To Verify that User Management with the Existing Data Store Works Properly (Deployment Example 1: Access Manager 7.0 Load Balancing, Distributed Authentication UI, and Session Failover)

Deployment Example 1: Access Manager 7.0 Load Balancing, Distributed Authentication UI, and Session Failover

Previous: To Configure Access Manager to Manage Users in an Existing User Data Store
Next: Chapter 8 Installing and Configuring the Protected Resources with Policy Agents

To Verify that User Management with the Existing Data Store Works Properly

In a browser, go to the following Access Manager URL:

https://loadbalancer-3.example.com:9443/amserver/UI/Login

Log in to the Access Manager console using the following information:

Username

amadmin

Password

4m4dmin1

Add a new user.
1. On the Realms page, click the users link.
2. Click the Subjects tab.
3. On the User page, under User, click New.
4. On the New User page, provide the following information, and then click Create:
  
  ID:
  
  johndoe
  
  First Name:
  
  John
  
  Last Name:
  
  Doe
  
  Full Name:
  
  John Doe
  
  Password:
  
  password
  
  Password Confirm:
  
  password
  
  John Doe is now displayed in the list of Users. This indicates the user created in Access Manager was also created in Directory Server. Changes to the user profile were updated in Directory Server.
5. Modify the John Doe entry.
  1. Click the UserID for johndoe.
  2. In the Edit User dialog, in the Full Name field, enter John Michael Doe, and then click Save.
    
    You can see changes reflected in Access Manager. Changes to the user profile were also updated in Directory Server.

Log in as a root user to the host DirectoryServer-1.
1. Start the Directory Server console:
  # cd /var/opt/mps/serverroot # ./startconsole &
2. Log in to the Directory Server console using the following information:
  
  Username
  
  cn=Directory Manager
  
  Password
  
  d1rm4n4ger
  
  Administration URL
  
  http://DirectoryServer-1.example.com:1391
3. In the navigation tree, expand the DirectoryServer-1 node, and expand the Server Group.
4. Click the am-users instance.
5. On the Directory Server page for am-users , click Open.
6. Click the Directory tab.
7. Click the dc=company,dc=com suffix, and then click the users group.
8. In the list of users, double-click the johndoeentry.
  
  In the Edit User page, verify that the information is the same as the information you entered through the Access Manager console in the previous steps.
Leave the Directory Server console open.

In the Access Manager console, create a new role and add John Doe to the role.
1. In the Realms page for users, click the Subjects tab.
2. Click the Role tab.
3. Under Roles, click New Role.
4. In the Role page, in the Name field, enter testRole.
5. Click Create.
  
  The new role testRole is now displayed in the list of roles.
6. Click the testRole link.
7. Click the User tab.
8. In the Edit Role page for testRole, in the Available list, select johndoe.
9. Click Add.
  
  The user johndoe is added to the Selected list.
10. Click Save.
  
  John Doe is now added to the testRole role.

Verify that the new user and role are created in Directory Server.
1. In the am-users instance, on the Directory tab, click the dc=company,dc=com suffix.
  
  The role testRole is included in the right pane.
2. Double-click testRole.
3. In the Edit Role dialog, click Members.
  
  Verify that John Michael Doe is included in the list of members.

© 2010, Oracle Corporation and/or its affiliates