5.1 Installing Two Access Manager Servers
Use the following as your checklist for installing the Access Manager servers:
-
Configure the Access Manager infrastructure to work with multiple instances.
-
Back up the Access Manager configuration in Directory Server.
Figure 5–1 Two Access Manager Servers and Load Balancer
You must have a CD image of the Sun Java Enterprise System product mounted on the host computer system where you are installing Access Manger. For information on obtaining and mounting the Sun Java Enterprise System, see 3.2 Downloading and Mounting the Java Enterprise System 2005Q4 Installer in this document.
To Install Access Manager 1
-
As a root user, log into host AccessManager-1.
-
Unzip the two zip files that comprise the Java Enterprise System installer binaries.
-
Start the installer with the -nodisplay option.
# cd /mnt/Solaris_sparc # ./installer -nodisplay
-
When prompted, provide the following information:
Welcome to the Sun Java(TM) Enterprise System; serious software made simple... <Press ENTER to Continue>
Press Enter.
<Press ENTER to display the Software License Agreement>
Press Enter.
<--[40%]--[ENTER To Continue]-- [n To Finish]-->n
Enter n.
Have you read, and do you accept, all of the terms of the preceding Software License Agreement[No] ?
Enter y.
Please enter a comma separated list of languages you would like supported with this installation [8]
Enter 8 for “English only.”
The following component products are detected on this system. They will appear disabled, "* *", in the following Component Selection Main Menu...
Press ENTER to continue.
Enter a comma separated list of products to install, or press R to refresh the list[]:
Enter 3,9,12 to select Web Server, Access Manager, and Message Queue.
The Message Queue packages you install now will be used when you implement session failover later in the deployment.
"Enter" to Continue or Enter a comma separated list of products to deselect... [1]
Enter -20 to deselect Directory Server.
Based on product dependencies for your selections, the installer will install: [X] 3. Sun Java(TM) System Web Server 6.1 SP5 2005Q4 (64.61 MB) [X] 9. Sun Java(TM) System Access Manager 7 2005Q4 (27.80 MB) Press "Enter" to Continue...[1]
Press Enter.
[X] 1. Identity Management and Policy Services Core [X] 2. Access Manager Admiistration Console [X] 3. Common Domain Services for Federation Management [X] 4. Access Manager SDK Enter a comma separated list of components to install (or D to install all )[D]
Enter D.
[X] 1. Identity Management and Policy Services Core [X] 2. Access Manager Admiistration Console [X] 3. Common Domain Services for Federation Management [X] 4. Access Manager SDK Press "Enter" to Continue or Enter a comma separated list of products to deselect... [1]
Press Enter.
Warnings - Product Dependency Checks 1. Install Sun Java(TM) System Directory Server 5 2005Q4 locally 2. Use Sun Java(TM) System Directory Server 5 2005Q4 installed on a remote machine These products can be installed locally or remotely, please choose your option [1]:
Enter 2.
J2SE(TM) Software Development Kit Upgrade Required 1. Automatically update with version on installer disk (recommended) 2. Manually upgrade with downloaded version from Sun web site: http://java.sun. comAfter installation, the link /usr/jdk/entsys-j2se refers to the version of J2SE SDK that is compatible with Java Enterprise System. Enter 1 or 2 [1]:
Enter 1.
The shared components listed below are currently installed. They will be upgraded for compatibility with the products you chose to install... Enter 1 to upgrade these shared components and 2 to cancel [1]
Enter 1.
Enter the name of the target installation directory for each product: Access Manager [/opt] :
Accept the default value.
Web Server[/opt/SUNWwbsvr]:
Accept the default value.
System ready for installation Enter 1 to continue [1]
Accept the default value.
1. Configure Now - Selectively override defaults or express through 2. Configure Later - Manually configure following installation Select Type of Configuration[1]
Enter 1 to configure now.
The following settings apply to all installed component products. Enter Host Name [AccessManager-1]
Accept the default value.
Enter DNS Domain Name [example.com]
Accept the default value.
Enter IP Address [10.5.82.208]
Accept the default value.
Enter Server admin User ID [admin]
Accept the default value.
Enter Admin User's Password (Password cannot be less than 8characters)
For this example, enter web4dmin.
Confirm Admin User's Password []
Enter the same password again.
Enter System User [root]
Accept the default value.
Enter System Group [root]
Accept the default value.
Web Server: Administration Enter Server Admin User ID [admin]
Accept the default value.
Enter Admin User's Password []
For this example, enter web4dmin.
Retype Password []
Enter the same password again.
Enter Host Name [AccessManager-1.example.com]
Accept the default value.
Enter Administration Port [8888]
Accept the default value.
Enter Administration Server User ID [root]
Accept the default value.
Enter System User ID [webservd]
Enter root.
Enter System Group [webservd]
Enter root.
Enter HTTP Port [80]
Enter 1080.
Enter content Root [/opt/SUNWwbsvr/docs]
Accept the default value.
Do you want to automatically start Web Server when system re-starts.(Y/N)[N]
Accept the default value.
Access Manager: Administration Administrator User ID: amAdmin
Accept the default value.
Administrator Password [] :
For this example, enter 4m4dmin1.
Retype Password [] :
Enter the same password again.
LDAP User ID: amldapuser
Accept the default value.
LDAP Password [] :
For this example, enter 4mld4puser.
Much later in the deployment, in a subsequent task, you use this password as the Web Policy Agent “shared secret.”
Retype Password [] :
Enter the same password again.
Password Encryption Key [EWDwdXCHs3CZkYs1CfqxTkQfKtORCFCS]:
Accept the default value and make note of this key string. You will need it when you install Access Manager 2.
Install type (Realm/Legacy) Mode [Legacy] : realm
Enter Realm.
Access Manager: Web Container 1. Sun Java System Application Server 2. Sun Java System Web Server Select the container to deploy the component and hit enter key [2]
Enter 2.
Access Manager: Sun Java System Web Server Host Name [AccessManager-1.example.com] :
Accept the default value.
Web Server Instance Directory [/opt/SUNWwbsvr/https-AccessManager-1.example.com]:
Accept the default value.
Web Server Port [1080] :
Accept the default value.
Document Root Directory [/opt/SUNWwbsvr/docs] :
Accept the default value.
Secure Server Instance Port [No] :
Accept the default value.
Host Name [AccessManager-1.example.com] :
Accept the default value.
Services Deployment URI [amserver] :
Accept the default value.
Common Domain Deployment URI [amcommon] :
Accept the default value.
Cookie Domain (Assure it is not a top level domain) [.example.com] :
Accept the default value.
Password Deployment URI [ampassword] :
Accept the default value.
Access Manager: Directory Server Information Directory Server Host [] :
Enter DirectoryServer-1.example.com.
Directory Server Port [] :
Enter 1389.
This is the port number you entered for the data instance of Directory Server.
Directory Root Suffix [dc=example,dc=com] :
Enter o=example.com
Directory Manager DN [cn=Directory Manager]: <
Accept the default value.
Directory Manager Password [] :
For this example, enter d1rm4n4ger.
Is Directory Server provisioned with user data [No] :
Accept the default value No.
1. Install 2. Start Over 3. Exit Installation What would you like to do [1] ?
First, see the next numbered (Optional) step.
When you're ready to install, enter 1 to start the installation.
-
(Optional) During installation, you can monitor the log to watch for installation errors. Example:
# cd /var/sadm/install/logs
# tail —f Java_Enterprise_System_install.B xxxxxx
-
Upon successful installation, enter ! to exit.
-
Start the Access Manager Web Server.
# cd /opt/SUNWwbsvr/https-AccessManager-1.example.com
# ./stop; # ./start
-
Verify that Access Manager has been installed successfully.
-
Go to the Access Manager login URL:
http://AccessManager-1.example.com:1080/amserver/console
-
Log in to the Access Manager console using the following information:
- Username
-
amadmin
- Password
-
4m4dmin1
You should be able to log in successfully and to navigate to various areas of the console with no error messages.
-
Troubleshooting
If you have configured everything so far according to these instructions, and the following error message is displayed “No such Organization found,” it is probably due to the mixed— case Access Manager host names used in this deployment example. For example, the host name AccessManager-1.example.com includes both upper and lower case letters. For more detailed information, see Appendix H, Known Issues and Limitations.
To Install Access Manager 2
Before You Begin
You must have a CD image of the Sun Java Enterprise System product mounted on the host computer system where you are installing Access Manger. For information on obtaining and mounting the Sun Java Enterprise System, see 3.2 Downloading and Mounting the Java Enterprise System 2005Q4 Installer in this document.
-
As a root user, log in to host AccessManager-2.
-
Unzip the two zip files that comprise the Java Enterprise System installer binaries.
-
Start the installer with the -nodisplay option.
# cd /mnt/Solaris_sparc # ./installer -nodisplay
-
When prompted, provide the following information:
Welcome to the Sun Java(TM) Enterprise System; serious software made simple... <Press ENTER to Continue>
Press Enter.
<Press ENTER to display the Software License Agreement>
Press Enter.
<-[40%]-[ENTER To Continue]-- [n To Finish]-->n
Enter n.
Have you read, and do you accept, all of the terms of the preceding Software License Agreement[No] ?
Enter yes.
Please enter a comma separated list of languages you would like supported with this installation [8]
Enter 8 for “English only.”
The following component products are detected on this system. They will appear disabled, "* *", in the following Component Selection Main Menu...
Press ENTER to continue.
Enter a comma separated list of products to install, or press R to refresh the list[]:
Enter 3,9, 12 to select Web Server, and Access Manager, and Message Queue.
The Message Queue packages you install now will be used when you implement session failover later in the deployment.
Press"Enter" to Continue or Enter a comma separated list of products to deselect... [1]
Enter -20 to deselect Directory Server.
Based on product dependencies for your selections, the installer will install: [X] 3. Sun Java(TM) System Web Server 6.1 SP5 2005Q4 (64.61 MB) [X] 9. Sun Java(TM) System Access Manager 7 2005Q4 (27.80 MB) Press "Enter" to Continue...[1]
Press Enter.
[X] 1. Identity Management and Policy Services Core [X] 2. Access Manager Admiistration Console [X] 3. Common Domain Services for Federation Management [X] 4. Access Manager SDK Enter a comma separated list of components to install (or D to install all )[D]
Enter D.
[X] 1. Identity Management and Policy Services Core [X] 2. Access Manager Admiistration Console [X] 3. Common Domain Services for Federation Management [X] 4. Access Manager SDK Press "Enter" to Continue or Enter a comma separated list of products to deselect... [1]
Press Enter.
Warnings - Product Dependency Checks 1. Install Sun Java(TM) System Directory Server 5 2005Q4 locally 2. Use Sun Java(TM) System Directory Server 5 2005Q4 installed on a remote machine These products can be installed locally or remotely, please choose your option [1]:
Enter 2.
J2SE(TM) Software Development Kit Upgrade Required 1. Automatically update with version on installer disk (recommended) 2. Manually upgrade with downloaded version from Sun web site: http://java.sun. comAfter installation, the link /usr/jdk/entsys-j2se refers to the version of J2SE SDK that is compatible with Java Enterprise System. Enter 1 or 2 [1]:
Enter 1.
The shared components listed below are currently installed. They will be upgraded for compatibility with the products you chose to install... Enter 1 to upgrade these shared components and 2 to cancel [1]
Enter 1.
Enter the name of the target installation directory for each product: Access Manager [/opt] :
Accept the default value.
Web Server[/opt/SUNWwbsvr]:
Accept the default value.
System ready for installation Enter 1 to continue [1]
Accept the default value.
1. Configure Now - Selectively override defaults or express through 2. Configure Later - Manually configure following installation Select Type of Configuration[1]
Enter 1 to configure now.
The following settings apply to all installed component products. Enter Host Name [AccessManager-2]
Accept the default value.
Enter DNS Domain Name [example.com]
Accept the default value.
Enter IP Address [10.5.82.208]
Accept the default value.
Enter Server admin User ID [admin]
Accept the default value.
Enter Admin User's Password (Password cannot be less than 8 characters)
For this example, enter web4dmin.
Confirm Admin User's Password []
Enter the same password again.
Enter System User [root]
Accept the default value.
Enter System Group [root]
Accept the default value.
Web Server: Administration Enter Server Admin User ID [admin]
Accept the default value.
Enter Admin User's Password []
For this example, enter web4dmin.
Retype Password []
Enter the same password again.
Enter Host Name [AccessManager-2.example.com]
Accept the default value.
Enter Administration Port [8888]
Accept the default value.
Enter Administration Server User ID [root]
Accept the default value.
Enter System User ID [webservd]
Enter root.
Enter System Group [webservd]
Enter root.
Enter HTTP Port [80]
Enter 1080.
Enter content Root [/opt/SUNWwbsvr/docs]
Accept the default value.
Do you want to automatically start Web Server when system re-starts.(Y/N)[N]
Accept the default value.
Access Manager: Administration Administrator User ID: amAdmin
Accept the default value.
Administrator Password [] :
For this example, enter 4m4dmin1.
Retype Password [] :
Enter the same password again.
LDAP User ID: amldapuser
Accept the default value.
LDAP Password [] :
For this example, enter 4mld4puser.
Much later in the deployment, in a subsequent task, you use this password as the Web Policy Agent “shared secret.”
Retype Password [] :
Enter the same password again.
Password Encryption Key [JSIodCIOSxks3CHISjs4CHYpw0ejfk]:
This password encryption key must be identical to the key that was generated and entered when you installed Access Manager 1. In this deployment example, the string is
EWDwdXCHs3CZkYs1CfqxTkQfKtORCFCS
Install type (Realm/Legacy) Mode [Legacy] : realm
Enter Realm.
Access Manager: Web Container 1. Sun Java System Application Server 2. Sun Java System Web Server Select the container to deploy the component and hit enter key [2]
Enter 2.
Access Manager: Sun Java System Web Server Host Name [AccessManager-2.example.com] :
Accept the default value.
Web Server Instance Directory [/opt/SUNWwbsvr/https-AccessManager-2.example.com]:
Accept the default value.
Web Server Port [1080] :
Accept the default value.
Document Root Directory [/opt/SUNWwbsvr/docs] :
Accept the default value.
Secure Server Instance Port [No] :
Accept the default value.
Host Name [AccessManager-2.example.com] :
Accept the default value.
Services Deployment URI [amserver] :
Accept the default value.
Common Domain Deployment URI [amcommon] :
Accept the default value.
Cookie Domain (Assure it is not a top level domain) [.example.com] :
Accept the default value.
Password Deployment URI [ampassword] :
Accept the default value.
Access Manager: Directory Server Information Directory Server Host [] :
Enter DirectoryServer-2.example.com.
Directory Server Port [] :
Enter 1389.
This is the port number you entered for the data instance of Directory Server.
Directory Root Suffix [dc=example,dc=com] :
Enter o=example.com
Directory Manager DN [cn=Directory Manager]: <
Accept the default value.
Directory Manager Password [] :
For this example, enter d1rm4n4ger.
Is Directory Server provisioned with user data [No] :
Accept the default value No.
1. Install 2. Start Over 3. Exit Installation What would you like to do [1] ?
First, see the next numbered (Optional) step.
When you're ready to install, enter 1 to start the installation.
-
(Optional) During installation, you can monitor the log to watch for installation errors. Example:
# cd /var/sadm/install/logs
# tail —f Java_Enterprise_System_install.Bxxxxxx
-
Upon successful installation, enter ! to exit.
-
Start the Access Manager Web Server.
# cd /opt/SUNWwbsvr/https-AccessManager-2.example.com
# ./stop
# ./start
-
Add the lowercase host name accessmanager-2.example.com to the Realm alias list.
This eliminates the need to enter the full path to the user's organization each time you want to log in to Access Manager.
-
Go to the following URL:
http://AccessManager-1.example.com:1080/amserver/UI/Login?org=example.com
-
Log in to the Access Manager console using the following information:
- Username
-
amadmin
- Password
-
4m4dmin1
-
On the Access Control tab, under Realms, click the example.com realm name.
-
On the General tab, under Realm Attributes, in the Add field enter the name accessmanager-2.example.com (all lowercase).
-
Click Add, and then click Save.
-
Click “Log Out.”
-
-
Verify that Access Manager has been installed successfully.
-
Go to the Access Manager login URL:
http://AccessManager-2.example.com:1080/amserver/console
-
Log in to the Access Manager console using the following information:
- Username
-
amadmin
- Password
-
4m4dmin1
You should be able to log in successfully and to navigate to various areas of the console with no error messages.
-
Next Steps
Caution – Do not try to log in to the second Access Manager server because the instance is not fully configured to be used yet. Access Manager 2 is enabled in the following procedure.
To Configure the Access Manager Infrastructure
to Work with Multiple Instances
In this procedure, you configure both Access Manager 1 and Access Manager 2 to operate as two instances of a single server. All configuration takes place on the Access Manager 1 host. There is no need to repeat the steps on the Access Manager 2 host.
-
On AccessManager-1, start a new browser, and go to the URL for the Access Manager console.
Example: http://AccessManager-1.example.com:1080/amserver/console
-
Log in to the Access Manager console using the following information:
- User Name
-
amadmin
- Password
-
4m4dmin1
-
On the Access Control tab, under Realm Name, click the top-level realm.
In this example, the top-level realm is example.
-
On the General tab, under Realm Attributes, add AccessManager—2.example.com to the Realms/DNS Aliases list.
-
Go to Realms > Configuration.
-
On the Configuration tab, click System Properties > Platform.
-
On the Platform page, add a new instance name.
-
Click the Log Out button to log out of the console.
-
Verify that both Access Manager servers are configured properly.
-
As a root user, log in to host AccessManager-1.
-
Restart the Access Manager server by restarting the Web Server.
# cd /opt/SUNWwbsvr/https-AccessManager-1.example.com # ./stop; ./start
Check for errors on the start-up screen and in the Web Server error log as the server restarts.
-
As a root user, log in to host AccessManager-2.
-
Restart the Access Manager server by restarting the Web Server.
# cd /opt/SUNWwbsvr/https-AccessManager-2.example.com # ./stop; ./start
Check for errors on the start-up screen and in the Web Server error log as the server restarts.
-
Start a new browser and to go the URL for the other Access Manager server.
Example: http://AccessManager-2.example.com:1080/amserver/console
-
Log in as to the Access Manager console using the following information:
- Username
-
amadmin
- Password
-
4m4dmin1
-
If you can log in successfully, close the browser.
If you cannot log in successfully, restart Access Manager 2. Be sure that the Access Manager 2 host can access the Directory Server 1 host.
-
Log out of the Access Manager console.
-
Troubleshooting
When you cannot log in successfully, one way to troubleshoot is to log in using the fully qualified name for the user amadmin . If you can authenticate using the fully qualified name, you can focus on issues other than authentication and log in. In the file /etc/opt/SUNWam/config/AMConfig.properties, look for the following entry:
com.sun.identity.authentication.super.user=uid=amAdmin,ou=People,o=example.com
Use the fully qualified User Name uid=amAdmin,ou=People,o=example.com to log in.
To Back Up the Access Manager Configuration
in Directory Server
Backing up your Access Manager configuration ensures that if you run into problems later in the deployment, you can revert to this configuration without having to re-install Access Manager.
-
On Directory Server 1, in the slapd-am-config directory, run the db2ldif script.
# cd /var/opt/mps/serverroot/slapd-am-config/ # ./stop # ./db2ldif -n userroot ldiffile: /var/opt/mps/serverroot/slapd-am-config/ldif/2006_03_14_111537.ldif [14/Mar/2006:11:15:40 -0800] - export userRoot: Processed 112 entries (31%). [14/Mar/2006:11:15:41 -0800] - export userRoot: Processed 224 entries (62%). [14/Mar/2006:11:15:42 -0800] - export userRoot: Processed 338 entries (94%). [14/Mar/2006:11:15:42 -0800] - export userRoot: Processed 360 entries (100%).
-
(Optional) You can create a readme file that describes the contents of the new ldif file.
# cd /var/opt/mps/serverroot/slapd-am-config/ldif # ls 2006_03_14_111537.ldif Example-Plugin.ldif Example.ldif European.ldif Example-roles.ldif # cat > README 2006_03_14_111537.ldif: backup after post-am install, pre-patch application ^D # ls -l 2006_03_14_111537.ldif Example-Plugin.ldif Example.ldif European.ldif Example-roles.ldif README
- © 2010, Oracle Corporation and/or its affiliates