SailPoint IIQ - Installation Steps

How to Install and Deploy SailPoint IdentityIQ in Local Windows Machine

1] Prerequisite tools checklist:

Use below credential during MySQL database installation setup (At step 2):

MySQL super user access needed for running schema scripts 
UID         root
Password root123
This is same password which you have set during installation of MySQL

Download and install below softwares
  1. Oracle or Open JDK - Version 1.8 (https://www.java.com/en/download   or   https://openjdk.org/projects/jdk8/)
  2. MySQL database - Version 8x (https://dev.mysql.com/downloads/installer/)
  3. Apache Tomcat Server - Version 9x (https://archive.apache.org/dist/tomcat/tomcat-9/v9.0.56/bin/apache-tomcat-9.0.56.zip)
  4. Set JAVA_HOMEJRE_HOME and MY_SQL path in environment variable

2] Deploy Sailpoint war/jars & launch SailPoint IQ application:

Steps to follow for deploying SailPoint jars/wars and Launch SailPoint application:
Need below zip and jars provided by SailPoint team
1 identityiq-8.1.zip
2 identityiq-8.1p1.jar

This is latest version of SailPoint 8x

1] Extract/unzip the identityiq-8.1.zip contents and you will get the "identityiq.war" file which needed in step 3
unzip identityiq-8.1.zip

2] Create new folder as "identityiq" inside tomcat server's webapps\ folder
cd /apache-tomcat-9.0.56/webapps/
mkdir identityiq

3] Copy the below war file and patch(jar) file to tomcat(application server) newly created identityiq folder
identityiq.war
identityiq-8.1p1.jar

4] Navigate to \identityiq folder and run below java command to extract the war contents
jar -xvf identityiq.war

5] Need to generate database schema scripts once above steps gets completed
Navigate to below path and run command as below
cd /apache-tomcat-9.0.56/webapps/identityiq/WEB-INF/bin
./iiq schema

chmod +x iiq

6] Once extraction completed then you can navigate to database folder and cross check scripts for all supported database type
cd /apache-tomcat-9.0.56/webapps/identityiq/WEB-INF/database
create_identityiq_tables.mysql
File to be use for mysql database.
This may varies based on client requirement on which DB they are using 


7] Need to start mysql database instance and enter password set during installation (e.g. root123)
Note:* Make required environment variable entry in user/system variable path as below in Path
"C:\Program Files\MySQL\MySQL Server 8.0\bin"
Check in command prompt as "mysql --version" , should see version details:
mysql Ver 8.0.35 for Win64 on x86_64 (MySQL Community Server - GPL)

mysql -u root -p
root123

8] After successful login you will get mysql prompt similar as like sqlplus is available in oracle database
mysql > show databases;

Show the existing database list . 
Can note down as pre-apply scripts

mysql > source create_identityiq_tables.mysql

It will take some time depends on speed of machine, so please be waited for sometime
Here it will start creating necessary database users, tables and data on new schema require for SailPoint application
mysql > show databases;
Check databases post apply scripts. It should show new schemas for identitymq


Should show two new schema databases as below database:
identityiq
identityiqplugin

mysql > quit;
Come out of mysql prompt.


9] Importing system default objects now
Navigate to below path and run command as below
cd /apache-tomcat-9.0.56/webapps/identityiq/WEB-INF/bin
./iiq console


Note:* This steps is mandatory.
IF user is unable to see menu link option "My Access Request" in IIQ dashboard.

This will open console prompt from where we can import certain xml configuration files.. > forward arrow sign shows that successfully into console
This is contains default system objects
> import init.xml

This is contains life cycle manager related system objects
> import init-lcm.xml
> quit


10] After this you can navigate to path \identitymq and run below command to import jar patch (8.1p1)
cd /apache-tomcat-9.0.56/webapps/identityiq/
jar -xvf identityiq-8.1p1.jar

11] Need to upgrade the database post apply the patch jars, You can see in \database folders new 8.1 related scripts file will get added
cd /apache-tomcat-9.0.56/webapps/identityiq/WEB-INF/database
upgrade_identitymq_tables-8.1p1.mysql
7] Need to start again mysql database instance and enter password set during installation (e.g. root123) to apply upgraded patch scripts
mysql -u root -p
root123

mysql > source upgrade_identitymq_tables-8.1p1.mysql
mysql > quit;


8] Last step to apply the latest 8.1 patch, Go to \bin folder
cd /apache-tomcat-9.0.56/webapps/identityiq/WEB-INF/bin
./iiq patch 8.1p1

After applying patch successfully. You can start the tomcat server to launch SailPoint application
9] Navigate to tomcat \bin folder and start server as below command
cd /apache-tomcat-9.0.56/bin
./catalina.bat run

Allow access default if any prompt come up
If any problem during startup then change the default server port values in server.xml file
On successful start you should see messages as in console




10] Check and see if application is getting launch successfully
You should see SailPoint login page as below
Username spadmin
Password admin






Troubleshooting:

Error stack:
[configBeans.xml]: Invocation of init method failed; nested exception is 
java.iang.RuntimeException: 
Unable to check Identity1Q database version: Cannot create PoolableConnectionFactory 
(Access denied for user 'identityiq'@'localhost' (usi ng password: YES))
org.springframework.beans.factory.BeanCreationException: Error creating bean wit h name "versionChecker' defined in class 
path resource [configBeans.xml]: Invoca tion of init method failed; nested exception is java.lang.RuntimeException:
 Unable to check IdentityIQ database version: Cannot create PoolableConnectionFactory (Access denied for user 
 'identityiq'@'localhost' (using password: YES)) 

Cause:
Unable to run init from iiq console

Solution:
Replace the decoded root password to plain text in iiq.properties
(e.g. root/root123 whatever you have set during installation)

MySQL Root password reset articles:


Debug API Plugin Code - Eclipse/STS

Please follow the instructions below for remote debugging in local IDE environment for plugin code. This will fast track troubleshooting for API development.

Note* - These steps are applicable for Eclipse or STS only. I’ll check in meantime for IJ ide also and let you know.

 

  1. Make sure in Catalina.bat file you have below config present.

 

if not ""%1"" == ""jpda"" goto noJpda

set JPDA=jpda

if not "%JPDA_TRANSPORT%" == "" goto gotJpdaTransport

set JPDA_TRANSPORT=dt_socket

:gotJpdaTransport

if not "%JPDA_ADDRESS%" == "" goto gotJpdaAddress

set JPDA_ADDRESS=localhost:8000

:gotJpdaAddress

if not "%JPDA_SUSPEND%" == "" goto gotJpdaSuspend

set JPDA_SUSPEND=n

:gotJpdaSuspend

if not "%JPDA_OPTS%" == "" goto gotJpdaOpts

set JPDA_OPTS=-agentlib:jdwp=transport=%JPDA_TRANSPORT%,address=%JPDA_ADDRESS%,server=y,suspend=%JPDA_SUSPEND%

:gotJpdaOpts

shift

:noJpda

 

  1. After cross check above entries, Run below command to start tomcat services

\apache-tomcat-9.0.84\bin>catalina.bat jpda start

 

  1. Later open your eclipse or STS IDE and make required debug configuration enabled as below

3.1 In toolbar click on debug configuration

 


3.2 Right click on remote java application menu option and name as test_debug as shown below


Click apply and save debug changes.

  1. Finally put debug breakpoint in your respective API code & Hit the API from postman. You can see debug prompt stopped and can use further.

For sanity check below message should print in Apache Catalina console after successful start-up.

Listening for transport dt_socket at address: 8000

Comments

Post a Comment

Popular posts from this blog

SailPoint IIQ - Create Identity Bulk Operation

How to properly process many IdentityIQ objects in a run rule task Sometimes, all you need is to update many objects in IIQ, for example, you want to change some attribute, let's say, hundreds of thousands of them. Because IIQ uses hibernate, you can't just bring all objects into memory at once, or if you do, you can't let them stay in the object cache. So this code snippet shows how to properly split this task into smaller transaction chunks.  Please notice that the debug's "run rule" feature is subject to the UI timeout for a synchronous request.  So in order to run a long-running task, create a "Run Rule"  task and execute it in background. import sailpoint.api.SailPointContext; import sailpoint.api.SailPointFactory; import sailpoint.object.Identity; import sailpoint.object.QueryOptions; import sailpoint.spring.SpringStarter; import sailpoint.tools.GeneralException; import java.util.Iterator; public class IdentityCreationBulk {     private static ...
Read more

SailPoint IIQ - Database Tables

#User master table, consist of firstname, lastname, email etc. select  * from spt_identity #Entitlement select * from spt_identity_entitlement #Role select * from spt_bundle #Application table details like HR, Finance, PAM application etc. select * from  spt_application # Managed attributes details like type entitlement, group etc. select * from  spt_managed_attribute # Profiles related table select * from  spt_profile select * from  spt_profile_constraints select * from spt_bundle #Request manage access table select * from spt_identity_request_item #Access request table - with completion status, requester, approver etc. select * from  spt_identity_request #WorkItems select * from spt_work_item #Plugin listing table select * from  spt_plugin # Password policies select * from  spt_password_policy #Capabilities select * from  spt_capability select * from  spt_capability_rights select * from  spt_capability_children #Request Detai...
Read more