6.1 General tasks6.1.1 Configure Allowed ReferersWhen you run Configuration Manager, the default host, IPv4
address, IPv6 address, loopback address, and localhost address are
added to the Allowed Referer list. These addresses are added only
for the machine where LCM is executed. For a LiveCycle cluster,
manually add all the other cluster nodes to the list:
In Administration Console, click Settings > User Management > Configuration > Configure Allowed Referer URL’s.
The Allowed Referer list appears at the bottom of the page.
To add an allowed referer:
Type a host name
or IP address in the Allowed Referers box. To add more than one
allowed referer at a time, type each host name or IP address on
a new line. Provide hostName and IP address of all the cluster nodes/load balancer.
In the HTTP Port and HTTPS Ports boxes, specify which ports
to allow for HTTP, HTTPS, or both. If you leave those boxes empty,
the default ports (port 80 for HTTP and port 443 for HTTPS) are
used. If you enter 0 (zero) in the boxes, all ports
on that server are enabled. You can also enter a specific port number
to enable only that port.
Click Add.
Click Save.
If the Allowed Referer List is empty,
the CSRF feature stops working and the system becomes insecure.
After changing the Allowed Referer list, restart the LiveCycle
cluster.
6.1.2 Configure CRX Repository Clustering
Perform the following steps to configure CRX repository clustering: Go to http://[Host]:[Port]/lc/libs/granite/cluster/content/admin.html.
Login as an administrator.
Change the master URL to http://[Master_host]:[port]/lc.
Provide hostname and port of the node that should act as a master.
Change the username/password to admin/admin and click Join.
It may take some time to complete the configuration. Do not press
refresh or back. On completion of configuration, a success message
appears.
To connect more slave nodes , repeat steps 1-4 on each slave
node. for each slave, provide the master URL mentioned in the step
4.
Note: Do not perform above steps on the master node.
On starting a cluster, ensure that the master node is started
before all the slave nodes. On stopping the cluster, stop all slaves
before stopping the master node. In some specific scenarios, Master
node and Slave nodes can switch roles; ensure your master before
stopping the cluster.
The particular start /stop cluster order is enforced for CRX
clustering but since it is embedded in LiveCycle, ensure that you
follow above procedure while starting and stopping LiveCycle cluster.
A slave node waits for the specified number of seconds for the
master node to be up and running. If the master node is not up in
specified seconds, the slave node stops its repository. To join
the slave node in the cluster, restart the slave node. The default
wait time for a node is 60 seconds. Use the following JVM argument to
configure the number of seconds for the slave nodes:
-Dcom.day.crx.core.cluster.WaitForMasterRetries=<value>
If you start all the nodes of the cluster at once, the start
order dependency fails and slave nodes of a cluster fail to start.
To avoid such issues, ensure that the wait time for a node is 300
seconds or more.
Note: Restart the slave instance to avoid stale sessions.
Important: All author instances in the cluster should
be time synchronized. You can use an NTP (Network Time Protocol)
server to ensure time synchronization.
6.1.3 Perform a system image backupAfter LiveCycle is installed and deployed into production
areas and before the system is live, it is recommended that you
perform a system image backup of the servers on which LiveCycle
is implemented. Also take backup of CRX repository.
The
LiveCycle database, GDS directory, and application servers must
be part of this backup. This is a complete system backup that you
can use to restore the contents of your computer if your hard drive
or entire computer stops working. See the LiveCycle
Backup and Recovery topic in Administration Help .
6.1.4 Restart the application serverWhen you first deploy LiveCycle, the server is in a deployment
mode in which most modules are in memory. As a result, the memory
consumption is high and the server is not in a typical production
state. You must restart the application server to get the server
back into a clean state.
Note: You may skip to restart
the LiveCycle server, if you have restarted the server after configuring
CRX clustering or after updating Allowed Referer list
Note: When
you upgrade the LiveCycle Server or deploy a Service pack, ensure
that you delete the [Jboss_root]\server\<server name>\work
and[Jboss_root]\server\<server name>\tmp folders before restarting the
application server.
6.1.5 Verify the deploymentYou can verify the deployment by logging in to Administration
Console. If you log in successfully, then LiveCycle is running on
the application server and the default user is created in the database.
To verify the CRX repository deployment, access the CRX welcome
page.
You can review the application server log files to ensure that
components were deployed correctly or to determine the cause of
any deployment issues you may encounter.
6.1.5.1 Accessing LiveCycle Administration Console Administration Console is the web-based portal for accessing
a variety of configuration pages where you can set run-time properties
that control the way LiveCycle operates. When you log in to Administration
Console, you can access User Management, Watched Folder, and Email
client configuration, and administrative configuration options for
other services. Administration Console also provides access to Applications
and Services, which administrators use for managing archives and
deploying services to a production environment.
The default user name and password for logging in is administrator and password.
After you log in the first time, access User Management and change the
password.
Before you access Administration Console, LiveCycle must be deployed
and running on your application server.
For information about using Administration Console, see Administration Help.
Type the following URL in a web browser:
http://[hostname]:[port]/adminui
For
example: http://localhost:8080/adminui
If you have upgraded to LiveCycle, enter the same administrator
user name and password as that of your previous LiveCycle installation.
In case of a fresh installation, enter the default user name and
password.
After you log in, click Services to access the service
administration pages or click Settings to access the pages
on which you can administer settings for different modules.
6.1.5.2 Change the default password of LiveCycle AdministratorLiveCycle creates one or more default users during the
installation. The password for these users is in the product documentation
and is publicly available. You must change this default password,
depending on your security requirements.
The LiveCycle administrator user password is set to “password”
by default. You must change it in Administration Console > Settings
> User Management.
Also, it is recommended to change the default password for CRX
Administrator.
For detailed information, see Change
the default administrator password.
6.1.5.3 Accessing CQ Welcome PageCQ welcome page is the web-based portal for accessing various
CQ components, administration, deployment and development tools.
The default user name and password for logging in is administrator
and password (same as LiveCycle Administrator).
Access the welcome page using the following steps:
Type the following URL in a web browser:
http://[hostname]:[port]/lc/welcome
Enter the same administrator user name and password as mentioned
above.
After you log in, you can access various components, administration, deployment
and development UIs.
6.1.5.4 Accessing OSGi Management ConsoleIn CQ, components are in form of OSGi bundles which are
deployed to Apache Felix OSGi container. OSGi console provides a
way to manage OSGi bundles and services configurations. The default
user name and password for logging in is admin and admin (same as
CRX Administrator).
Access the OSGi Management console using the following steps:
Type the following URL in a web browser:
http://[hostname]:[port]/lc/system/console
Enter the same administrator username and password as mentioned
above.
After you log in, you can access various components, services,
bundles and other configurations.
6.1.5.5 Change CQ Administrator default passwordCQ embedded within LiveCycle has two administrator users
as mentioned below.
Super Administrator (administrator): The Super
Administrator user can access various CQ/CRX UIs and perform admin
operations. The default username and password are same as LiveCycle
Administrator, administrator/password. This user doesn't
have access to OSGi Management Console. The default password of
this user can be changed using LiveCycle Administrator console only
as mentioned in section Change default LiveCycle password.
The changed password will be applicable for both LiveCycle and CQ.
Administrator (admin): This user can access to OSGi console
in addition to CQ/CRX UIs and has administrator privileges. The
default username and password for the user are admin/admin.
To change the default password follow the below mentioned steps:
Type the following URL in a web browser.
http://[hostname]:[port]/lc/libs/granite/security/content/admin.html
Login using following credential:
Username:
admin
Password: admin.
Search for user Administrator.
Click on the user in left pane, the user details is displayed
in the right pane.
Click on Edit icon in the right pane.
On the edit page in the right pane, provide new password
in the New Password field and current password in Your Password field.
Click Save icon in the right pane.
Re-login using the changed password to verify.
6.1.5.6 View the log filesEvents, such as run-time or startup errors, are recorded
to the application server log files. If you have problems deploying
to the application server, you can use the log files to help you
find the problem. You can open the log files by using any text editor.
Log
files, in case of manually-configured JBoss, are located at:
Log
files, in case of Adobe-preconfigured JBoss, are located at:
The
log files are:
Following CRX log files are located at [ CRX_home]/ error.log
audit.log
access.log
request.log
update.log
6.2 Verify the LiveCycle clusterEnsure that all application server instances of
the cluster are started.
View the Gemfire.log file, located in the directory appropriate
to your application server:
Messages such as the following confirm that the cache is
connected to all servers of the cluster:
[info 2008/01/22 14:24:31.109 EST GemfireCacheAdapter <UDP mcast
receiver> nid=0x5b611c24] Membership: received new view
[server-0:2916|1] [server-0:2916/2913, server-1:3168/3165]
[info 2008/01/22 14:24:31.125 EST GemfireCacheAdapter <View Message
Processor> nid=0x7574d1dc] DMMembership: admitting member
<server-1:3168/3165>; now there are 2 non-admin member(s)
Note: Ensure that the number of non-admin members
(two in the example log entry above) matches the number of members
in your cluster. A discrepancy indicates that some members of the
cluster are not connected to the cache.
6.3 Verify the CRX ClusterGo to http://<authorHost>:<authorPort>/lc/system/console.
Login with OSGi Management Console user credentials. The default
credential is admin/admin
Navigate to Main>JMX, locate the row with domain: com.adobe.granite
and type: Repository.
Click Repository and locate Attribute Name: ClusterNodes.
The
ClusterNodes attribute contains a table. Each row in the table
represents a node in the cluster. Each row contains Operating System,
hostname, id, and repositoryHome of a cluster node.
On all the slave node, value of crx.cluster.master is false and
on the master node vale of crx.cluster.master is true.
6.4 Accessing module web applicationsAfter LiveCycle is deployed, you can access the web applications
that are associated with the following modules:
Reader Extensions
Adobe® LiveCycle® Workspace 11
Note: The Flex Worksapce
is deprecated for AEM forms. It is available for the LiveCycle ES4
release.
HTML Workspace
User management
Correspondance management
PDF Generator web application
Adobe® LiveCycle® PDF Generator 11
Adobe® LiveCycle® Rights Management 11
After accessing the web applications by using the default administrator
permissions to ensure that they are accessible, you can create additional
users and roles so that others can log in and use the applications.
(See Administration Help.)
6.4.1 Access the Reader Extensions web applicationNote: You must apply a Reader Extensions credential
and apply the user roles for a new user. (See “Configuring credentials
for use with Reader Extensions” in LiveCycle Administration Help.)
Open a web browser and enter this URL:
http://[hostname]:[port]/ReaderExtensions
Log in using the user name and password for LiveCycle.
Note: You must have administrator or superuser privileges
to log in. To allow other users to access the Reader Extensions
web application, you must create the users in User Management and
grant them the Reader Extensions Web Application role.
6.4.2 Access WorkspaceOpen a web browser and enter this URL:
http://[hostname]:[port]/workspace
Log in using the user name and password for LiveCycle.
Note: The Flex Worksapce is deprecated for AEM forms. It is available
for the LiveCycle ES4 release.
6.4.3 Access HTML WorkspaceOpen a web browser and enter this URL:
http://[hostname]:[port]/lc/ws
Log in using the user name and password for LiveCycle.
6.4.4 Access Forms ManagerOpen a web browser and enter this URL:
http://[hostname]:[port]/lc/fm
Log in using the user name and password for LiveCycle.
6.4.5 Access PDF Generator Web ApplicationOpen a web browser and enter this URL:
http://[hostname]:[port]/pdfgui
Log in using the user name and password for LiveCycle.
6.4.6 Access Rights ManagementYou must create a user with the Rights Management End User
role in User Management and log in to the Rights Management administrator
or end-user applications by using the login information that is
associated with that user.
Note: The default administrator user cannot access
the Rights Management end-user web application but you can add the
appropriate role to its profile. You can create a new user or modify
an existing user through Administration Console.
Access the Rights Management end-user web application Open a web browser and enter this URL: http://[hostname]:[port]/edc
Access the Rights Management administration web applicationOpen a web browser and enter this
URL:
http://[hostname]:[port]/adminui
Click Services > LiveCycle Rights Management 11.
For
information about setting up users and roles, see Administration
Help.
Assign the Rights Management End User roleLog in to Administration Console. (See 6.1.5.1 Accessing LiveCycle Administration Console.)
Click Settings > User Management > Users and Groups.
In the Find box, type all and, in
the In list, select Groups.
Click Find and, for the required domains, click All Principals in
the list that appears.
Click the Role Assignments tab and click Find Roles.
In the list of roles, select the check box next to Rights Management End User.
Click OK and then click Save.
6.4.7 Accessing User ManagementBy
using User Management, administrators can maintain a database of
all users and groups, synchronized with one or more third-party
user directories. User Management provides authentication, authorization,
and user management for LiveCycle modules, including Reader Extensions,
Workspace, Rights Management, Adobe® LiveCycle® Process Management
11, Adobe® LiveCycle® Forms Standard 11 and PDF Generator.
Log in to Administration Console.
On the home page, click Settings > User Management.
Note: For information about configuring users with User
Management, click User Management Help in the upper-right
corner of the User Management page.
6.4.8 Access Correspondence Management Solution templateYou can verify the Correspondence Management Solution deployment
by visiting http://[hostname]:[port]/lc/cm and logging
in using LiveCycle administrator credentials. Solution template
is a reference implementation of Correspondence Management Solution.
Note: In a non-turnkey deployment, if you encounter an error while
accessing the solution template, you must integrate LiveCycle with
Correspondence Management Solution. For more information, see the Configure Publish nodes to Integrate with LiveCycle section
of this document.
6.5 Configure Correspondence Management Solution6.5.1 Configure the Author instanceThe Author instance is embedded within the LiveCycle server.
This implies that you do not need to make any configuration updates
to the Author instance. The instance inherits all the configuration
settings from the LiveCycle server.
6.5.2 Configure the Publish instanceYou must run separate Author and Publish instances for
Correspondence Management Solution. However, you can configure the
two instances on the same or on different machines. An author instance
is embedded in the LiveCycle Core application and runs on the LiveCycle
server. For publish instance, LCM configures a publish ear (adobe-livecycle-cq-publish.ear).
Deploy the publish ear on a separate server instance.
Note: Before configuring the Publish instance, ensure that your
author instance is configured and deployed. You can verify by successfully
logging in to the solution template for Correspondence management
Solution. For more information, see the Access Correspondence Management Solution template section
of this document.
Create
a new server for the publish instance. Perform JBoss installation
and use standard profile.
Copy the [LiveCycle root]/crx-repository directory
from the author instance to the publish instance machine.
From the crx-repository directory on the publish instance
machine, open the crx-repository/install folder.
Keep the following packages and delete all other packages from the
install folder:
Start the Publish server with -Dcom.adobe.livecycle.crx.home=<location for crx-repository> parameter,
where <location for crx-repository> is
the location where you copied the crx-repository directory for the
Publish instance.
For details on how to configure generic
JVM arguments for WebSphere and WebLogic, see the Configuring the JVM arguments section
for WebSphere and WebLogic.
Copy
the adobe-livecycle-cq-publish.ear file and deploy it to the appserver profile
created in step 1.
Note: If author and Publish instances are on the same machine, ensure
that you start the Publish instance using a different port.
Now that the Publish instance is up and running, you need to
configure the two instances to communicate with each other.
6.5.3 Configure Publish nodes to Integrate with LiveCyclePerform these steps on all publish instances. To enable
communication between publish instance and LiveCycle Server:
Go to http://[publishhost]:[publishport]/lc/system/console/configMgr
and Login with OSGi Management Console user credentials. The default
credential are admin/admin.
Search and click Edit next to the Adobe LiveCycle Client SDK Configuration setting.
In the Server Url field, ensure that http://[ lchost]:[ lcport]
is specified. Important: Ensure that the LiveCycle
server is listening on the specified host and port combination.
The following three scenarios are possible in the case of a LiveCycle
server cluster:
All LiveCycle server instances
are running on localhost and the same port. In this case
use localhost:[port].
All LiveCycle server instances are running on localhost but
on different ports. In this case, use a load balancer host name
and port combination—[loadbalancer_host]:[loadbalancer_port].
All LiveCycle server instances are running on a particular
host name (not localhost) and different/same ports. In this
case, use a load balancer host name and port—[loadbalancer_host]:[loadbalancer_port].
If you need to use a load balancer URL to access the LiveCycle server cluster (as mentioned above), ensure that the required communication ports between Author instances and the load balancer are open.
Specify LiveCycle administrator credentials in the Username
as Password fields.
Click Save.
6.5.4 Communicating between the Author and Publish instancesYou need to perform certain configuration changes to enable
two-way communication between the Author and Publish instances.
6.5.4.1 Configure Replication Agents (Define publish instance URL)On the Author instance, you need to configure replication
agents for each Publish instance. These agents replicate content
from the Author instances to all the Publish instances.
Log in to Tools UI at http://<authorHost>:<authorPort>/lc/miscadmin
Select Replication, then Agents on author in
the left panel.
On the right panel, you see various agents
configured for the Author instance.
On the right panel, Select New.... and click New Page.
The Create Page dialog
displays.
Set the Title and Name, then select Replication Agent.
Click Create to create new agent.
Double-click the new agent item to open the configuration
panel.
Click Edit - the Agent Settings dialog displays.
In the Settings tab:
Enter a Description.
Check Enabled.
Select Serialization Type as Default.
Set the Retry Delay to 60000.
Set the Log Level as Info.
In the Transport tab:
Click OK to save the settings.
On the agent configuration panel, click Test Connection.
Successful
connection ensures that the configuration is done correctly.
Note: : In case, you have only one Publish instance you can use
the default Replication Agent named as publish. You need to edit
it for specifying Publish URI in the Transport tab as mentioned
in the step b(i). In this case, you do not need to create a new
replication agent.
Note: : In case, you have a publish farm(multiple non-clustered
publish instances), you need to create a replication agent for each
Publish instance as mentioned in Steps 1-9. For each such replication
agent, Title and Name should be significant and unique, so the identification
of the corresponding Publish instance can be simpler. Each such
replication agent has a different URI in the Transport tab pointing
to a particular Publish instance. For multiple publish instances,
you can also create replication agents by copying the default agent
publish and then editing Name and URI in transport tab of the created
agent. If you are not using the default Replication Agent, disable
it, so an unnecessary replication attempt can be avoided.
Note: For Author clusters, these steps need to be performed on one
Author instance (preferably a master instance).
6.5.4.2 Define Publish instance URL for ActivationManagerImplGo to http://<authorHost>:<authorPort>/lc/system/console/configMgr.
Login with OSGi Management Console user credentials. The default
credential is admin/admin.
Find and click the Edit icon next to the com.adobe.livecycle.content.activate.impl.ActivationManagerImpl.name setting.
In the ActivationManager Publish URL field, specify the URL
for accessing the Publish instance ActivationManager. You can provide
the following URLs.
Load Balancer URL (Recommended):
Provide load balancer URL, If you have a webserver acting as load
balancer in front of publish farm (multiple non-clustered publish
instances).
Publish instance URL: Provide any publish instance
URL, If you have a single publish instance or the webserver fronting
the publish farm is not accessible from the author environment due
to any restrictions. In case, the specified publish instance is
down, there is a fallback mechanism to deal with on the author side.
URL string: http://<hostname>:<port>/lc/bin/remoting/lc.content.remote.activate.activationManager
Click Save.
6.5.4.3 Configure reverse replication queueOn the Author instance, you need to configure reverse replication
agents for each Publish instance. These agents replicate content
from the Publish instance to the Author instance.
Log in to Tools UI at http://<authorHost>:<authorPort>/lc/miscadmin
Select Replication, then Agents on author in
the left panel.
On the right panel, you see various agents
configured for the Author instance.
On the right panel, Select New, and click New Page.
The Create Page dialog
appears.
Set the Title and Name, then select Reverse Replication Agent.
Click Create to create new agent.
Double-click the new agent item to open the configuration
panel.
Click Edit - the Agent Settings dialog displays.
In the Settings tab:
In the Transport tab:
In the Extended tab: Set HTTP Method as GET
Click OK to save the settings.
On the agent configuration panel, click Test Connection.
Successful connection ensures that the configuration is done
correctly.
Note: : In case, you have only one Publish instance you can use
the default Reverse Replication Agent named as publish_reverse.
You need to edit it for specifying Publish URI in the Transport tab
as mentioned in the step b(i). In this case, you do not need to
create a new reverse replication agent.
Note: In case, you have a publish farm(multiple non-clustered publish
instances), you need to create a reverse replication agent for each
Publish instance as mentioned in Steps 1-9. For each such replication
agent, Title and Name should be significant and unique, so
the identification of the corresponding Publish instance can be simpler.
Each such replication agent has a different URI in the Transport tab
pointing to a particular Publish instance. For multiple publish
agents, you can also create reverse replication agents by copying
the default agent publish_reverse and then editing Name and URI in
transport tab of the created agent. If you are not using the default
Reverse Replication Agent, disable it, so an unnecessary replication
attempt can be avoided.
Note: For Author clusters, these steps need to be performed on one
Author instance (preferably a master instance).
6.5.4.4 Define author instance URL for VersionRestoreManagerImplGo to http://<publishHost>:<publishPort>/lc/system/console/configMgr.
Login with OSGi Management Console user credentials. The defaults
credential are admin/admin.
Find and click the Edit icon next to the com.adobe.livecycle.content.activate.impl.VersionRestoreManagerImpl.name setting.
In the VersionRestoreManager Author URL field, specify the
URL of the author instance VersionRestoreManager.
URL string: http://<hostname>:<port>/lc/bin/remoting/lc.content.remote.activate.versionRestoreManager
Note: If
there are multiple author instances( Clustered) fronted by a Load
Balancer, specify the URL to the load balancer in the VersionRestoreManager
Author URL field.
Click Save.
6.5.5 Install sample users and assetsYou can install sample users with predefined user permissions
to further explore the solution template, which you can customize
to build your own solution.
Go to http://<authorHost>:<authorPort>/lc/crx/explorer/index.jsp.
Log in using LiveCycle administrator credentials and click Package Manager.
In Package Manager, upload the samples-correspondencemanagement-pkg-<version>.zip
package from <LC_HOME>/deploy/crx.
Click Install once the package uploads successfully.
Click Install on the confirmation dialog to install
the sample users and assets.
Correspondence Management Sample Users
Correspondence Management Solution Accelerator contains the following sample
users. These user are expected to participate in the activities
leading to generation of interactive customer communication.
The following roles mentioned are automatically assigned to the
users during package Installation:
User name
|
Assigned role
|
Responsibilities
|
Todd Goldman
|
Correspondence Management Administrator
|
This user is the general system administrator. This
role enables the user to modify all assets. This role also lets
define the categories.
|
Heather Douglas
|
Correspondence Management Subject Matter Expert
|
This persona has the role enabling him to CRUD
texts and images.
|
Caleb Lopez
|
Correspondence Management Application Specialist
|
This user defines the letter template by
judicious usage of the text, picture, condition, list objects. With
this role, the user can CRUD the letter templates, layouts, lists,
conditions, texts and images.
|
Gloria Rios
|
Correspondence Management Claim Adjustor
|
An agent user would use the letter template defined
by the business user to produce the letter communication to deliver
to the customer.
|
Jocelyn Robinson
|
Correspondence Management Form Designer
|
This user has the skills to design form
layouts using LiveCycle Designer. Having equipped with the necessary
know-how to design form layouts for use in correspondence management,
this user will use LiveCycle Designer and design the XDP templates,
which would serve as the boilerplate for the letter.
|
Frank Kricfalusi
|
Correspondence Management Developer
|
This user has the knowledge about XSD schema
and data modelling concepts and is responsible for creation and
maintenance of Data Dictionaries.
|
For more information about the sample users and guidelines to
implement a solution using the solution template, see Correspondence Management Solution Guide. Note: For
author clusters, these steps need to be performed on one author
instance (preferably a master instance).
6.5.6 Configure IPv6 implementationNote: Perform these steps only if Correspondence Management
Solution is running on a machine that uses an IPv6 address.
To map the IPv6 address to a hostname on the server and client
machines:
Navigate to the C:\Windows\System32\drivers\etc directory.
Open the hosts file in a text editor.
Add a mapping for the IPv6 address to a host name. For example:
2001:1890:110b:712b:d1d:9c99:37ef:7281 <ipv6_hostname>
Save and close the file.
Ensure that you use the mapped host name instead of the IPv6
address to access Correspondence Management Solution.
6.5.7 Install Japanese fonts for Adobe ReaderIf your Correspondence Management assets use Japanese fonts,
you must install the Japanese Language Support Package for Adobe
Reader. Otherwise, your letters and forms will not render and function
properly. For installing language packs, visit the downloads page
for Adobe Reader.
6.6 Configuring PDF GeneratorIf you installed PDF Generator as part of your LiveCycle,
complete the following tasks:
6.6.1 Environment variablesIf you installed the PDF Generator module and configured
it to convert files to PDF, for some file formats, you must manually
set an environment variable that contains the absolute path of the
executable that is used to start the corresponding application.
The table below lists the environment variables for the native applications
that you have installed.
Note: Ensure
that the required applications are installed on all nodes in the
cluster.
Note: All environment variables and respective paths are case-sensitive.
Application
|
Environment variable
|
Example
|
Adobe Acrobat
|
Acrobat_PATH
|
C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrobat.exe
|
Adobe FrameMaker®
|
FrameMaker_PATH
|
C:\Program Files (x86)\Adobe\FrameMaker8.0\FrameMaker.exe
|
Notepad
|
Notepad_PATH
|
C:\WINDOWS\notepad.exe
You can leave the Notepad_PATH variable
blank.
|
OpenOffice
|
OpenOffice_PATH
|
C:\Program Files (x86)\OpenOffice.org 3.3
|
Adobe PageMaker®
|
PageMaker_PATH
|
C:\Program Files (x86)\Adobe\PageMaker 7.0.2\PageMaker.exe
|
WordPerfect
|
WordPerfect_PATH
|
C:\Program Files (x86)\WordPerfect Office 12\Programs\wpwin12.exe
|
Adobe Photoshop®
|
Photoshop_PATH
|
C:\Program Files (x86)\Adobe\Adobe Photoshop CS4\Photoshop.exe
|
Note: These environment variables
must be set for all nodes in the cluster.
Note: The environment variable OpenOffice_PATH is
set to the installation folder instead of the path to the executable.
You do not need to set up the paths for Microsoft Office applications
such as Word, PowerPoint, Excel, Visio, and Project, or for AutoCAD.
The Generate PDF service starts these applications automatically
if they are installed on the server.
Create a new Windows environment variableSelect Start > Control Panel > System.
Click the Advanced tab and click Environment Variables.
In the System variables section, click New.
Enter the environment variable name you need to set
(for example, enter Photoshop_PATH). This folder
is the one that contains the executable file. For example, type
the following path: D:\Program Files\Adobe\Adobe Photoshop CS4\Photoshop.exe
Set the PATH variables on Linux or UNIX (OpenOffice only)Execute the following command:
export OpenOffice_PATH=/opt/openoffice.org3.3
6.6.2 Configuring the application server to use HTTP proxy serverIf the computer that LiveCycle is running on uses proxy
settings to access external web sites, the application server should
be started with the following values set as Java virtual machine
(JVM) arguments:
-Dhttp.proxyHost=[server host]
-Dhttp.proxyPort=[server port]
Complete the following procedure to start your application server
with HTTP proxy host setting.
From a command
line, edit the run script in the [appserver root]/bin/ directory:
Add the following text to the script file:
Set JAVA_OPTS=%JAVA_OPTS%
-Dhttp.proxyHost=[server host]
-Dhttp.proxyPort=[server port]
Save and close the file.
6.6.3 Setting the Adobe PDF Printer as the default printerYou must set the Adobe PDF Printer to
be the default printer on the server. If the Adobe PDF Printer is
not set as the default, PDF Generator cannot convert files successfully.
For clusters,
you must set Adobe PDF Printer as the default printer on all nodes.
Set the default printerSelect Start > Printers and Faxes.
In the Printers and Faxes window, right-click Adobe PDF and
select Set as Default Printer.
6.6.4 Configuring Acrobat Professional (Windows-based Computers Only)Note: This procedure is required only if you upgraded to or
installed Acrobat after you completed the LiveCycle installation.
Upgrading Acrobat can be completed after you run Configuration Manager
and deploy LiveCycle to the application server. Acrobat Professional
root directory is designated as [Acrobat root]. Typically,
the root directory is C:\Program Files\Adobe\Acrobat 11.0\Acrobat.
Configure Acrobat for use with PDF GeneratorIf an earlier version of Acrobat is installed, uninstall
it by using Add or Remove Programs in the Windows Control Panel.
Install Acrobat XI Pro by running the installer.
Navigate to the additional\scripts folder on the LiveCycle
installation media.
Run the following batch file.
Acrobat_for_PDFG_Configuration.bat [LiveCycle root]/pdfg_config
Note: On
clusters, you must run the command on the cluster node where LiveCycle
is installed.
On other cluster nodes on which you do not run LiveCycle
Configuration Manager,do the following:
Add a new
registry DWORD entry named SplWOW64TimeOut at HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print.
Set its value to 60000.
Copy PDFGen.api from the [LiveCycle root]/plugins/x86_win32
directory on the node where LiveCycle is installed to the [Acrobat root]/plug_ins directory
on the node being currently configured.
Open Acrobat and select Help > Check for updates > Preferences.
Deselect Automatically check for Adobe updates.
Validate the Acrobat installationNavigate to a PDF file on your system and double-click it
to open it in Acrobat. If the PDF file opens successfully, Acrobat
is installed correctly.
If the PDF file does not open correctly, uninstall Acrobat
and reinstall it.
Note: Ensure that you
dismiss all the Acrobat dialog boxes that are displayed after the
Acrobat installation is completed and disable the automatic updates
for Acrobat. Set the Acrobat_PATH environment variable
to point to Acrobat.exe (For example, C:\Program Files\Adobe\Acrobat
11.0\Acrobat\Acrobat.exe).
Configure native application supportInstall and validate Acrobat as described in the previous
procedure.
Set Adobe PDF printer as the default printer.
Add temporary directories to trusted directories list in AcrobatThe OptimizePDF service
uses Adobe Acrobat and mandates that LiveCycle temporary directory
and PDF Generator temporary directory are listed in the trusted
directories list of Acrobat.
If LiveCycle temporary directory
and PDF Generator temporary directory are not listed in the trusted
directories list, the OptimizePDF service fails
to run. Perform the following steps to add directories to the temporary
directory list: Open Acrobat, Choose Edit > Preferences.
From the Categories on the left, select Security (Enhanced),
and then select the Enable Enhanced Security option.
To add LiveCycle temporary directory and PDF Generator temporary
directory to the trusted directories list, click Add Folder Path,
select directories and click OK.
6.6.5 Adding fonts to PDF GeneratorLiveCycle provides a central repository of fonts, which
is accessible to all LiveCycle modules. Make the extra fonts available
to non-LiveCycle applications on the server so that PDF Generator
can use these fonts to create PDF documents that are created with
these applications.
Note: Restart the application server after adding new fonts to
the specified fonts folder.
6.6.5.1 Non-LiveCycle applicationsThe following list contains non-LiveCycle applications
that PDF Generator can use for PDF generation on the server side:
Windows-only ApplicationsMicrosoft
Office Word
Microsoft Office Excel
Microsoft Office PowerPoint
Microsoft Office Project
Microsoft Office Visio
Microsoft Office Publisher
AutoDesk AutoCAD
Corel WordPerfect
Adobe Photoshop CS
Adobe FrameMaker
Adobe PageMaker
Adobe Acrobat Professional
Multiplatform applicationsOpenOffice
Writer
OpenOffice Calc
OpenOffice Draw
OpenOffice Impress
Note: In addition
to these applications, your list may include additional applications that
you added.
Of the above applications, the OpenOffice Suite
(which includes Writer, Calc, Draw, and Impress) is available on
Windows, Solaris, and Linux platforms, whereas other applications
are available on Windows only.
6.6.5.2 Adding new fonts to Windows applications onlyAll the Windows-only applications that are mentioned above
can access all the fonts that are available in the C:\Windows\Fonts
(or equivalent) folder. In addition to C:\Windows\Fonts, each of
these applications may have its own private fonts folders.
Therefore, if you plan to add any custom fonts to the LiveCycle
fonts repository, ensure that the same fonts are available to the
Windows-only applications also by copying these fonts to either
C:\Windows\Fonts or to an equivalent folder.
Your custom fonts must be licensed under an agreement that allows
you to use them with the applications that have access to these
fonts.
6.6.5.3 Adding new fonts to other applicationsIf you added support for PDF creation in other applications,
see the Help for these applications to add new fonts. In Windows,
copying your custom fonts to the C:\Windows\Fonts (or equivalent)
folder should be sufficient.
6.6.6 Configuring HTML to PDF conversionsThe HTML-to-PDF conversion process is designed to use the settings
from Acrobat XI Pro that override the settings from PDF Generator.
Note: This configuration is required to enable the
HTML-to-PDF conversion process, otherwise this conversion type will
fail.
6.6.6.1 Configure the HTML-to-PDF conversion6.6.6.2 Enable support for Unicode fonts in HTML to PDF conversionsImportant: The HTML-to-PDF conversion fails
if a zipped input file contains HTML files with double-byte characters
in filenames. To avoid this problem, do not use double-byte characters
when naming HTML files.
Copy the Unicode font to any of the following directories
as appropriate for your system:
Windows
[Windows root]\Windows\fonts
[Windows root]\WINNT\fonts
UNIX
/usr/lib/X11/fonts/TrueType
/usr/openwin/lib/X11/fonts/TrueType
/usr/share/fonts/default/TrueType
/usr/X11R6/lib/X11/fonts/ttf
/usr/X11R6/lib/X11/fonts/truetype
/usr/X11R6/lib/X11/fonts/TrueType
/usr/X11R6/lib/X11/fonts/TTF
/Users/cfqauser/Library/Fonts
/System/Library/Fonts
/Library/Fonts
/Users/
+ System.getProperty(<user name>, root) + /Library/Fonts
System.getProperty(JAVA_HOME)
+ /lib/fonts
/usr/share/fonts (Solaris)
Note: Ensure that the directory /usr/lib/X11/fonts exists.
If it does not, create a symbolic link from /usr/share/X11/fonts
to /usr/lib/X11/fonts using the ln command.
Modify the font-name mapping in the cffont.properties file
located in the [LiveCycle root]/deploy/adobe-generatepdf-dsc.jar
file:
Extract this archive, and locate the cffont.properties
file and open it in an editor.
In the comma-separated list of Java font names, add a map
to your Unicode system font for each font type. In the example below,
kochi mincho is the name of your Unicode system font.
dialog=Arial, Helvetica, kochi mincho
dialog.bold=Arial Bold, Helvetica-Bold, kochi mincho ...
Save and close the properties file, and then repackage and
redeploy the adobe-generatepdf-dsc.jar file.
Note: On a Japanese operating system, specify the font
mapping in the cffont.properties.ja file as well, which takes precedence
over the standard cffont.properties file.
Fonts
in the list are searched from left to right, using the first font
found. HTML-to-PDF conversion logs return a list of all the font
names that are found in the system. To determine the font name you
need to map, add the font to one of the directories above, restart
the server, and run a conversion. You can determine from the log
files the font name to use for mapping. To embed the font
in the generated PDF files, set the embedFonts property in
the cffont.properties file to true (the default
is false).
6.6.7 Modify Microsoft Visio default macro settingsWhen a Microsoft Visio file containing macros is submitted
for conversion, the resultant Microsoft Office Visio Security Notice
dialog causes the conversion to time out. To successfully convert
files that contain macros, the default macro settings in Visio must
be changed.
In Visio, click Tools > Trust Center > Macro Settings and
select either of the following options and then click OK:
6.6.8 Installing the Network Printer ClientPDF Generator includes an executable file to install the PDF
Generator network printer on a client computer. After the installation
is complete, a PDF Generator printer is added to the list of existing
printers on the client computer. This printer can then be used to
send documents for conversion to PDF.
Note: The Network Printer Client installation wizard available in
the Administration Console is supported only on Windows operating
system. Ensure that you use a 32-bit JVM to launch the Network Printer
Client installation wizard. You will encounter an error if you use
a 64-bit JVM.
If the PDFG Network Printer fails to install on Windows or if
you want to install the printer on UNIX or Linux platforms, use
the operating system’s native Add Printer utility and configure
it as described in 6.6.8.2 Configure PDFG Network Printer on Windows using the native Add Printer wizard
6.6.8.1 Install the PDF Generator Network Printer ClientNote: Before installing the PDF Generator network printer
client on Windows Server 2008, Ensure that you have the Internet
Printing Client feature installed on your Windows Server 2008. For
installing the feature, see Windows Server 2008 Help.
Ensure that you successfully installed PDF Generator
on your server.
Do one of the following:
From a Windows client
computer, enter the following URL in your web browser, where [host] is
the name of the server where you installed PDF Generator and [port] is
the application server port used: http://[host]:[port]/pdfg-ipp/install
In Administration Console, click Home > Services > PDF Generator > PDFG Network Printer.
In the PDFG Network Printer Installation section, click Click here to
launch the PDFG Network Printer Installation.
On the Configure Internet Port screen, select Use the specified user account option,
and provide the credentials of a LiveCycle user who has the PDFG Administrator/User
role. This user must also have an email address that can be used
to receive the converted files. To have this security setting apply
to all users on the client computer, select Use the same security options for all users,
and then click OK. Note: If the user’s password changes, then
users will need to reinstall the PDFG Network Printer on their computers.
You cannot update the password from Administration Console.
Upon
successful installation, a dialog box appears, indicating that “The
Printer Adobe LiveCycle PDF Generator 11 has been successfully installed.”
Click OK. You will now have a printer named Adobe LiveCycle PDF Generator 11in
your list of available printers.
6.6.8.2 Configure PDFG Network Printer on Windows using the native Add Printer wizardClick Start > Printers and Faxes and
double-click Add Printer.
Click Next, select A network printer, or a printer attached to another computer,
and then click Next.
Select Connect to a printer on the internet or on a home or office network and
type the following URL for the PDFG printer, where [host] is
the server name and [port] is the port number where the server
is running: http://[host]:[port]/pdfg-ipp/printer
On the Configure Internet Port screen, select Use the specified user account and
provide valid User credentials.
In the Printer Driver Select box, choose any standard
PostScript-based printer driver (for example, HP Color LaserJet
PS).
Complete the installation by choosing appropriate options
(for example, setting this printer as default).
Note: The
user credentials used while adding the printer must have a valid
email ID configured in User Management to receive the response.
Configure the email service’s sendmail service. Provide a
valid SMTP server and authentication information in the service’s
configuration options.
6.6.8.3 Install and configure the PDF Generator Network Printer Client using Proxy server port forwardingConfigure port forwarding on the CC Proxy server
on a particular port to the LiveCycle Server, and disable the authentication
at proxy server level (because LiveCycle uses its own authentication).
If a client connects to this Proxy server on the forwarded port,
then all the requests will be forwarded to the LiveCycle Server.
Install PDFG Network Printer using the following URL:
http://[proxy server]:[forwarded port]/pdfg-ipp/install.
Provide the necessary credentials for authentication of the
PDFG Network Printer.
The PDFG Network Printer will be installed on the client
machine which you can use for PDF conversion using the firewall
protected LiveCycle Server.
6.6.9 Changing File Block SettingsChange Microsoft Office trust center settings to enable
PDFG to convert older versions of Microsoft office documents.
Click the File tab in any Office 2010 application.
Under Help, click Options; the Options dialog box
appears
Click Trust Center, and then click Trust Center Settings.
In the Trust Center settings, click File Block Settings.
In the File Type list, uncheck open for the file type that
you want to be converted by PDFG.
6.6.10 Watched folder performance parametersTo avoid java.io.IOException error
messages indicating that not enough disk space is available to perform
PDF conversions by using a watched folder, you can modify the settings
for PDF Generator in Administration Console.
Set performance parameters for PDF GeneratorLog in to Administration Console and click Services > Applications and Services > Service Management.
In the list of services, navigate to and click PDFGConfigService,
and then set the following values:
PDFG Cleanup Scan Seconds:
1800
Job Expiration Seconds: 6000
Server Conversion Timeout: Change the default of 270
to a higher value, such as 450.
Click Save and restart the server.
6.6.11 Enable PDF Conversion for Microsoft Word document containing protected fieldsThe PDF Generator supports Microsoft Word documents containing
protected fields. To enable PDF Conversion for Microsoft Word document
containing protected fields, change the file type settings:
In the Administration Console, navigate to Services > PDF Generator > File Type Settings,
and open your file type settings profile.
Expand the Microsoft Word option and select the Preserve document markup in Adobe PDF (for Microsoft Office 2003 or later) option.
Click Save As, specify name of the file type setting,
and click OK.
6.7 Final setup for Rights ManagementRights Management requires the application server to be
configured to use SSL. (See Administration Help.)
6.8 Configuring LDAP access6.8.1 Configure User Management (Local Domain)Open a web browser, navigate to http://[host]:[port]/adminui,
and log in. (See 6.1.5.1 Accessing LiveCycle Administration Console .)
Click Settings > User Management > Domain Management,
and then click New Local Domain.
In the appropriate boxes, enter the domain ID and name. (See
“Adding local domains” in Administration help.)
(Optional) Disable account locking by deselecting the Enable Account Locking option.
Click OK.
6.8.2 Configure User Management with LDAP (Enterprise Domain)Open a web browser, navigate to http://[host]:[port]/adminui
and log in. (See 6.1.5.1 Accessing LiveCycle Administration Console.)
Click Settings > User Management > Domain Management,
and then click New Enterprise Domain.
In the ID box, type a unique identifier for the domain
and, in the Name box, type a descriptive name for the domain.
Note: When
using MySQL for your LiveCycle database, use only single-byte (ASCII)
characters for the ID. (See “Adding enterprise domains” in Administration Help .)
Click Add Authentication and, in the Authentication Provider list,
select LDAP.
Click OK.
Click Add Directory and, in the Profile Name box,
type a name for your LDAP profile.
Click Next.
Specify values in the Server, Port, SSL,
and Binding boxes, and in the Populate Page with box,
select a directory settings option such as Default Sun ONE values.
Also, specify values in the Name and Password box
that would be used to connect to the LDAP database when anonymous
access is not enabled. (See “Directory settings” in Administration Help.)
(Optional) Test your configuration:
Click Next and configure the User Settings as
required. (See “Directory settings” in Administration Help.)
(Optional) Test your configuration:
Click Test.
In the Search Filter box, verify the search filter or specify
a new search filter, and then click Submit. The screen displays
a list of entries that match the search criteria.
Click Close to return to the User Settings screen.
Click Next configure the Group Settings as
required. (See “Directory settings” in Administration Help.)
(Optional) Test your configuration:
Click Test.
In the Search Filter box, verify the search filter or specify
a new search filter, and then click Submit. The screen displays
a list of entries that match the search criteria.
Click Close to return to the Group Settings screen.
Click Finish to exit the New Directory page and then
click OK to exit.
6.9 Enabling FIPS modeLiveCycle provides a FIPS mode to restrict data protection to
Federal Information Processing Standard (FIPS) 140-2 approved algorithms
using the RSA BSAFE Crypto-C 2.1 encryption module.
If you did not enable this option by using Configuration Manager
during LiveCycle configuration or if you enable it but want to turn
it off, you can change this setting through Administration Console.
Modifying FIPS mode requires you to restart the server.
FIPS mode does not support Acrobat versions earlier than 7.0.
If FIPS mode is enabled and the Encrypt With Password and Remove
Password processes include the Acrobat 5 setting, the process fails.
In general, when FIPS is enabled, the Assembler service does
not apply password encryption to any document. If this is attempted,
a FIPSModeException is thrown, indicating that
“Password encryption is not permitted in FIPS mode.” Additionally,
the PDFsFromBookmarks element is not supported
in FIPS mode when the base document is password-encrypted.
Turn FIPS mode on or offLog in
to Administration Console.
Click Settings > Core System Settings > Configurations.
Select Enable FIPS to enable FIPS mode or deselect
it to disable FIPS mode.
Click OK and restart the application server.
Note: LiveCycle software does not validate code to ensure
FIPS compatibility. It provides a FIPS operation mode so that FIPS-approved
algorithms are used for cryptographic services from the FIPS-approved
libraries (RSA).
6.10 Configuring HTML digital signatureTo use the HTML digital signature feature of Forms, complete
the following procedure.
Manually deploy the [LiveCycle root]/deploy/adobe-forms-ds.ear
file to your application server.
Log in to Administration Console and click Services > LiveCycle Forms ES4.
Select HTML Digital Signature Enabled and then click Save.
6.11 Configuring Connector for EMC DocumentumNote: LiveCycle supports EMC Documentum, versions
6.0, 6.5, 6.7 SP1, and 7.0 and minor updates only. Make sure your
ECM is upgraded accordingly.
Note: Ensure that installing
client for the connectors, copying of JAR's file and configuration
changes tasks are performed on all the nodes of the cluster.
If you installed Connector for EMC Documentum as part of your
LiveCycle, complete the following procedure to configure the service
to connect to the Documentum repository.
Configure Connector for EMC DocumentumLocate
the adobe-component-ext.properties file in the [appserver root]/bin folder
(if the file does not exist, create it).
Add a new system property that provides the following Documentum Foundation
Classes JAR files:
The new system
property should take on this form:
[component id].ext=[JAR files and/or folders]
For
example, using default Content Server and Documentum Foundation Classes
installations, add to the file one of the following system properties
on a new line, with no line breaks, and end the line with a carriage
return:
Connector
for EMC Documentum 6.0 only:
com.adobe.livecycle.ConnectorforEMCDocumentum.ext=
C:/Program Files/Documentum/Shared/dfc.jar,
C:/Program Files/Documentum/Shared/aspectjrt.jar,
Connector for EMC Documentum 6.5 only: com.adobe.livecycle.ConnectorforEMCDocumentum.ext=
C:/Program Files/Documentum/Shared/dfc.jar,
C:/ProgramFiles/Documentum/Shared/aspectjrt.jar,
C:/Program Files/Documentum/Shared/log4j.jar,
C:/Program Files/Documentum/Shared/jaxb-api.jar,
C:/Program Files/Documentum/Shared/configservice-impl.jar,
C:/Program Files/Documentum/Shared/configservice-api.jar
Note: The above text contains formatting characters
for line breaks. If you copy and paste this text, you must remove
the formatting characters.
Connector
for EMC Documentum 6.7 SP1 and 7.0 only: com.adobe.livecycle.ConnectorforEMCDocumentum.ext=
C:/Program Files/Documentum/Shared/dfc.jar,
C:/ProgramFiles/Documentum/Shared/aspectjrt.jar,
C:/Program Files/Documentum/Shared/log4j.jar,
C:/Program Files/Documentum/Shared/jaxb-api.jar,
C:/Program Files/Documentum/Shared/configservice-impl.jar,
C:/Program Files/Documentum/Shared/configservice-api.jar
C:/Program Files/Documentum/Shared/commons-codec-1.3.jar
C:/Program Files/Documentum/Shared/commons-lang-2.4.jar
Note: The above text contains formatting characters
for line breaks. If you copy and paste this text, you must remove
the formatting characters.
Repeat
previous steps on each application server instance of the cluster.
Open a web browser and enter this URL:
http://[host]:[port]/adminui
Log in using the default user name and password:
User name:
administrator
Password: password
Navigate to Services > LiveCycle 11 Connector for EMC Documentum > Configuration Settings and
perform these tasks:
Type all the required Documentum
repository information.
To use Documentum as your repository provider, under Repository
Service Provider Information, select EMC Documentum Repository Provider,
and then click Save. For more information, click the Help
link in the upper-right corner of the page in the Administration Help.
(Optional) Navigate to Services > LiveCycle 11 Connector for EMC Documentum > Repository Credentials Settings,
click Add, specify the Docbase information, and then click Save.
(For more information, click Help in the upper-right corner.)
If the application server is not currently running, start
the server. Otherwise, stop and then restart the server.
Open a web browser and enter this URL.
http://[host]:[port]/adminui
Log in using the default user name and password:
User name:
administrator
Password: password
Navigate to Services > Applications and Services > Service Management and
select these services:
EMCDocumentumAuthProviderService
EMCDocumentumContentRepositoryConnector
EMCDocumentumRepositoryProvider
Click Start. If any of the services do not start correctly,
check the settings you completed earlier.
Do one of the following tasks:
To use the Documentum
Authorization service (EMCDocumentumAuthProviderService) to display
content from a Documentum repository in the Resources view of Workbench,
continue with this procedure. Using the Documentum Authorization
service overrides the default LiveCycle authorization and must be
configured to log in to Workbench using Documentum credentials.
To use the LiveCycle repository, log in to Workbench by using
the LiveCycle super administrator credentials (by default, administrator and password).
You
have now completed the required steps for this procedure. Use the credentials
provided in step 19 for accessing the default repository in this
case and use the default LiveCycle authorization service.
Restart the application server.
Log in to Administration Console and click Settings > User Management > Domain Management.
Click New Enterprise Domain, and type a domain ID
and name. The domain ID is the unique identifier for the domain.
The name is a descriptive name for the domain.
Note: When
using MySQL for your LiveCycle database, use only single-byte (ASCII)
characters for the ID. (See “Adding enterprise domains” in LiveCycle
Administration Help.)
Add a custom authentication provider:
Click Add Authentication.
In the Authentication Provider list, select Custom.
Select EMCDocumentumAuthProvider and then click OK.
Add an LDAP authentication provider:
Click Add Authentication.
In the Authentication Provider list, select LDAP,
and then click OK.
Add an LDAP directory:
Click Add Directory.
In the Profile Name box, type a unique name, and then click Next.
Specify values for the Server, Port, SSL, Binding,
and Populate page with options. If you select User for the
Binding option, you must also specify values for the Name and Password fields.
(Optional) Select Retrieve Base DN to retrieve base
domain names, as required.
Click Next, configure the user settings, click Next,
configure group settings, as required, and then click Next.
For
details about the settings, click User Management Help in
the upper-right corner of the page.
Click OK to exit the Add Directory page and then click
OK again.
Select the new enterprise domain and click Sync Now.
Depending on the number of users and groups in your LDAP network
and the speed on your connection, the synchronization process may
take several minutes.
(Optional) To verify the status of the
synchronization, click Refresh and view the status in the
Current Sync State column.
Navigate to Settings > User Management > Users and Groups.
Search for users that were synchronized from LDAP and perform
these tasks:
Select one or more users and click Assign Role.
Select one or more LiveCycle roles and click OK.
Click OK a second time to confirm the role assignment.
Repeat
this step for all users that you assign roles to. For more information, click User Management Help in
the upper-right corner of the page.
Start Workbench and log in by using the credentials for the
Documentum repository:
Username: [username]@[repository_name]
Password:
[password]
After you log in, the Documentum repository
appears in the Resources view within Workbench. If you do not log
in using the username@repository_name, Workbench attempts
to log in to the default repository.
(Optional) To install the LiveCycle Samples for Connector
for EMC Documentum, create a Documentum repository named Samples,
and then install the samples in that repository.
After
you configure the Connector for EMC Documentum service, see LiveCycle Administration Help for
information about configuring Workbench with your Documentum repository.
6.11.1 Creating the XDP MIME format in a Documentum repositoryBefore users can store and retrieve XDP files from a Documentum
repository, you must do one of these tasks:
Create a corresponding XDP format in each repository
where users will access XDP files.
Configure the Connector for EMC Documentum service to use
a Documentum Administrator account when accessing the Documentum
repository. In this case, the Connector for EMC Documentum service
uses the XDP format whenever it is required.
Create the XDP format on Documentum Content Server using Documentum AdministratorLog in to Documentum
Administrator.
Click Formats and then select File > New > Format.
Type the following information in the corresponding fields:
Name:xdp
Default File Extension:xdp
Mime Type: application/xdp
Repeat steps 1 to 3 for all other Documentum repositories
where users will store XDP files.
Configure the Connector for EMC Documentum service to use a Documentum AdministratorOpen a web browser
and enter this URL:
http://[host]:[port]/adminui
Log in using the default user name and password:
User name:
administrator
Password: password
Click Services > LiveCycle 11 Connector for EMC Documentum > Configuration Settings.
Under Documentum Principal Credentials Information, update
the following information and then click Save:
User Name: [Documentum Administrator user name]
Password: [Documentum Administrator password]
Click Repository Credentials Settings, select a repository
from the list or, if none exist, click Add.
Provide the appropriate information in the corresponding
fields and then click Save:
Repository Name: [Repository Name]
Repository Credentials User Name:[Documentum Administrator user name]
Repository Credentials Password:[Documentum Administrator password]
Repeat steps 5 and 6 for all repositories where users will
store XDP files.
6.11.2 Add support for multiple connection brokersLiveCycle Configuration Manager supports configuring only
one connection broker. Use LiveCycle Administrator Console to add
support for multiple connection brokers:
Open LiveCycle Administrator Console.
Navigate to Home > Services > LiveCycle 11 Connector
for EMC Documentum > Configuration Settings.
In the Connection broker Host Name or IP Address, enter
comma seperated list of hostnames of different connection brokers.
For example, host1, host2, host3.
In the Port Number of Connection broker, enter comma
seperated list of the ports of corresponding connection brokers.
For example, 1489, 1491, 1489.
Click Save.
6.12 Configuring the Connector for IBM Content ManagerNote: AEM forms supports IBM Content Manager.
See the Supported Platform Combinations document
and make sure your ECM is upgraded to the supported version.
Note: Ensure that installing
client for the connectors, copying of JAR's file and configuration
changes tasks are performed on all the nodes of the cluster.
If you installed the Connector for IBM Content Manager as part
of your LiveCycle, complete the following procedure to configure
the service to connect to the IBM Content Manager datastore.
Configure Connector for IBM Content ManagerLocate
the adobe-component-ext.properties file in the [appserver root]/bin folder.
If the file does not exist, create it.
Add a new system property that provides the location of the
following IBM II4C JAR files:
cmb81.jar
cmbcm81.jar
cmbicm81.jar
cmblog4j81.jar
cmbsdk81.jar
cmbutil81.jar
cmbutilicm81.jar
cmbview81.jar
cmbwas81.jar
cmbwcm81.jar
cmgmt
Note: cmgmt is not a JAR
file. On Windows, by default, this folder is at C:/Program Files/IBM/db2cmv8/.
common.jar
db2jcc.jar
db2jcc_license_cisuz.jar
db2jcc_license_cu.jar
ecore.jar
ibmjgssprovider.jar
ibmjsseprovider2.jar
ibmpkcs.jar
icmrm81.jar
jcache.jar
log4j-1.2.8.jar
xerces.jar
xml.jar
xsd.jar
The new system property looks similar
to the following:
[component id].ext=[JAR files and/or folders]
For
example, using a default DB2 Universal Database Client and II4C
installation, in the file, add the following system property on
a new line, with no line breaks, and end the line with a carriage
return:
C:/Program Files/IBM/db2cmv8/cmgmt,
C:/Program Files/IBM/db2cmv8/java/jre/lib/ibmjsseprovider2.jar,
C:/Program Files/IBM/db2cmv8/java/jre/lib/ibmjgssprovider.jar,
C:/Program Files/IBM/db2cmv8/java/jre/lib/ibmpkcs.jar,
C:/Program Files/IBM/db2cmv8/java/jre/lib/xml.jar,
C:/Program Files/IBM/db2cmv8/lib/cmbview81.jar,
C:/Program Files/IBM/db2cmv8/lib/cmb81.jar,
C:/Program Files/IBM/db2cmv8/lib/cmbcm81.jar,
C:/Program Files/IBM/db2cmv8/lib/xsd.jar,
C:/Program Files/IBM/db2cmv8/lib/common.jar,
C:/Program Files/IBM/db2cmv8/lib/ecore.jar,
C:/Program Files/IBM/db2cmv8/lib/cmbicm81.jar,
C:/Program Files/IBM/db2cmv8/lib/cmbwcm81.jar,
C:/Program Files/IBM/db2cmv8/lib/jcache.jar,
C:/Program Files/IBM/db2cmv8/lib/cmbutil81.jar,
C:/Program Files/IBM/db2cmv8/lib/cmbutilicm81.jar,
C:/Program Files/IBM/db2cmv8/lib/icmrm81.jar,
C:/Program Files/IBM/db2cmv8/lib/db2jcc.jar,
C:/Program Files/IBM/db2cmv8/lib/db2jcc_license_cu.jar,
C:/Program Files/IBM/db2cmv8/lib/db2jcc_license_cisuz.jar,
C:/Program Files/IBM/db2cmv8/lib/xerces.jar,
C:/Program Files/IBM/db2cmv8/lib/cmblog4j81.jar,
C:/Program Files/IBM/db2cmv8/lib/log4j-1.2.8.jar,
C:/Program Files/IBM/db2cmv8/lib/cmbsdk81.jar,
C:/Program Files/IBM/db2cmv8/lib/cmbwas81.jar
If the application server is not currently running, start
the server; otherwise, stop and then restart the server.
You
can now connect to the IBM Content Manager datastore from the IBMCMConnectorService
Property Sheets by using the Use User Credentials as the login mode.
You
have now completed the required steps for this procedure.
(Optional)
If you want to connect to IBM Content Manager datastore from IBMCMConnectorService
Property Sheets by using the Use Credentials From Process Context
as the login mode, complete the following procedure.
Connect using Use Credentials from process context login modeOpen a web browser and enter this URL:
http://[host]:[port]/adminui
Log in using the super administrator credentials. Default
values set during installation are:
User name:administrator
Password:password
Click Services > LiveCycle 11 Connector for IBM Content Manager
Type all of the required repository information and click Save.
For more information about the IBM Content Manager repository information,
click the Help link in the upper-right corner of the page.
Do one of these tasks:
To use the IBM Content
Manager Authorization service IBMCMAuthProvider to use content from
an IBM Content Manager datastore, in the Processes view of Workbench,
continue with this procedure. Using the IBM Content Manager Authorization
service overrides the default LiveCycle authorization and must be
configured to log in to Workbench by using IBM Content Manager credentials.
To use the System Credentials provided in step 4 to use content
from an IBM Content Manager datastore, in the Processes view of
Workbench, log in to Workbench by using the LiveCycle super administrator
credentials (by default, administrator and password).
You have now completed the required steps for this procedure. The
System Credentials that are provided in step 4 use the default LiveCycle
authorization service for accessing the default repository in this
case.
Log in to the Administration Console, and click Settings > User Management > Domain Management.
Click New Enterprise Domain and type a domain ID and
name. The domain ID is the unique identifier for the domain. The
name is a descriptive name for the domain.
Note: When
using MySQL for your LiveCycle database, use only single-byte (ASCII)
characters for the ID. (See Adding enterprise domains in Administration Help.)
Add a custom authentication provider:
Click Add Authentication.
In the Authentication Provider list, select Custom,
and then select IBMCMAuthProviderService and click OK.
Add an LDAP authentication provider:
Add an LDAP directory:
Click Add Directory.
In the Profile Name box, type a unique name, and then
click Next.
Specify values for the Server, Port, SSL, Binding,
and Populate page with options. If you select User for
the Binding option, you must also specify values for the Name and Password fields.
(Optional) Select Retrieve Base DN to retrieve base domain
names, as required. When finished, click Next.
Configure the user settings, click Next, configure
group settings as required, and then click Next.
For
details about the above settings, click the Help link in
the upper-right corner of the page.
Click OK to exit the Add Directory page and click OK again.
Select the new enterprise domain and click Sync Now.
Depending on the number of users and groups in your LDAP network
and the speed on your connection, the synchronization process may
take several minutes.
To verify the status of the synchronization, click Refresh and
view the status in the Current Sync State column.
Navigate to Settings > User Management > Users and Groups.
Search for users that were synchronized from LDAP and do
these tasks:
Select one or more users and click Assign Role.
Select one or more LiveCycle roles and click OK.
Click OK a second time to confirm the role assignment.
Repeat
this step for all users that you want to assign roles to. For more
information, click the Help link in the upper-right corner
of the page.
Start Workbench and log in using the following credentials
for IBM Content Manager datastore:
Username:[username]@[repository_name]
Password: [password]
The
IBM Content Manager datastore can now be used in the Processes view within
Workbench when the login mode for IBMCMConnectorService orchestrable
components is selected as Use Credentials from process context.
6.13 Configuring the Connector for IBM FileNetLiveCycle
supports IBM FileNet, versions 4.0, 4.5, 5.0, and 5.2 only. Make
sure your ECM is upgraded accordingly.
Note: LiveCycle supports FileNet 5.2 Content Engine; FileNet 5.2
Process Engine is not supported. Moreover, the LiveCycle Configuration
Manager (LCM) does not support/configure FileNet 5.2, perform manual
configuration for FileNet 5.2.
If you installed Connector for IBM FileNet as part of your LiveCycle,
you must configure the service to connect to the FileNet object
store.
Note: Ensure that installing
client for the connectors, copying of JAR's file and configuration
changes tasks are performed on all the nodes of the cluster.
Complete
the following procedure to configure Connector for IBM FileNet.
Configure Connector for IBM FileNet using FileNet 4.x or FileNet 5.x and CEWS transport
Open
the application server run file in a text editor. The run file is
as follows:
(Only for FileNet 4.x)Add
the location of the FileNet Configuration files as a Java option
to the application server start command, and then save the file.
Note: If JBoss is running as a service, add the Java
option in the registry where other JVM arguments are defined.
-Dwasp.location= <configuration files location>
For
example, using a default FileNet Application Engine installation
on a Windows operating system, add this Java option:
-Dwasp.location=C:/Progra~1/FileNet/AE/CE_API/wsi
If
your deployment uses the Process Engine Connector service, copy
the file [appserver root]\client\logkit.jar to the following
directory:
(Manually-configured JBoss, cluster) [appserver root]/server/all/lib
(Manually-configured JBoss, single server) [appserver root]/server/standard/lib
(Adobe-preconfigured JBoss, cluster)[appserver root]/server/lc_<db-name>_cl/lib
(Adobe-preconfigured JBoss, single server)[appserver root]/server/lc_<db-name>/lib
Locate
the adobe-component-ext.properties file in the [appserver root]/bin folder
(if the file does not exist, create it).
Add a new system property that provides the location of these
FileNet Application Engine JAR files:
For Filenet 4.x add
following JAR files.
For
FileNet 5.x add following JAR files
Jace.jar
javaapi.jar
log4j.jar
pe.jar
stax-api.jar
xlxpScanner.jar
xlxpScannerUtils.jar
Note: Add
the pe.jar file only if your deployment uses the IBMFileNetProcessEngineConnector
service. The new system property should reflect this structure:
[component id].ext=[JAR files and/or folders]
For example, using a default FileNet
Application Engine installation on a Windows operating system, add
the following system property on a new line with no line breaks
and end the line with a carriage return:
Note: The
following text contains formatting characters for line breaks. If
you copy this text to a location outside this document, remove the
formatting characters when you paste it to the new location.
com.adobe.livecycle.ConnectorforIBMFileNet.ext=
C:/Program Files/FileNet/AE/CE_API/lib2/javaapi.jar,
C:/Program Files/FileNet/AE/CE_API/lib2/log4j-1.2.13.jar
(FileNet Process Engine Connector only) Configure the connection
properties for the process engine as follows:
Using
a text editor, create a file with the following content as a single
line and end the line with a carriage return:
(FileNet 4.x
and 5.0 only)
RemoteServerUrl = cemp:http://[contentserver_IP]:[contentengine_port]/wsi/FNCEWS40DIME/
(FileNet
5.2 only)
RemoteServerUrl = cemp:http://[contentserver_IP]:[contentengine_port]/wsi/FNCEWS40MTOM/
Save the file as WcmApiConfig.properties in a separate folder,
and add the location of the folder that contains the WcmApiConfig.properties
file to the adobe-component-ext.properties file.
For example,
if you save the file as c:/pe_config/WcmApiConfig.properties, add
the path c:/pe_config to the adobe-component-ext.properties file.
Note: The filename is case-sensitive.
Locate
the login-config.xml file in the following folder and add
the following application policy as a child of the <policy>
node:
(Manually-configured JBoss, single server)[appserver root]/server/standard/conf
(Manually-configured JBoss, cluster)[appserver root]/server/all/conf
(Adobe-preconfigured JBoss, single server)[appserver root]/server/lc_<dbname>/conf
(Adobe-preconfigured JBoss, cluster)[appserver root]/server/lc_<dbname>_cl/conf <application-policy name = "FileNetP8WSI">
<authentication>
<login-module code = "com.filenet.api.util.WSILoginModule" flag =
"required" />
</authentication>
</application-policy>
(FileNet
Process Engine Connector only) If your deployment uses the process engine,
add the following node to the login-config file:
<application-policy name = "FileNetP8">
<authentication>
<login-module code = "com.filenet.api.util.WSILoginModule" flag =
"required" />
</authentication>
</application-policy>
If the application server is not currently running, start
the server. Otherwise, stop and then restart the server.
If
JBoss runs as a service, start (or restart) the JBoss for Adobe
LiveCycle ES4 Service.
(Cluster only)
Repeat all previous steps on each instance on the cluster.
Open a web browser and enter this URL:
http://[host]:[port]/adminui
Log in using the default user name and password:
User name:
administrator
Password: password
Click Services > LiveCycle 11 Connector for IBM FileNet.
Provide the Content Engine URL. For example, cemp:http://ContentEngineHostNameorIP:port/wsi/FNCEWS40MTOM?jaasConfigurationName=FileNetP8WSI
Provide all of the required FileNet repository information
and, under Repository Service Provider Information, select IBM FileNet Repository Provider.
If
your deployment uses the optional process engine service, under
Process Engine Settings, select Use Process Engine Connector Service and
specify the process engine settings. For more information, click
the Help link in the upper-right corner of the page.
Note: The credentials that you provide in this step
are validated later when you start the IBM FileNet repository services.
If the credentials are not valid, an error is thrown and the services
will not start.
Click Save and navigate to Services > Applications and Services > Service Management.
Select
the check box next to each of these services and then click Start:
IBMFileNetAuthProviderService
IBMFileNetContentRepositoryConnector
IBMFileNetRepositoryProvider
IBMFileNetProcessEngineConnector (if configured)
If
any of the services do not start correctly, verify the Process Engine
settings.
Do one of the following tasks:
To use the FileNet
Authorization service (IBMFileNetAuthProviderService) to display
content from a FileNet object store in the Resources view of Workbench,
continue with this procedure. Using the FileNet Authorization service
overrides the default LiveCycle authorization and must be configured
to log in to Workbench by using FileNet credentials.
To use the LiveCycle repository, log in to Workbench by using
the LiveCycle super administrator credentials (by default, administrator and password). The
credentials provided in step 16 use the default LiveCycle authorization service
for accessing the default repository in this case.
Restart your application server.
Log in to Administration Console and click Settings > User Management > Domain Management.
Click New Enterprise Domain and then type a domain
ID and name. The domain ID is the unique identifier for the domain.
The name is a descriptive name for the domain.
When using MySQL for your
LiveCycle database, use only single-byte (ASCII) characters for
the ID. (See “Adding enterprise domains” in LiveCycle Administration Help
Add a custom authentication provider:
Click Add Authentication.
In the Authentication Provider list, select Custom.
Select IBMFileNetAuthProviderService and then click OK.
Add an LDAP authentication provider:
Add an LDAP directory:
Click Add Directory and,
in the Profile Name box, type a unique name, and then click Next.
Specify values for the Server, Port, SSL, Binding,
and Populate page with options. If you select User for
the Binding option, you must also specify values for the Name and Password fields.
(Optional) Select Retrieve Base DN to retrieve base
domain names, as required. When finished, click Next.
Configure the user settings, click Next, configure
group settings as required, and then click Next.
For
details about the settings, click Help link in the
upper-right corner of the page.
Click OK to exit the Add Directory page, and then
click OK again.
Select the new enterprise domain and click Sync Now.
Depending on the number of users and groups in your LDAP network
and the speed on your connection, the synchronization process may
take several minutes.
(Optional) To verify the status of the
synchronization, click Refresh and view the status in the Current Sync State column.
Navigate to Settings > User Management > Users and Groups.
Search for users that were synchronized from LDAP and perform
these tasks:
Select one or more users and click Assign Role.
Select one or more LiveCycle roles and click OK.
Click OK a second time to confirm the role assignment.
Repeat
this step for all users you want to assign roles to. For more information, click
the Help link in the upper-right corner of the page.
Start Workbench and log in using the following credentials
for the IBM FileNet repository:
User name:[username]@[repository_name]
Password: [password]
The
FileNet object store should now be visible in the Resources view
within Workbench. If you do not log in using the username@repository name, Workbench
attempts to log in to the default repository specified in step 16.
(Optional) If you intend to install the LiveCycle Samples
for Connector for IBM FileNet, create a FileNet object store named Samples and
install the samples in that object store.
After
you configure Connector for IBM FileNet, it is recommended that
you see LiveCycle Administration Help for information about configuring
Workbench functions properly with your FileNet repository.
6.14 Isolating JBoss ClustersThere are a lot of JBoss services that create multiple
JGroup channels services. These channels should only communicate
with specific channels.
To isolate JGroups clusters from other clusters on the network,
ensure that The channels in the various clusters use different
group names. Use ./run.sh -g QAPartition -b <ipaddress> -c all to
create unique groups.
The channels in the various clusters use different multicast
addresses. Use /run.sh -u <UDP group Ip address> -g QAPartition -b <ipaddress> -c all to
control the multicast address.
The channels in each cluster use different multicast ports.
Use /run.sh -u <UDP group Ip address> -g QAPartition -b <ipaddress> -c all \\-Djboss.jgroups.udp.mcast_port=12345 -Djboss.messaging.datachanneludpport=23456 to
control the muticast sockets.
See, Isolating JGroups Channels
in jbossclustering guide at http://docs.jboss.org/ for detailed
information to isolate JBoss Clusters
6.15 (Optional)Enable JMX console securityIn the default setup of LiveCycle, JBoss JMX console security
is disabled. To enable the security, follow the steps mentioned
below:
Shut down the application server.
Navigate to the [appserver root]/server/<profile_name>/deploy
directory and open the jmx-invoker-service.xml file in a text editor.
Ensure that the following line is not commented out in the invoke section:
<interceptor code="org.jboss.jmx.connector.invoker.AuthenticationInterceptor" securityDomain="java:/jaas/jmx-console"/>
Save and close the file.
Create a new file, work-manager.properties, at [appserver root]/server/.
Open work-manager.properties file in a text editor and add
following code: adobe.work- manager.jboss.jmx.lookup.java.naming.factory.initial=org.jboss.security.jndi.JndiLo ginInitialContextFactory
adobe.work-manager.jboss.jmx.lookup.java.naming.provider.url=jnp://localhost:1099/
adobe.work-manager.jboss.jmx.lookup.java.naming.security.credentials=<password>
adobe.work-manager.jboss.jmx.lookup.java.naming.security.principal=<username>
adobe.work-manager.jboss.jmx.lookup.java.naming.security.protocol=jmx-console
Note: Ensure
that identical credentials are mentioned in jmx-console-users.properties
file and in work-manager.properties file. The default credentials are
admin/admin.
Save and close the file.
Navigate to the [appserver root]/server/<profile_name>/conf/props
directory and open jmx-console-users.properties file in a text editor.
Ensure that an entry that contains credentials used in the
work-manager.properties file is not commented out.
Save and close the file.
Navigate to [appserver root]/bin and open run.conf.bat
file in a text editor and add following code:
set "JAVA_OPTS=%JAVA_OPTS% -Dadobe.workmanager.properties = <path of the work-manager.properties file>
Save and close the file.
Start the application server.
|
|
|