you upgraded to or installed Acrobat after you completed the LiveCycle installation. Upgrading Acrobat can be completed after you run Configuration Manager and deploy LiveCycle to the application server. Acrobat Professional root directory is designated as [Acrobat root]. Typically, the root directory is C:\Program Files\Adobe\Acrobat 11.0\Acrobat.

Configure Acrobat for use with PDF Generator

  1. If an earlier version of Acrobat is installed, uninstall it by using Add or Remove Programs in the Windows Control Panel.

  2. Install Acrobat XI Pro by running the installer.

  3. Navigate to the additional\scripts folder on the LiveCycle installation media.

  4. Run the following batch file.

    Acrobat_for_PDFG_Configuration.bat [LiveCycle root]/pdfg_config
    Note: On clusters, you must run the command on the cluster node where LiveCycle is installed.
  5. On other cluster nodes on which you do not run LiveCycle Configuration Manager,do the following:

    • Add a new registry DWORD entry named SplWOW64TimeOut at HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print. Set its value to 60000.

    • Copy PDFGen.api from the [LiveCycle root]/plugins/x86_win32 directory on the node where LiveCycle is installed to the [Acrobat root]/plug_ins directory on the node being currently configured.

  6. Open Acrobat and select Help > Check for updates > Preferences.

  7. Deselect Automatically check for Adobe updates.

Validate the Acrobat installation

  1. Navigate to a PDF file on your system and double-click it to open it in Acrobat. If the PDF file opens successfully, Acrobat is installed correctly.

  2. If the PDF file does not open correctly, uninstall Acrobat and reinstall it.

Note: Ensure that you dismiss all the Acrobat dialog boxes that are displayed after the Acrobat installation is completed and disable the automatic updates for Acrobat. Set the Acrobat_PATH environment variable to point to Acrobat.exe (For example, C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Acrobat.exe).

Configure native application support

  1. Install and validate Acrobat as described in the previous procedure.

  2. Set Adobe PDF printer as the default printer.

Add temporary directories to trusted directories list in Acrobat

The OptimizePDF service uses Adobe Acrobat and mandates that LiveCycle temporary directory and PDF Generator temporary directory are listed in the trusted directories list of Acrobat.

If LiveCycle temporary directory and PDF Generator temporary directory are not listed in the trusted directories list, the OptimizePDF service fails to run. Perform the following steps to add directories to the temporary directory list:
  1. Open Acrobat, Choose Edit > Preferences.

  2. From the Categories on the left, select Security (Enhanced), and then select the Enable Enhanced Security option.

  3. To add LiveCycle temporary directory and PDF Generator temporary directory to the trusted directories list, click Add Folder Path, select directories and click OK.

6.6.5 Adding fonts to PDF Generator

LiveCycle provides a central repository of fonts, which is accessible to all LiveCycle modules. Make the extra fonts available to non-LiveCycle applications on the server so that PDF Generator can use these fonts to create PDF documents that are created with these applications.

Note: Restart the application server after adding new fonts to the specified fonts folder.

6.6.5.1 Non-LiveCycle applications

The following list contains non-LiveCycle applications that PDF Generator can use for PDF generation on the server side:

Windows-only Applications

  • Microsoft Office Word

  • Microsoft Office Excel

  • Microsoft Office PowerPoint

  • Microsoft Office Project

  • Microsoft Office Visio

  • Microsoft Office Publisher

  • AutoDesk AutoCAD

  • Corel WordPerfect

  • Adobe Photoshop CS

  • Adobe FrameMaker

  • Adobe PageMaker

  • Adobe Acrobat Professional

Multiplatform applications

  • OpenOffice Writer

  • OpenOffice Calc

  • OpenOffice Draw

  • OpenOffice Impress

Note: In addition to these applications, your list may include additional applications that you added.

Of the above applications, the OpenOffice Suite (which includes Writer, Calc, Draw, and Impress) is available on Windows, Solaris, and Linux platforms, whereas other applications are available on Windows only.

6.6.5.2 Adding new fonts to Windows applications only

All the Windows-only applications that are mentioned above can access all the fonts that are available in the C:\Windows\Fonts (or equivalent) folder. In addition to C:\Windows\Fonts, each of these applications may have its own private fonts folders.

Therefore, if you plan to add any custom fonts to the LiveCycle fonts repository, ensure that the same fonts are available to the Windows-only applications also by copying these fonts to either C:\Windows\Fonts or to an equivalent folder.

Your custom fonts must be licensed under an agreement that allows you to use them with the applications that have access to these fonts.

6.6.5.3 Adding new fonts to other applications

If you added support for PDF creation in other applications, see the Help for these applications to add new fonts. In Windows, copying your custom fonts to the C:\Windows\Fonts (or equivalent) folder should be sufficient.

6.6.6 Configuring HTML to PDF conversions

The HTML-to-PDF conversion process is designed to use the settings from Acrobat XI Pro that override the settings from PDF Generator.

Note: This configuration is required to enable the HTML-to-PDF conversion process, otherwise this conversion type will fail.

6.6.6.1 Configure the HTML-to-PDF conversion

  1. Install and validate Acrobat as described in 6.6.4 Configuring Acrobat Professional (Windows-based Computers Only).

  2. Locate the pdfgen.api file in the [LiveCycle root]\plugins\x86_win32 directory and copy it to [Acrobat root]\Acrobat\plug_ins directory.

6.6.6.2 Enable support for Unicode fonts in HTML to PDF conversions

Important: The HTML-to-PDF conversion fails if a zipped input file contains HTML files with double-byte characters in filenames. To avoid this problem, do not use double-byte characters when naming HTML files.
  1. Copy the Unicode font to any of the following directories as appropriate for your system:

    • Windows

      [Windows root]\Windows\fonts

      [Windows root]\WINNT\fonts

    • UNIX

      /usr/lib/X11/fonts/TrueType

      /usr/openwin/lib/X11/fonts/TrueType

      /usr/share/fonts/default/TrueType

      /usr/X11R6/lib/X11/fonts/ttf

      /usr/X11R6/lib/X11/fonts/truetype

      /usr/X11R6/lib/X11/fonts/TrueType

      /usr/X11R6/lib/X11/fonts/TTF

      /Users/cfqauser/Library/Fonts

      /System/Library/Fonts

      /Library/Fonts

      /Users/ + System.getProperty(<user name>, root) + /Library/Fonts

      System.getProperty(JAVA_HOME) + /lib/fonts

      /usr/share/fonts (Solaris)

    Note: Ensure that the directory /usr/lib/X11/fonts exists. If it does not, create a symbolic link from /usr/share/X11/fonts to /usr/lib/X11/fonts using the ln command.
  2. Modify the font-name mapping in the cffont.properties file located in the [LiveCycle root]/deploy/adobe-generatepdf-dsc.jar file:

    • Extract this archive, and locate the cffont.properties file and open it in an editor.

    • In the comma-separated list of Java font names, add a map to your Unicode system font for each font type. In the example below, kochi mincho is the name of your Unicode system font.

      dialog=Arial, Helvetica, kochi mincho

      dialog.bold=Arial Bold, Helvetica-Bold, kochi mincho ...

    • Save and close the properties file, and then repackage and redeploy the adobe-generatepdf-dsc.jar file.

    Note: On a Japanese operating system, specify the font mapping in the cffont.properties.ja file as well, which takes precedence over the standard cffont.properties file.
    Fonts in the list are searched from left to right, using the first font found. HTML-to-PDF conversion logs return a list of all the font names that are found in the system. To determine the font name you need to map, add the font to one of the directories above, restart the server, and run a conversion. You can determine from the log files the font name to use for mapping.

    To embed the font in the generated PDF files, set the embedFonts property in the cffont.properties file to true (the default is false).

6.6.7 Modify Microsoft Visio default macro settings

When a Microsoft Visio file containing macros is submitted for conversion, the resultant Microsoft Office Visio Security Notice dialog causes the conversion to time out. To successfully convert files that contain macros, the default macro settings in Visio must be changed.

 In Visio, click Tools > Trust Center > Macro Settings and select either of the following options and then click OK:
  • Disable all macros without notification

  • Enable all macros

6.6.8 Installing the Network Printer Client

PDF Generator includes an executable file to install the PDF Generator network printer on a client computer. After the installation is complete, a PDF Generator printer is added to the list of existing printers on the client computer. This printer can then be used to send documents for conversion to PDF.

Note: The Network Printer Client installation wizard available in the Administration Console is supported only on Windows operating system. Ensure that you use a 32-bit JVM to launch the Network Printer Client installation wizard. You will encounter an error if you use a 64-bit JVM.

If the PDFG Network Printer fails to install on Windows or if you want to install the printer on UNIX or Linux platforms, use the operating system’s native Add Printer utility and configure it as described in 6.6.8.2 Configure PDFG Network Printer on Windows using the native Add Printer wizard

6.6.8.1 Install the PDF Generator Network Printer Client

Note: Before installing the PDF Generator network printer client on Windows Server 2008, Ensure that you have the Internet Printing Client feature installed on your Windows Server 2008. For installing the feature, see Windows Server 2008 Help.
  1. Ensure that you successfully installed PDF Generator on your server.

  2. Do one of the following:

    • From a Windows client computer, enter the following URL in your web browser, where [host] is the name of the server where you installed PDF Generator and [port] is the application server port used:
      http://[host]:[port]/pdfg-ipp/install
    • In Administration Console, click Home > Services > PDF Generator > PDFG Network Printer. In the PDFG Network Printer Installation section, click Click here to launch the PDFG Network Printer Installation.

  3. On the Configure Internet Port screen, select Use the specified user account option, and provide the credentials of a LiveCycle user who has the PDFG Administrator/User role. This user must also have an email address that can be used to receive the converted files. To have this security setting apply to all users on the client computer, select Use the same security options for all users, and then click OK.
    Note: If the user’s password changes, then users will need to reinstall the PDFG Network Printer on their computers. You cannot update the password from Administration Console.

    Upon successful installation, a dialog box appears, indicating that “The Printer Adobe LiveCycle PDF Generator 11 has been successfully installed.”

  4. Click OK. You will now have a printer named Adobe LiveCycle PDF Generator 11in your list of available printers.

6.6.8.2 Configure PDFG Network Printer on Windows using the native Add Printer wizard

  1. Click Start > Printers and Faxes and double-click Add Printer.

  2. Click Next, select A network printer, or a printer attached to another computer, and then click Next.

  3. Select Connect to a printer on the internet or on a home or office network and type the following URL for the PDFG printer, where [host] is the server name and [port] is the port number where the server is running:
    http://[host]:[port]/pdfg-ipp/printer
  4. On the Configure Internet Port screen, select Use the specified user account and provide valid User credentials.

  5. In the Printer Driver Select box, choose any standard PostScript-based printer driver (for example, HP Color LaserJet PS).

  6. Complete the installation by choosing appropriate options (for example, setting this printer as default).

    Note: The user credentials used while adding the printer must have a valid email ID configured in User Management to receive the response.
  7. Configure the email service’s sendmail service. Provide a valid SMTP server and authentication information in the service’s configuration options.

6.6.8.3 Install and configure the PDF Generator Network Printer Client using Proxy server port forwarding

  1. Configure port forwarding on the CC Proxy server on a particular port to the LiveCycle Server, and disable the authentication at proxy server level (because LiveCycle uses its own authentication). If a client connects to this Proxy server on the forwarded port, then all the requests will be forwarded to the LiveCycle Server.

  2. Install PDFG Network Printer using the following URL:

    http://[proxy server]:[forwarded port]/pdfg-ipp/install.    
  3. Provide the necessary credentials for authentication of the PDFG Network Printer.

  4. The PDFG Network Printer will be installed on the client machine which you can use for PDF conversion using the firewall protected LiveCycle Server.

6.6.9 Changing File Block Settings

Change Microsoft Office trust center settings to enable PDFG to convert older versions of Microsoft office documents.

  1. Click the File tab in any Office 2010 application. Under Help, click Options; the Options dialog box appears

  2. Click Trust Center, and then click Trust Center Settings.

  3. In the Trust Center settings, click File Block Settings.

  4. In the File Type list, uncheck open for the file type that you want to be converted by PDFG.

6.6.10 Watched folder performance parameters

To avoid java.io.IOException error messages indicating that not enough disk space is available to perform PDF conversions by using a watched folder, you can modify the settings for PDF Generator in Administration Console.

Set performance parameters for PDF Generator

  1. Log in to Administration Console and click Services > Applications and Services > Service Management.

  2. In the list of services, navigate to and click PDFGConfigService, and then set the following values:

    • PDFG Cleanup Scan Seconds: 1800

    • Job Expiration Seconds: 6000

    • Server Conversion Timeout: Change the default of 270 to a higher value, such as 450.

  3. Click Save and restart the server.

6.6.11 Enable PDF Conversion for Microsoft Word document containing protected fields

The PDF Generator supports Microsoft Word documents containing protected fields. To enable PDF Conversion for Microsoft Word document containing protected fields, change the file type settings:

  1. In the Administration Console, navigate to Services > PDF Generator > File Type Settings, and open your file type settings profile.

  2. Expand the Microsoft Word option and select the Preserve document markup in Adobe PDF (for Microsoft Office 2003 or later) option.

  3. Click Save As, specify name of the file type setting, and click OK.

6.7 Final setup for Rights Management

Rights Management requires the application server to be configured to use SSL. (See Administration Help.)

6.8 Configuring LDAP access

6.8.1 Configure User Management (Local Domain)

  1. Open a web browser, navigate to http://[host]:[port]/adminui, and log in. (See 6.1.5.1 Accessing LiveCycle Administration Console .)

  2. Click Settings > User Management > Domain Management, and then click New Local Domain.

  3. In the appropriate boxes, enter the domain ID and name. (See “Adding local domains” in Administration help.)

  4. (Optional) Disable account locking by deselecting the Enable Account Locking option.

  5. Click OK.

6.8.2 Configure User Management with LDAP (Enterprise Domain)

  1. Open a web browser, navigate to http://[host]:[port]/adminui and log in. (See 6.1.5.1 Accessing LiveCycle Administration Console.)

  2. Click Settings > User Management > Domain Management, and then click New Enterprise Domain.

  3. In the ID box, type a unique identifier for the domain and, in the Name box, type a descriptive name for the domain.

    Note: When using MySQL for your LiveCycle database, use only single-byte (ASCII) characters for the ID. (See “Adding enterprise domains” in Administration Help.)
  4. Click Add Authentication and, in the Authentication Provider list, select LDAP.

  5. Click OK.

  6. Click Add Directory and, in the Profile Name box, type a name for your LDAP profile.

  7. Click Next.

  8. Specify values in the Server, Port, SSL, and Binding boxes, and in the Populate Page with box, select a directory settings option such as Default Sun ONE values. Also, specify values in the Name and Password box that would be used to connect to the LDAP database when anonymous access is not enabled. (See “Directory settings” in Administration Help.)

  9. (Optional) Test your configuration:

    • Click Test. The screen displays a message indicating either a successful server test or any configuration errors that exist.

  10. Click Next and configure the User Settings as required. (See “Directory settings” in Administration Help.)

  11. (Optional) Test your configuration:

    • Click Test.

    • In the Search Filter box, verify the search filter or specify a new search filter, and then click Submit. The screen displays a list of entries that match the search criteria.

    • Click Close to return to the User Settings screen.

  12. Click Next configure the Group Settings as required. (See “Directory settings” in Administration Help.)

  13. (Optional) Test your configuration:

    • Click Test.

    • In the Search Filter box, verify the search filter or specify a new search filter, and then click Submit. The screen displays a list of entries that match the search criteria.

    • Click Close to return to the Group Settings screen.

  14. Click Finish to exit the New Directory page and then click OK to exit.

6.9 Enabling FIPS mode

LiveCycle provides a FIPS mode to restrict data protection to Federal Information Processing Standard (FIPS) 140-2 approved algorithms using the RSA BSAFE Crypto-C 2.1 encryption module.

If you did not enable this option by using Configuration Manager during LiveCycle configuration or if you enable it but want to turn it off, you can change this setting through Administration Console.

Modifying FIPS mode requires you to restart the server.

FIPS mode does not support Acrobat versions earlier than 7.0. If FIPS mode is enabled and the Encrypt With Password and Remove Password processes include the Acrobat 5 setting, the process fails.

In general, when FIPS is enabled, the Assembler service does not apply password encryption to any document. If this is attempted, a FIPSModeException is thrown, indicating that “Password encryption is not permitted in FIPS mode.” Additionally, the PDFsFromBookmarks element is not supported in FIPS mode when the base document is password-encrypted.

Turn FIPS mode on or off

  1. Log in to Administration Console.

  2. Click Settings > Core System Settings > Configurations.

  3. Select Enable FIPS to enable FIPS mode or deselect it to disable FIPS mode.

  4. Click OK and restart the application server.

Note: LiveCycle software does not validate code to ensure FIPS compatibility. It provides a FIPS operation mode so that FIPS-approved algorithms are used for cryptographic services from the FIPS-approved libraries (RSA).

6.10 Configuring HTML digital signature

To use the HTML digital signature feature of Forms, complete the following procedure.

  1. Manually deploy the [LiveCycle root]/deploy/adobe-forms-ds.ear file to your application server.

  2. Log in to Administration Console and click Services > LiveCycle Forms ES4.

  3. Select HTML Digital Signature Enabled and then click Save.

6.11 Configuring Connector for EMC Documentum

Note: LiveCycle supports EMC Documentum, versions 6.0, 6.5, 6.7 SP1, and 7.0 and minor updates only. Make sure your ECM is upgraded accordingly.
Note: Ensure that installing client for the connectors, copying of JAR's file and configuration changes tasks are performed on all the nodes of the cluster.

If you installed Connector for EMC Documentum as part of your LiveCycle, complete the following procedure to configure the service to connect to the Documentum repository.

Configure Connector for EMC Documentum

  1. Locate the adobe-component-ext.properties file in the [appserver root]/bin folder (if the file does not exist, create it).

  2. Add a new system property that provides the following Documentum Foundation Classes JAR files:

    • dfc.jar

    • aspectjrt.jar

    • log4j.jar

    • jaxb-api.jar

    • (For Connector for EMC Documentum 6.5 only)

      • configservice-impl.jar,

      • configservice-api.jar

    The new system property should take on this form:

    [component id].ext=[JAR files and/or folders]

    For example, using default Content Server and Documentum Foundation Classes installations, add to the file one of the following system properties on a new line, with no line breaks, and end the line with a carriage return:

    • Connector for EMC Documentum 6.0 only:

          com.adobe.livecycle.ConnectorforEMCDocumentum.ext= 
          C:/Program Files/Documentum/Shared/dfc.jar, 
          C:/Program Files/Documentum/Shared/aspectjrt.jar, 
    • Connector for EMC Documentum 6.5 only:
      com.adobe.livecycle.ConnectorforEMCDocumentum.ext= 
      C:/Program Files/Documentum/Shared/dfc.jar, 
      C:/ProgramFiles/Documentum/Shared/aspectjrt.jar, 
      C:/Program Files/Documentum/Shared/log4j.jar, 
      C:/Program Files/Documentum/Shared/jaxb-api.jar, 
      C:/Program Files/Documentum/Shared/configservice-impl.jar, 
      C:/Program Files/Documentum/Shared/configservice-api.jar
      Note: The above text contains formatting characters for line breaks. If you copy and paste this text, you must remove the formatting characters.
    • Connector for EMC Documentum 6.7 SP1 and 7.0 only:
      com.adobe.livecycle.ConnectorforEMCDocumentum.ext= 
      C:/Program Files/Documentum/Shared/dfc.jar, 
      C:/ProgramFiles/Documentum/Shared/aspectjrt.jar, 
      C:/Program Files/Documentum/Shared/log4j.jar, 
      C:/Program Files/Documentum/Shared/jaxb-api.jar, 
      C:/Program Files/Documentum/Shared/configservice-impl.jar, 
      C:/Program Files/Documentum/Shared/configservice-api.jar 
      C:/Program Files/Documentum/Shared/commons-codec-1.3.jar 
      C:/Program Files/Documentum/Shared/commons-lang-2.4.jar
      Note: The above text contains formatting characters for line breaks. If you copy and paste this text, you must remove the formatting characters.
  3. Repeat previous steps on each application server instance of the cluster.

  4. Open a web browser and enter this URL:

    http://[host]:[port]/adminui
  5. Log in using the default user name and password:

    User name: administrator

    Password: password

  6. Navigate to Services > LiveCycle 11 Connector for EMC Documentum > Configuration Settings and perform these tasks:

    • Type all the required Documentum repository information.

    • To use Documentum as your repository provider, under Repository Service Provider Information, select EMC Documentum Repository Provider, and then click Save. For more information, click the Help link in the upper-right corner of the page in the Administration Help.

  7. (Optional) Navigate to Services > LiveCycle 11 Connector for EMC Documentum > Repository Credentials Settings, click Add, specify the Docbase information, and then click Save. (For more information, click Help in the upper-right corner.)

  8. If the application server is not currently running, start the server. Otherwise, stop and then restart the server.

  9. Open a web browser and enter this URL.

    http://[host]:[port]/adminui
  10. Log in using the default user name and password:

    User name: administrator

    Password: password

  11. Navigate to Services > Applications and Services > Service Management and select these services:

    • EMCDocumentumAuthProviderService

    • EMCDocumentumContentRepositoryConnector

    • EMCDocumentumRepositoryProvider

  12. Click Start. If any of the services do not start correctly, check the settings you completed earlier.

  13. Do one of the following tasks:

    • To use the Documentum Authorization service (EMCDocumentumAuthProviderService) to display content from a Documentum repository in the Resources view of Workbench, continue with this procedure. Using the Documentum Authorization service overrides the default LiveCycle authorization and must be configured to log in to Workbench using Documentum credentials.

    • To use the LiveCycle repository, log in to Workbench by using the LiveCycle super administrator credentials (by default, administrator and password).

    You have now completed the required steps for this procedure. Use the credentials provided in step 19 for accessing the default repository in this case and use the default LiveCycle authorization service.

  14. Restart the application server.

  15. Log in to Administration Console and click Settings > User Management > Domain Management.

  16. Click New Enterprise Domain, and type a domain ID and name. The domain ID is the unique identifier for the domain. The name is a descriptive name for the domain.

    Note: When using MySQL for your LiveCycle database, use only single-byte (ASCII) characters for the ID. (See “Adding enterprise domains” in LiveCycle Administration Help.)
  17. Add a custom authentication provider:

    • Click Add Authentication.

    • In the Authentication Provider list, select Custom.

    • Select EMCDocumentumAuthProvider and then click OK.

  18. Add an LDAP authentication provider:

    • Click Add Authentication.

    • In the Authentication Provider list, select LDAP, and then click OK.

  19. Add an LDAP directory:

    • Click Add Directory.

    • In the Profile Name box, type a unique name, and then click Next.

    • Specify values for the Server, Port, SSL, Binding, and Populate page with options. If you select User for the Binding option, you must also specify values for the Name and Password fields.

    • (Optional) Select Retrieve Base DN to retrieve base domain names, as required.

    • Click Next, configure the user settings, click Next, configure group settings, as required, and then click Next.

      For details about the settings, click User Management Help in the upper-right corner of the page.

  20. Click OK to exit the Add Directory page and then click OK again.

  21. Select the new enterprise domain and click Sync Now. Depending on the number of users and groups in your LDAP network and the speed on your connection, the synchronization process may take several minutes.

    (Optional) To verify the status of the synchronization, click Refresh and view the status in the Current Sync State column.

  22. Navigate to Settings > User Management > Users and Groups.

  23. Search for users that were synchronized from LDAP and perform these tasks:

    • Select one or more users and click Assign Role.

    • Select one or more LiveCycle roles and click OK.

    • Click OK a second time to confirm the role assignment.

      Repeat this step for all users that you assign roles to. For more information, click User Management Help in the upper-right corner of the page.

  24. Start Workbench and log in by using the credentials for the Documentum repository:

    Username: [username]@[repository_name]

    Password: [password]

    After you log in, the Documentum repository appears in the Resources view within Workbench. If you do not log in using the username@repository_name, Workbench attempts to log in to the default repository.

  25. (Optional) To install the LiveCycle Samples for Connector for EMC Documentum, create a Documentum repository named Samples, and then install the samples in that repository.

After you configure the Connector for EMC Documentum service, see LiveCycle Administration Help for information about configuring Workbench with your Documentum repository.

6.11.1 Creating the XDP MIME format in a Documentum repository

Before users can store and retrieve XDP files from a Documentum repository, you must do one of these tasks:

  • Create a corresponding XDP format in each repository where users will access XDP files.

  • Configure the Connector for EMC Documentum service to use a Documentum Administrator account when accessing the Documentum repository. In this case, the Connector for EMC Documentum service uses the XDP format whenever it is required.

Create the XDP format on Documentum Content Server using Documentum Administrator

  1. Log in to Documentum Administrator.

  2. Click Formats and then select File > New > Format.

  3. Type the following information in the corresponding fields:

    Name:xdp

    Default File Extension:xdp

    Mime Type: application/xdp

  4. Repeat steps 1 to 3 for all other Documentum repositories where users will store XDP files.

Configure the Connector for EMC Documentum service to use a Documentum Administrator

  1. Open a web browser and enter this URL:

    http://[host]:[port]/adminui

  2. Log in using the default user name and password:

    User name: administrator

    Password: password

  3. Click Services > LiveCycle 11 Connector for EMC Documentum > Configuration Settings.

  4. Under Documentum Principal Credentials Information, update the following information and then click Save:

    User Name: [Documentum Administrator user name]

    Password: [Documentum Administrator password]

  5. Click Repository Credentials Settings, select a repository from the list or, if none exist, click Add.

  6. Provide the appropriate information in the corresponding fields and then click Save:

    Repository Name: [Repository Name]

    Repository Credentials User Name:[Documentum Administrator user name]

    Repository Credentials Password:[Documentum Administrator password]

  7. Repeat steps 5 and 6 for all repositories where users will store XDP files.

6.11.2 Add support for multiple connection brokers

LiveCycle Configuration Manager supports configuring only one connection broker. Use LiveCycle Administrator Console to add support for multiple connection brokers:

  1. Open LiveCycle Administrator Console.

  2. Navigate to Home > Services > LiveCycle 11 Connector for EMC Documentum > Configuration Settings.

  3. In the Connection broker Host Name or IP Address, enter comma seperated list of hostnames of different connection brokers. For example, host1, host2, host3.

  4. In the Port Number of Connection broker, enter comma seperated list of the ports of corresponding connection brokers. For example, 1489, 1491, 1489.

  5. Click Save.

6.12 Configuring the Connector for IBM Content Manager

Note: AEM forms supports IBM Content Manager. See the Supported Platform Combinations document and make sure your ECM is upgraded to the supported version.
Note: Ensure that installing client for the connectors, copying of JAR's file and configuration changes tasks are performed on all the nodes of the cluster.

If you installed the Connector for IBM Content Manager as part of your LiveCycle, complete the following procedure to configure the service to connect to the IBM Content Manager datastore.

Configure Connector for IBM Content Manager

  1. Locate the adobe-component-ext.properties file in the [appserver root]/bin folder. If the file does not exist, create it.

  2. Add a new system property that provides the location of the following IBM II4C JAR files:

    • cmb81.jar

    • cmbcm81.jar

    • cmbicm81.jar

    • cmblog4j81.jar

    • cmbsdk81.jar

    • cmbutil81.jar

    • cmbutilicm81.jar

    • cmbview81.jar

    • cmbwas81.jar

    • cmbwcm81.jar

    • cmgmt

    Note: cmgmt is not a JAR file. On Windows, by default, this folder is at C:/Program Files/IBM/db2cmv8/.
    • common.jar

    • db2jcc.jar

    • db2jcc_license_cisuz.jar

    • db2jcc_license_cu.jar

    • ecore.jar

    • ibmjgssprovider.jar

    • ibmjsseprovider2.jar

    • ibmpkcs.jar

    • icmrm81.jar

    • jcache.jar

    • log4j-1.2.8.jar

    • xerces.jar

    • xml.jar

    • xsd.jar

    The new system property looks similar to the following:

    [component id].ext=[JAR files and/or folders]

    For example, using a default DB2 Universal Database Client and II4C installation, in the file, add the following system property on a new line, with no line breaks, and end the line with a carriage return:

            C:/Program Files/IBM/db2cmv8/cmgmt, 
            C:/Program Files/IBM/db2cmv8/java/jre/lib/ibmjsseprovider2.jar, 
            C:/Program Files/IBM/db2cmv8/java/jre/lib/ibmjgssprovider.jar, 
            C:/Program Files/IBM/db2cmv8/java/jre/lib/ibmpkcs.jar, 
            C:/Program Files/IBM/db2cmv8/java/jre/lib/xml.jar, 
            C:/Program Files/IBM/db2cmv8/lib/cmbview81.jar, 
            C:/Program Files/IBM/db2cmv8/lib/cmb81.jar, 
            C:/Program Files/IBM/db2cmv8/lib/cmbcm81.jar, 
            C:/Program Files/IBM/db2cmv8/lib/xsd.jar, 
            C:/Program Files/IBM/db2cmv8/lib/common.jar, 
            C:/Program Files/IBM/db2cmv8/lib/ecore.jar, 
            C:/Program Files/IBM/db2cmv8/lib/cmbicm81.jar, 
            C:/Program Files/IBM/db2cmv8/lib/cmbwcm81.jar, 
            C:/Program Files/IBM/db2cmv8/lib/jcache.jar, 
            C:/Program Files/IBM/db2cmv8/lib/cmbutil81.jar, 
            C:/Program Files/IBM/db2cmv8/lib/cmbutilicm81.jar, 
            C:/Program Files/IBM/db2cmv8/lib/icmrm81.jar, 
            C:/Program Files/IBM/db2cmv8/lib/db2jcc.jar, 
            C:/Program Files/IBM/db2cmv8/lib/db2jcc_license_cu.jar, 
            C:/Program Files/IBM/db2cmv8/lib/db2jcc_license_cisuz.jar, 
            C:/Program Files/IBM/db2cmv8/lib/xerces.jar, 
            C:/Program Files/IBM/db2cmv8/lib/cmblog4j81.jar, 
            C:/Program Files/IBM/db2cmv8/lib/log4j-1.2.8.jar, 
            C:/Program Files/IBM/db2cmv8/lib/cmbsdk81.jar, 
            C:/Program Files/IBM/db2cmv8/lib/cmbwas81.jar
  3. If the application server is not currently running, start the server; otherwise, stop and then restart the server.

You can now connect to the IBM Content Manager datastore from the IBMCMConnectorService Property Sheets by using the Use User Credentials as the login mode.

You have now completed the required steps for this procedure.

(Optional) If you want to connect to IBM Content Manager datastore from IBMCMConnectorService Property Sheets by using the Use Credentials From Process Context as the login mode, complete the following procedure.

Connect using Use Credentials from process context login mode

  1. Open a web browser and enter this URL:

    http://[host]:[port]/adminui

  2. Log in using the super administrator credentials. Default values set during installation are:

    User name:administrator

    Password:password

  3. Click Services > LiveCycle 11 Connector for IBM Content Manager

  4. Type all of the required repository information and click Save. For more information about the IBM Content Manager repository information, click the Help link in the upper-right corner of the page.

  5. Do one of these tasks:

    • To use the IBM Content Manager Authorization service IBMCMAuthProvider to use content from an IBM Content Manager datastore, in the Processes view of Workbench, continue with this procedure. Using the IBM Content Manager Authorization service overrides the default LiveCycle authorization and must be configured to log in to Workbench by using IBM Content Manager credentials.

    • To use the System Credentials provided in step 4 to use content from an IBM Content Manager datastore, in the Processes view of Workbench, log in to Workbench by using the LiveCycle super administrator credentials (by default, administrator and password). You have now completed the required steps for this procedure. The System Credentials that are provided in step 4 use the default LiveCycle authorization service for accessing the default repository in this case.

  6. Log in to the Administration Console, and click Settings > User Management > Domain Management.

  7. Click New Enterprise Domain and type a domain ID and name. The domain ID is the unique identifier for the domain. The name is a descriptive name for the domain.

    Note: When using MySQL for your LiveCycle database, use only single-byte (ASCII) characters for the ID. (See Adding enterprise domains in Administration Help.)
  8. Add a custom authentication provider:

    • Click Add Authentication.

    • In the Authentication Provider list, select Custom, and then select IBMCMAuthProviderService and click OK.

  9. Add an LDAP authentication provider:

    • Click Add Authentication.

    • In the Authentication Provider list, select LDAP and then click OK.

  10. Add an LDAP directory:

    • Click Add Directory.

    • In the Profile Name box, type a unique name, and then click Next.

    • Specify values for the Server, Port, SSL, Binding, and Populate page with options. If you select User for the Binding option, you must also specify values for the Name and Password fields. (Optional) Select Retrieve Base DN to retrieve base domain names, as required. When finished, click Next.

    • Configure the user settings, click Next, configure group settings as required, and then click Next.

    For details about the above settings, click the Help link in the upper-right corner of the page.

  11. Click OK to exit the Add Directory page and click OK again.

  12. Select the new enterprise domain and click Sync Now. Depending on the number of users and groups in your LDAP network and the speed on your connection, the synchronization process may take several minutes.

  13. To verify the status of the synchronization, click Refresh and view the status in the Current Sync State column.

  14. Navigate to Settings > User Management > Users and Groups.

  15. Search for users that were synchronized from LDAP and do these tasks:

    • Select one or more users and click Assign Role.

    • Select one or more LiveCycle roles and click OK.

    • Click OK a second time to confirm the role assignment.

    Repeat this step for all users that you want to assign roles to. For more information, click the Help link in the upper-right corner of the page.

  16. Start Workbench and log in using the following credentials for IBM Content Manager datastore:

    Username:[username]@[repository_name]

    Password: [password]

    The IBM Content Manager datastore can now be used in the Processes view within Workbench when the login mode for IBMCMConnectorService orchestrable components is selected as Use Credentials from process context.

6.13 Configuring the Connector for IBM FileNet

LiveCycle supports IBM FileNet, versions 4.0, 4.5, 5.0, and 5.2 only. Make sure your ECM is upgraded accordingly.

Note: LiveCycle supports FileNet 5.2 Content Engine; FileNet 5.2 Process Engine is not supported. Moreover, the LiveCycle Configuration Manager (LCM) does not support/configure FileNet 5.2, perform manual configuration for FileNet 5.2.

If you installed Connector for IBM FileNet as part of your LiveCycle, you must configure the service to connect to the FileNet object store.

Note: Ensure that installing client for the connectors, copying of JAR's file and configuration changes tasks are performed on all the nodes of the cluster.

Complete the following procedure to configure Connector for IBM FileNet.

Configure Connector for IBM FileNet using FileNet 4.x or FileNet 5.x and CEWS transport

  1. Open the application server run file in a text editor. The run file is as follows:

    • (Windows) [appserver root]/bin/run.conf

    • (Non-Windows) [appserver root]/bin/run.conf

  2. (Only for FileNet 4.x)Add the location of the FileNet Configuration files as a Java option to the application server start command, and then save the file.

    Note: If JBoss is running as a service, add the Java option in the registry where other JVM arguments are defined.
  3. -Dwasp.location= <configuration files location>

    For example, using a default FileNet Application Engine installation on a Windows operating system, add this Java option:

    -Dwasp.location=C:/Progra~1/FileNet/AE/CE_API/wsi
  4. If your deployment uses the Process Engine Connector service, copy the file [appserver root]\client\logkit.jar to the following directory:

    • (Manually-configured JBoss, cluster) [appserver root]/server/all/lib

    • (Manually-configured JBoss, single server) [appserver root]/server/standard/lib

    • (Adobe-preconfigured JBoss, cluster)[appserver root]/server/lc_<db-name>_cl/lib

    • (Adobe-preconfigured JBoss, single server)[appserver root]/server/lc_<db-name>/lib

  5. Locate the adobe-component-ext.properties file in the [appserver root]/bin folder (if the file does not exist, create it).

  6. Add a new system property that provides the location of these FileNet Application Engine JAR files:

    For Filenet 4.x add following JAR files.

    • javaapi.jar

    • soap.jar

    • wasp.jar

    • builtin_serialization.jar (FileNet 4.0 only)

    • wsdl_api.jar

    • jaxm.jar

    • jaxrpc.jar

    • saaj.jar

    • jetty.jar

    • runner.jar

    • p8cjares.jar

    • Jace.jar

    • (optional) pe.jar

    For FileNet 5.x add following JAR files

    • Jace.jar

    • javaapi.jar

    • log4j.jar

    • pe.jar

    • stax-api.jar

    • xlxpScanner.jar

    • xlxpScannerUtils.jar

    Note: Add the pe.jar file only if your deployment uses the IBMFileNetProcessEngineConnector service. The new system property should reflect this structure:
    [component id].ext=[JAR files and/or folders]

    For example, using a default FileNet Application Engine installation on a Windows operating system, add the following system property on a new line with no line breaks and end the line with a carriage return:

    Note: The following text contains formatting characters for line breaks. If you copy this text to a location outside this document, remove the formatting characters when you paste it to the new location.
    com.adobe.livecycle.ConnectorforIBMFileNet.ext= 
    C:/Program Files/FileNet/AE/CE_API/lib2/javaapi.jar, 
    C:/Program Files/FileNet/AE/CE_API/lib2/log4j-1.2.13.jar
  7. (FileNet Process Engine Connector only) Configure the connection properties for the process engine as follows:

    • Using a text editor, create a file with the following content as a single line and end the line with a carriage return:

      (FileNet 4.x and 5.0 only)

      RemoteServerUrl = cemp:http://[contentserver_IP]:[contentengine_port]/wsi/FNCEWS40DIME/

      (FileNet 5.2 only)

      RemoteServerUrl = cemp:http://[contentserver_IP]:[contentengine_port]/wsi/FNCEWS40MTOM/
    • Save the file as WcmApiConfig.properties in a separate folder, and add the location of the folder that contains the WcmApiConfig.properties file to the adobe-component-ext.properties file.

      For example, if you save the file as c:/pe_config/WcmApiConfig.properties, add the path c:/pe_config to the adobe-component-ext.properties file.

      Note: The filename is case-sensitive.
  8. Locate the login-config.xml file in the following folder and add the following application policy as a child of the <policy> node:

    • (Manually-configured JBoss, single server)[appserver root]/server/standard/conf

    • (Manually-configured JBoss, cluster)[appserver root]/server/all/conf

    • (Adobe-preconfigured JBoss, single server)[appserver root]/server/lc_<dbname>/conf

    • (Adobe-preconfigured JBoss, cluster)[appserver root]/server/lc_<dbname>_cl/conf
              <application-policy name = "FileNetP8WSI"> 
               <authentication>  
               <login-module code = "com.filenet.api.util.WSILoginModule" flag = 
                      "required" /> 
               </authentication>  
              </application-policy>
  9. (FileNet Process Engine Connector only) If your deployment uses the process engine, add the following node to the login-config file:

            <application-policy name = "FileNetP8"> 
                <authentication> 
                    <login-module code = "com.filenet.api.util.WSILoginModule" flag = 
                    "required" /> 
                </authentication> 
            </application-policy>
  10. If the application server is not currently running, start the server. Otherwise, stop and then restart the server.

  11. If JBoss runs as a service, start (or restart) the JBoss for Adobe LiveCycle ES4 Service.

  12. (Cluster only) Repeat all previous steps on each instance on the cluster.

  13. Open a web browser and enter this URL:

    http://[host]:[port]/adminui

  14. Log in using the default user name and password:

    User name: administrator

    Password: password

  15. Click Services > LiveCycle 11 Connector for IBM FileNet.

  16. Provide the Content Engine URL. For example, cemp:http://ContentEngineHostNameorIP:port/wsi/FNCEWS40MTOM?jaasConfigurationName=FileNetP8WSI

  17. Provide all of the required FileNet repository information and, under Repository Service Provider Information, select IBM FileNet Repository Provider.

    If your deployment uses the optional process engine service, under Process Engine Settings, select Use Process Engine Connector Service and specify the process engine settings. For more information, click the Help link in the upper-right corner of the page.

    Note: The credentials that you provide in this step are validated later when you start the IBM FileNet repository services. If the credentials are not valid, an error is thrown and the services will not start.
  18. Click Save and navigate to Services > Applications and Services > Service Management.

  19. Select the check box next to each of these services and then click Start:

    • IBMFileNetAuthProviderService

    • IBMFileNetContentRepositoryConnector

    • IBMFileNetRepositoryProvider

    • IBMFileNetProcessEngineConnector (if configured)

    If any of the services do not start correctly, verify the Process Engine settings.

  20. Do one of the following tasks:

    • To use the FileNet Authorization service (IBMFileNetAuthProviderService) to display content from a FileNet object store in the Resources view of Workbench, continue with this procedure. Using the FileNet Authorization service overrides the default LiveCycle authorization and must be configured to log in to Workbench by using FileNet credentials.

    • To use the LiveCycle repository, log in to Workbench by using the LiveCycle super administrator credentials (by default, administrator and password). The credentials provided in step 16 use the default LiveCycle authorization service for accessing the default repository in this case.

  21. Restart your application server.

  22. Log in to Administration Console and click Settings > User Management > Domain Management.

  23. Click New Enterprise Domain and then type a domain ID and name. The domain ID is the unique identifier for the domain. The name is a descriptive name for the domain.

    When using MySQL for your LiveCycle database, use only single-byte (ASCII) characters for the ID. (See “Adding enterprise domains” in LiveCycle Administration Help

  24. Add a custom authentication provider:

    • Click Add Authentication.

    • In the Authentication Provider list, select Custom.

    • Select IBMFileNetAuthProviderService and then click OK.

  25. Add an LDAP authentication provider:

    • Click Add Authentication.

    • In the Authentication Provider list, select LDAP and then click OK.

  26. Add an LDAP directory:

    • Click Add Directory and, in the Profile Name box, type a unique name, and then click Next.

    • Specify values for the Server, Port, SSL, Binding, and Populate page with options. If you select User for the Binding option, you must also specify values for the Name and Password fields.

    • (Optional) Select Retrieve Base DN to retrieve base domain names, as required. When finished, click Next.

    • Configure the user settings, click Next, configure group settings as required, and then click Next.

      For details about the settings, click Help link in the upper-right corner of the page.

  27. Click OK to exit the Add Directory page, and then click OK again.

  28. Select the new enterprise domain and click Sync Now. Depending on the number of users and groups in your LDAP network and the speed on your connection, the synchronization process may take several minutes.

    (Optional) To verify the status of the synchronization, click Refresh and view the status in the Current Sync State column.

  29. Navigate to Settings > User Management > Users and Groups.

  30. Search for users that were synchronized from LDAP and perform these tasks:

    • Select one or more users and click Assign Role.

    • Select one or more LiveCycle roles and click OK.

    • Click OK a second time to confirm the role assignment.

    Repeat this step for all users you want to assign roles to. For more information, click the Help link in the upper-right corner of the page.

  31. Start Workbench and log in using the following credentials for the IBM FileNet repository:

    User name:[username]@[repository_name]

    Password: [password]

    The FileNet object store should now be visible in the Resources view within Workbench. If you do not log in using the username@repository name, Workbench attempts to log in to the default repository specified in step 16.

  32. (Optional) If you intend to install the LiveCycle Samples for Connector for IBM FileNet, create a FileNet object store named Samples and install the samples in that object store.

    After you configure Connector for IBM FileNet, it is recommended that you see LiveCycle Administration Help for information about configuring Workbench functions properly with your FileNet repository.

6.14 Isolating JBoss Clusters

There are a lot of JBoss services that create multiple JGroup channels services. These channels should only communicate with specific channels.

To isolate JGroups clusters from other clusters on the network, ensure that
  • The channels in the various clusters use different group names. Use ./run.sh -g QAPartition -b <ipaddress> -c all to create unique groups.

  • The channels in the various clusters use different multicast addresses. Use /run.sh -u <UDP group Ip address> -g QAPartition -b <ipaddress> -c all to control the multicast address.

  • The channels in each cluster use different multicast ports. Use /run.sh -u <UDP group Ip address> -g QAPartition -b <ipaddress> -c all \\-Djboss.jgroups.udp.mcast_port=12345 -Djboss.messaging.datachanneludpport=23456 to control the muticast sockets.

    See, Isolating JGroups Channels in jbossclustering guide at http://docs.jboss.org/ for detailed information to isolate JBoss Clusters

6.15 (Optional)Enable JMX console security

In the default setup of LiveCycle, JBoss JMX console security is disabled. To enable the security, follow the steps mentioned below:

  1. Shut down the application server.

  2. Navigate to the [appserver root]/server/<profile_name>/deploy directory and open the jmx-invoker-service.xml file in a text editor.

  3. Ensure that the following line is not commented out in the invoke section:

    <interceptor code="org.jboss.jmx.connector.invoker.AuthenticationInterceptor" securityDomain="java:/jaas/jmx-console"/>
  4. Save and close the file.

  5. Create a new file, work-manager.properties, at [appserver root]/server/.

  6. Open work-manager.properties file in a text editor and add following code:
        adobe.work-    manager.jboss.jmx.lookup.java.naming.factory.initial=org.jboss.security.jndi.JndiLo    ginInitialContextFactory 
        adobe.work-manager.jboss.jmx.lookup.java.naming.provider.url=jnp://localhost:1099/ 
        adobe.work-manager.jboss.jmx.lookup.java.naming.security.credentials=<password> 
        adobe.work-manager.jboss.jmx.lookup.java.naming.security.principal=<username> 
        adobe.work-manager.jboss.jmx.lookup.java.naming.security.protocol=jmx-console
    Note: Ensure that identical credentials are mentioned in jmx-console-users.properties file and in work-manager.properties file. The default credentials are admin/admin.
  7. Save and close the file.

  8. Navigate to the [appserver root]/server/<profile_name>/conf/props directory and open jmx-console-users.properties file in a text editor.

  9. Ensure that an entry that contains credentials used in the work-manager.properties file is not commented out.

  10. Save and close the file.

  11. Navigate to [appserver root]/bin and open run.conf.bat file in a text editor and add following code:

    set "JAVA_OPTS=%JAVA_OPTS%  -Dadobe.workmanager.properties = <path of the work-manager.properties file>
  12. Save and close the file.

  13. Start the application server.

// Ethnio survey code removed