Deployment Example 1: Access Manager 7.0 Load Balancing, Distributed Authentication UI, and Session Failover

ProcedureTo Verify that User Management with the Existing Data Store Works Properly

  1. In a browser, go to the following Access Manager URL:

  2. Log in to the Access Manager console using the following information:





  3. Add a new user.

    1. On the Realms page, click the users link.

    2. Click the Subjects tab.

    3. On the User page, under User, click New.

    4. On the New User page, provide the following information, and then click Create:



      First Name:


      Last Name:


      Full Name:

      John Doe



      Password Confirm:


      John Doe is now displayed in the list of Users. This indicates the user created in Access Manager was also created in Directory Server. Changes to the user profile were updated in Directory Server.

    5. Modify the John Doe entry.

      1. Click the UserID for johndoe.

      2. In the Edit User dialog, in the Full Name field, enter John Michael Doe, and then click Save.

        You can see changes reflected in Access Manager. Changes to the user profile were also updated in Directory Server.

  4. Log in as a root user to the host DirectoryServer-1.

    1. Start the Directory Server console:

      # cd /var/opt/mps/serverroot
      # ./startconsole &
    2. Log in to the Directory Server console using the following information:


      cn=Directory Manager



      Administration URL

    3. In the navigation tree, expand the DirectoryServer-1 node, and expand the Server Group.

    4. Click the am-users instance.

    5. On the Directory Server page for am-users , click Open.

    6. Click the Directory tab.

    7. Click the dc=company,dc=com suffix, and then click the users group.

    8. In the list of users, double-click the johndoeentry.

      In the Edit User page, verify that the information is the same as the information you entered through the Access Manager console in the previous steps.

    Leave the Directory Server console open.

  5. In the Access Manager console, create a new role and add John Doe to the role.

    1. In the Realms page for users, click the Subjects tab.

    2. Click the Role tab.

    3. Under Roles, click New Role.

    4. In the Role page, in the Name field, enter testRole.

    5. Click Create.

      The new role testRole is now displayed in the list of roles.

    6. Click the testRole link.

    7. Click the User tab.

    8. In the Edit Role page for testRole, in the Available list, select johndoe.

    9. Click Add.

      The user johndoe is added to the Selected list.

    10. Click Save.

      John Doe is now added to the testRole role.

  6. Verify that the new user and role are created in Directory Server.

    1. In the am-users instance, on the Directory tab, click the dc=company,dc=com suffix.

      The role testRole is included in the right pane.

    2. Double-click testRole.

    3. In the Edit Role dialog, click Members.

      Verify that John Michael Doe is included in the list of members.