CR# 6460974 Default Distributed Authentication Application User should not be amadmin (Sun Java System Access Manager 7 2005Q4 Release Notes)

Sun Java System Access Manager 7 2005Q4 Release Notes

Previous: CR# 6463779 Distributed Authentication amProfile_Client log and Access Manager server amProfile_Server log are filled with harmless exceptions
Next: CR# 6460576 No link for the User Service under Filtered Role in console online Help

CR# 6460974 Default Distributed Authentication Application User should not be `amadmin`

If you are deploying a Distributed Authentication UI server, the Distributed Authentication administrator should not be amadmin. The default Distributed Authentication Application User in the Makefile.distAuthUI file is amadmin and subsequently in the AMConfig.properties file after the distAuth.war file is deployed on the client side. The amadmin user has an AppSSOToken that expires after the amadmin session time runs out, which can cause a FATAL ERROR in the amSecurity log file (located by default in the /tmp/distAuth directory).

Workaround. Specify UrlAccessAgent as the Distributed Authentication Application User. For example:

Before deploying the distAuth.war file in the client Web container, change the following parameters in the Makefile.distAuthUI file:

APPLICATION_USERNAME=UrlAccessAgent
APPLICATION_PASSWORD=shared-secret-password or amldapuser-password

After deploying the distAuth.war file in the client Web container, change the following properties in the AMConfig.properties file for each Access Manager server:

com.sun.identity.agents.app.username=UrlAccessAgent
com.iplanet.am.service.password=shared-secret-password or amldapuser-password