Host 

Computer system that hosts the Directory Server. 

Host Name 

DirectoryServer–1.example.com 

Directory Server Administration Instance 

Administration server that manages Directory Server and all its instances. 

Port Number 

1391 

Service URL 

http://DirectoryServer–1.example.com:1391 

Instance Directory 

/var/opt/mps/serverroot/admin-serv 

Directory Server Configuration Instance 

Instance that stores Directory Server configuration data. 

Instance name 

ds-config 

Port Number 

1390 

Service URL 

http://DirectoryServer-1.example.com:1390 

Base suffix 

dc=example,dc=com 

Super User 

cn=Directory Manager 

Super User password 

d1rm4n4ger 

Administrative User 

admin 

Administrative User Password 

d1r4dmin 

Instance Directory 

/var/opt/mps/serverroot/slapd-ds-config 

Access Manager Configuration Instance 

Stores Access Manager configuration data. 

Instance name 

am-config 

Port Number 

1389 

Service URL 

Base Suffix 

o=example.com 

Replication Manager 

cn=replication manager,cn=replication,cn=config 

Replication Manager Password 

replm4n4ger 

Instance Directory 

/var/opt/mps/serverroot/slapd-am-config 

User Data Store 

Stores Access Manager user data. In this deployment example, the user data store is located on the same computer system as the Access Manager configuration data store. The user data store could also be installed on a different computer system.  

Instance Name 

am-users 

Port Number 

1489 

Service URL 

http://DirectoryServer-1.example.com:1489 

Base Suffix 

dc=company, dc=com 

Users Suffix 

ou=users,dc=company,dc=com 

Replication Manager 

cn=replication manager, cn=replication,cn=config 

Replication Manager Password 

replm4n4ger 

Instance Directory 

/var/opt/mps/serverroot/slapd-am-users 

Host 

Computer system that hosts the Directory Server. 

Host Name 

DirectoryServer–2.example.com 

Directory Server Administration Instance 

Administration server that manages Directory Server and all its instances. 

Port Number 

1391 

Service URL 

http://DirectoryServer–2.example.com:1391 

Instance Directory 

/var/opt/mps/serverroot/admin-serv 

Directory Server Configuration Instance 

Instance that stores Directory Server configuration data. 

Instance name 

ds-config 

Port Number 

1390 

Service URL 

http://DirectoryServer-2.example.com:1390 

Base suffix 

dc=example,dc=com 

Super User 

cn=Directory Manager 

Super User password 

d1rm4n4ger 

Administrative User 

admin 

Administrative User Password 

d1r4dmin 

Instance Directory 

/var/opt/mps/serverroot/slapd-ds-config 

Access Manager Configuration Instance 

Stores Access Manager configuration data. 

Instance name 

am-config 

Port Number 

1389 

Service URL 

Base Suffix 

o=example.com 

Replication Manager 

cn=replication manager,cn=replication,cn=config 

Replication Manager Password 

replm4n4ger 

Instance Directory 

/var/opt/mps/serverroot/slapd-am-config 

User Data Store 

Stores Access Manager user data. In this deployment example, the user data store is located on the same computer system as the Access Manager configuration data store. The user data store could also be installed on a different computer system.  

Instance Name 

am-users 

Port Number 

1489 

Service URL 

http://DirectoryServer-2.example.com:1489 

Base Suffix 

dc=company, dc=com 

Users Suffix 

ou=users,dc=company,dc=com 

Replication Manager 

cn=replication manager, cn=replication,cn=config 

Replication Manager Password 

replm4n4ger 

Instance Directory 

/var/opt/mps/serverroot/slapd-am-users 

userdbadmin 

Used by the Access Manager servers to connect to the user data store for data management purposes. 

Password 

4serd84dmin 

DN 

uid=userdbadmin,ou=users,dc=company,dc=com 

userdbauthadmin  

Used by the Access Manager servers to authenticate users to the user data store. 

Password 

4serd84uth4dmin 

DN 

uid=userdbauthadmin,ou=users,dc=company,dc=com 

testuser1 

Used to verify that the policy agents work properly. 

Password 

password 

DN 

uid=testuser1,ou=users,dc=company,dc=com 

testuser2 

Used to verify that the policy agents work properly. 

Password 

password 

DN 

uid=testuser2,ou=users,dc=company,dc=com 

Host 

Computer system that hosts the Access Manager server. 

Host Name 

AccessManager-1.example.com 

Web Server Administration 

Manages the entire Web Server an all its instances. 

Instance name 

admserv 

Port Number 

8888 

Service URL 

http://AccessManager–1.example.com:8888 

Administrative User 

admin 

Administrative User Password 

web4dmin 

Instance Directory 

/opt/SUNWwbsvr/https-admserv 

Access Manager Web Server 

Contains the Access Manager applications 

Instance name 

AccessManager-1.example.com 

Port Number 

1080 

Service URL 

http://AccessManager-1.example.com:1080 

Administrative User 

amadmin 

Administrative User Password 

4m4dmin1 

amLDAP user 

amldapuser 

amLDAP user Password 

4mld4puser 

Instance Directory 

/opt/SUNWwbsvr/https-AccessManager-1.example.com  

Host 

Computer system that hosts the Access Manager server. 

Host Name 

AccessManager-2.example.com 

Web Server Administration 

Manages the entire Web Server an all its instances. 

Instance name 

admserv 

Port Number 

8888 

Service URL 

http://AccessManager–2.example.com:8888 

Administrative User 

admin 

Administrative User Password 

web4dmin 

Instance Directory 

/opt/SUNWwbsvr/https-admserv 

Access Manager Web Server 

Contains the Access Manager applications 

Instance name 

AccessManager-2.example.com 

Port Number 

1080 

Service URL 

http://AccessManager-2.example.com:1080 

Administrative User 

amadmin 

Administrative User Password 

4m4dmin1 

amLDAP user 

amldapuser 

amLDAP user Password 

4mld4puser 

Instance Directory 

/opt/SUNWwbsvr/https-AccessManager-1.example.com  

Host 

Computer system that hosts the Access Manager server. 

Host Name 

AuthenticationUI-1.example.com 

Web Server Administration 

Manages the entire Web Server an all its instances. 

Instance name 

admserv 

Port Number 

8888 

Service URL 

http://AuthenticationUI-1..example.com:8888 

Administrative User 

admin 

Administrative User Password 

web4dmin 

Instance Directory 

/opt/SUNWwbsvr/https-admserv 

Distributed Authentication UI Server 

Contains the Distributed Authentication UI module. 

Instance name 

AuthenticationUI-1.example.com 

Port Number 

1080 

Service URL 

http://AuthenticaitonUI-1.example.com:1080 

Instance Directory 

/opt/SUNWwbsvr/https-AuthenticationUI-1.example.com  

User Profile 

Administrative User 

authuiadmin 

Administrative User Password 

4uthu14dmin 

Host 

Computer system that hosts the Access Manager server. 

Host Name 

AuthenticationUI-2.example.com 

Web Server Administration 

Manages the entire Web Server an all its instances. 

Instance name 

admserv 

Port Number 

8888 

Service URL 

http://AuthenticationUI-2..example.com:8888 

Administrative User 

admin 

Administrative User Password 

web4dmin 

Instance Directory 

/opt/SUNWwbsvr/https-admserv 

Distributed Authentication UI Server 

Contains the Distributed Authentication UI module. 

Instance name 

AuthenticationUI-2.example.com 

Port Number 

1080 

Service URL 

http://AuthenticaitonUI-2.example.com:1080 

Instance Directory 

/opt/SUNWwbsvr/https-AuthenticationUI-2.example.com  

User Profile 

Administrative User 

authuiadmin 

Administrative User Password 

4uthu14dmin 

Host 

Computer system that hosts Web Server 1 

Host Name 

ProtectedResource-1.example.com 

Web Server Administration Server 

Manages the entire Web Server and all its instancces. 

Instance Name 

admserv 

Port Number 

8888 

Administrative User 

admin 

Administrative User Password 

web4dmin 

Instance Directory 

/opt/SUNWwbsvr/https-admserv 

Web Policy Agent Instance 

Server instance that contains the web server and web policy agent. 

Instance Name 

ProtectedResource-1.example.com 

Port Number 

1080 

Instance Directory 

/opt/SUNWwbsvr/https-ProtectedResource-1.example.com 

Web Agent Profile 

Administrative User 

webagent-1 

Administrative User Password 

web4gent1 

Host 

Computer system that hosts Web Server 2 

Host Name 

ProtectedResource-2.example.com 

Web Server Administration Server 

Manages the entire Web Server and all its instances. 

Instance Name 

admserv 

Port Number 

8888 

Administrative User 

admin 

Administrative User Password 

web4dmin 

Instance Directory 

/opt/SUNWwbsvr/https-admserv 

Web Policy Agent Instance 

Server instance which contains the web server and web policy agent. 

Instance Name 

ProtectedResource-2.example.com 

Port Number 

1080 

Instance Directory 

/opt/SUNWwbsvr/https-ProtectedResource-2.example.com 

Web Agent Profile 

Administrative User 

admin 

Administrative User Password 

web4dmin 

Host 

Computer system that hosts Application Server 1 

Host Name 

ProtectedResource-1.example.com 

WebLogic Administration Server 

Manages the entire Application Server and all its instances 

Instance Name 

AdminServer 

Port Number 

7001 

Administrative User 

weblogic 

Administrative User Password 

w3bl0g1c 

Instance Directory 

/usr/local/bea/user_projects/domains/ProtectedResource-1/servers/AdminServer 

WebLogic Domain 

Stores configuration information for this Application Server instance. 

Instance Name 

ProtectedResource-1 

Instance Directory 

/usr/local/bea/user_projects/domains/ProtectedResource-1 

J2EE Policy Agent Instance 

Server instance which contains the Application Server and J2EE policy agent. 

Instance Name 

ApplicationServer-1 

Port Number 

1081 

Instance Directory 

/usr/local/bea/user_projects/domains/ProtectedResource-1/servers/ApplicationServer-1 

J2EE Policy Agent Profile 

Administrative User 

j2eeagent-1 

Administrative User Password 

j2ee4gent1 

Host 

Computer system that hosts Application Server 2 

Host Name 

ProtectedResource-2.example.com 

WebLogic Administration Server 

Manages the entire Application Server an all its instances. 

Instance Name 

AdminServer 

Port Number 

7001 

Administrative User 

weblogic 

Administrative User Password 

w3bl0g1c 

Instance Directory 

/usr/local/bea/user_projects/domains/ProtectedResource-2/servers/AdminServer 

WebLogic Domain 

Stores configuration information for this Application Server instance. 

Instance Name 

ProtectedResource-2 

Instance Directory 

/usr/local/bea/user_projects/domains/ProtectedResource-2 

J2EE Policy Agent Instance 

Server instances which contains the Application Server and J2EE web policy agent. 

Instance Name 

ApplicationServer-2 

Port Number 

1081 

Instance Directory 

/usr/local/bea/user_projects/domains/ProtectedResource-2/servers/ApplicationServer-2 

J2EE Policy Agent Profile 

Administrative User 

j2eeagent-2 

Administrative User Password 

j2ee4gent2 

Host 

Computer system that hosts all virtual servers in this deployment example. 

Host Name 

is-f5.example.com 

Load Balancer 1 

Access Manager Configuration Stores 

Virtual Service Address for the Access Manager configuration store.  

Configured for cookie and IP-based stickiness and TCP (HTTP and LDAP) load balancing. 

Instance Name 

LoadBalancer-1 

Port Number 

389 

Pool Name 

AccessManager-Pool 

Virtual Server and Port Number 

LoadBalancer-1.example.com:389  

Monitor 

ldap-tcp 

Load Balancer 2 

Directory Server User Data Stores 

Virtual Service Address for the User Data store. 

Instance Name 

LoadBalancer-2 

Port Number 

489 

Pool Name 

DirectoryServer-UserData-Pool 

Virtual Server and Port Number 

LoadBalancer-2.example.com:489 

Monitor 

ldap-tcp 

Load Balancer 3 

Access Manager Servers 

Virtual Service Address for the Access Manager Web Server instances. 

SSL is terminated at this at this load balancer before the request is forwarded to the Access Manager Servers. This load-balancer is the single point-of-failure for Access Manager and can be considered a limitation of this deployment example.  

Configured for cookie and IP— based stickiness and TCP (HTTP and LDAP) load balancing.  

External users access port 9443, while internal users will access port 90. 

Instance Name 

LoadBalancer-3 

Port Number 

90 and 9443 

Pool Name 

AccessManager-Pool 

Virtual Server and Port Number 

LoadBalancer-3.example.com:90  

Monitor 

AccessManager-http 

Load Balancer 4 

Distributed Authentication UI Servers 

Virtual Service Address for the Distributed Authentication UI web server instances. 

SSL is terminated at this load balancer before the request is forwarded to the Distributed Authentication UI servers.  

Configured for cookie and IP-based stickiness and TCP (HTTP and LDAP) load balancing. 

Instance Name 

LoadBalancer-4 

Port Number 

90 and 9443 

Pool Name 

AuthenticationUI-Pool 

Virtual Server and Port Number 

LoadBalancer-4.example.com:90 

Monitor 

http-monitor 

Load Balancer 5 

Web Policy Agents 

Virtual Service Address for Web Policy Agents. 

Configured for cookie and IP— based stickiness and TCP (HTTP and LDAP) load balancing. 

Instance Name 

LoadBalancer-5 

Port Number 

90 

Pool Name 

WebAgent-Pool 

Virtual Server and Port Number 

LoadBalancer-5.example.com:90 

Monitor 

WebAgent-http 

Load Balancer 6 

J2EE Policy Agents 

Virtual Service Address for J2EE Policy Agents 

Configured for cookie and IP-based stickiness and TCP (HTTP and LDAP) load balancing. 

Instance Name 

LoadBalancer-6 

Port Number 

91 

Pool Name 

J2EEAgent-Pool 

Virtual Server and Port Number 

LoadBalancer-6.example.com:91 

Monitor 

tcp 

Host 

Computer system that hosts the Message Queue server. 

Host Name 

MessageQueue-1.example.com 

Message Queue 1 

Serves as a communications broker that enables Access Manager to communicate data with the session store. 

Instance Name 

msgqbroker 

Port Number 

7777 

Administrative User 

msgquser 

Administrative User Password 

m5gqu5er 

Instance Directory 

/opt/SUNWam 

Host 

Computer system that hosts the Message Queue server. 

Host Name 

MessageQueue-2.example.com 

Message Queue 2 

Serves as a communications broker that enables Access Manager to communicate data with the session store. 

Instance Name 

msgqbroker 

Port Number 

7777 

Administrative User 

msgquser 

Administrative User Password 

m5gqu5er 

Instance Directory 

/opt/SUNWam 

6490164 

Installing Access Manager with upper case results in “No Such Orrganization” error.

If you install Access Manager with the server host name and domain name in mixed-case letters, you may not be able to access the Access Manager console. A “No Such Organization” or “No Such Domain” message is displayed. 

Workaround: Log in to the Access Manager console using the fully-qualified DN of the amadmin such asuid=amAdmin,ou=People,o=example.com, then add you fully-qualified server name in all-lowercase letters to the Realm/DNS Alias list of the top-level realm. Click the top-level realm to see the realm properties, and you will see the list of Realm/DNS Aliases.

6477741 

Exception is thrown when you run the agentadmin utility.

The following exception is thrown when you run the agentadmin utility from the J2EE Policy Agent2.2 server (Hotpatch 3 for BEA Appserver 9.1).  

# ./agentadmin --getUuid amadmin user example.com 
Failed to create debug directory 
Failed to create debug directory 
Failed to create debug directory 
Failed to create debug directory 
Failed to create debug directory

6476271 

BEA servers do not start up when startup script is not configured properly.

The BEA administration server and managed server will not start up if the start up script is not configured properly. When using J2EE Policy Agent 2.2 (Hotpatch-3) on BEA Application Server 9.1, you must append the following to the end of the file setDomainEnv.sh file:

. /usr/local/bea/user_projects/domains/mydomain/setAgentEnv_server1.sh

The setDomainEnv.sh file contains the call to commEnv.sh.

6472662 

When SSL terminates at the Access Manager load balancer, the console application changes protocol from HTTPS to HTTP.

When you try to access the Access Manager load balancer with a URL such as https://loadbalancerURL:port/amserver/console, you cannot access log in page because the console application changes the protocol from HTTPS to HTTP.

Workaround:When you access the Access Manager load balancer, manually modify the URL to the following: https://loadbalancerURL:port/amserver/UI/Login.

6482952 

J2EE policy agent redirects to the context root in the goto URL .

The problem occurs when testing the sample application for the J2EE Policy Agent 2.2 for BEA Weblogic 9.1 Application Server. 

If you access a URL such as http://agentLoadBalancerURL:port/agentsample/protectedservlet, you are redirected to the Access Manager login page, but the goto part of the URL contains only this: =http%3A%2F%2FagentLoadBalancerURL%3Aport%2Fagentsample. The result is that after successful authentication, you are redirected to the index page of the application, and not the page that you had requested.

Workaround: There is no workaround at this time.

6363157 

Performance is impacted due to unnecessary persistent searches.

The problem can occur, for example, when Access Manager uses LDAP roles. Persistent search is not necessary in this case, and one should be able to disable persistent searches without introducing additional risks to the system. 

Workaround: There is no workaround at this time.

6489403 

Login to a sub-realm fails when using the Distributed Authentication UI.

The problem occurs when you attempt to access a sub-realm using a URL such as the following:  

http://AuthenticationUIserver:1080/distAuth/UI/Login?realm=users&goto=http://hostName.domainName.com:1080

Instead of a login page, the following message is displayed: "No such Organization found.”  

Workaround: There is no workaround at this time.

6467562 

Filtered role name missing ou=service in the container JAAS Subject.

When trying to use declarative security with J2EE agents, for any user in a sub-realm the role membership is not populated properly within the container JAAS Subject. It is missing ou=services in the jaas_subject role names. There is a mismatch between the role name returned from the Access Manager server and what is seen in the JAAS Subject.

Workaround: In the AMAgent.properties file, remove the ou=services part in the mapping key com.sun.identity.agents.config.privileged.attribute.mapping . For example, change this:

com.sun.identity.agents.config.privileged.attribute.mapping
[id\=manager,ou\=role,o\=users,ou\=services,o\=example.com] = am_manager_role

to 

com.sun.identity.agents.config.privileged.attribute.mapping
[id\=manager,ou\=role,o\=users,o\=example.com] = am_manager_role