test

Deployment Example 1: Access Manager 7.0 Load Balancing, Distributed Authentication UI, and Session Failover

ProcedureTo Configure the Access Manager Infrastructure to Work with Multiple Instances

In this procedure, you configure both Access Manager 1 and Access Manager 2 to operate as two instances of a single server. All configuration takes place on the Access Manager 1 host. There is no need to repeat the steps on the Access Manager 2 host.

  1. On AccessManager-1, start a new browser, and go to the URL for the Access Manager console.

    Example: http://AccessManager-1.example.com:1080/amserver/console

  2. Log in to the Access Manager console using the following information:

    User Name

    amadmin

    Password

    4m4dmin1

  3. On the Access Control tab, under Realm Name, click the top-level realm.

    In this example, the top-level realm is example.

  4. On the General tab, under Realm Attributes, add AccessManager—2.example.com to the Realms/DNS Aliases list.

    1. In the Add text field, provide a fully qualified domain name for Access Manager 2.

      Example: AccessManager-2.example.com

    2. Click Add.

    3. In the Add text field, provide the Access Manager 2 host name using all lowercase.

      Example: accessmanager-2.example.com

    4. Click Add.

    5. Click Save.

  5. Go to Realms > Configuration.

  6. On the Configuration tab, click System Properties > Platform.

  7. On the Platform page, add a new instance name.

    1. Under Instance Name, click New.

    2. In the New Server Instance page, provide the following information:

      Server

      http://AccessManager-2.example.com:1080 .

      Instance Name

      02.

    3. Click OK.

      On the Platform page, you see a new instance created in the Instance Name list.

    4. Click Save.

  8. Click the Log Out button to log out of the console.

  9. Verify that both Access Manager servers are configured properly.

    1. As a root user, log in to host AccessManager-1.

    2. Restart the Access Manager server by restarting the Web Server.


      # cd /opt/SUNWwbsvr/https-AccessManager-1.example.com
# ./stop; ./start

      Check for errors on the start-up screen and in the Web Server error log as the server restarts.

    3. As a root user, log in to host AccessManager-2.

    4. Restart the Access Manager server by restarting the Web Server.


      # cd /opt/SUNWwbsvr/https-AccessManager-2.example.com
# ./stop; ./start

      Check for errors on the start-up screen and in the Web Server error log as the server restarts.

    5. Start a new browser and to go the URL for the other Access Manager server.

      Example: http://AccessManager-2.example.com:1080/amserver/console

    6. Log in as to the Access Manager console using the following information:

      Username

      amadmin

      Password

      4m4dmin1

    7. If you can log in successfully, close the browser.

      If you cannot log in successfully, restart Access Manager 2. Be sure that the Access Manager 2 host can access the Directory Server 1 host.

    8. Log out of the Access Manager console.

Troubleshooting

When you cannot log in successfully, one way to troubleshoot is to log in using the fully qualified name for the user amadmin . If you can authenticate using the fully qualified name, you can focus on issues other than authentication and log in. In the file /etc/opt/SUNWam/config/AMConfig.properties, look for the following entry:

com.sun.identity.authentication.super.user=uid=amAdmin,ou=People,o=example.com

Use the fully qualified User Name uid=amAdmin,ou=People,o=example.com to log in.