Documentation Home
> Deployment Example 1: Access Manager 7.0 Load Balancing, Distributed Authentication UI, and Session Failover
Deployment Example 1: Access Manager 7.0 Load Balancing, Distributed Authentication UI, and Session Failover
Book Information
Part I About This Deployment Example
Chapter 1 Key Features and Constraints
1.1 Key Features of This Deployment Example
1.2 System Environment and Architecture
1.3 System Behaviors
Chapter 2 Technical Overview
2.1 Software Used in this Environment
2.2 Host Names and Main Service URLs Used in Examples
2.3 Intercomponent Communication
2.4 Firewall Rules
Part II Building the Environment
Chapter 3 Before You Begin
3.1 About This Guide
3.1.1 Naming Conventions
3.1.2 Typographical Conventions
3.2 Downloading and Mounting the Java Enterprise System 2005Q4 Installer
To Download and Mount the Java Enterprise System 2005Q4 Installer
3.3 Setting Up a Load Balancer
3.4 Obtaining Secure Socket Layer (SSL) Certificates
3.5 Resolving Host Names
3.6 Known Issues and Limitations
Chapter 4 Installing and Configuring the Directory Servers
4.1 Installing Two Directory Servers
To Install Directory Server 1
To Install Directory Server 2
To Create a New Data Instance in Directory Server 1
To Create a New Data Instance in Directory Server 2
4.2 Enabling Multi-Master Replication
To Enable Multi-Master Replication on Directory Server 1
To Enable Multi-Master Replication on Directory Server 2
To Create Replication Agreements on Directory Server 1
To Create Replication Agreements on Directory Server 2
To Initialize the Master Replica
4.3 Configuring the Directory Servers Load Balancer
To Configure Load Balancer 1
Chapter 5 Installing and Configuring the Access Manager Servers
5.1 Installing Two Access Manager Servers
To Install Access Manager 1
To Install Access Manager 2
To Configure the Access Manager Infrastructure to Work with Multiple Instances
To Back Up the Access Manager Configuration in Directory Server
5.2 Applying Service Patch 5
To Apply Service Patch 5 to Access Manager Server 1
To Apply Service Patch 5 to Access Manager Server 2
5.3 Configuring the Access Manager Servers to Run as Non-Root Users
To Reconfigure Access Manager 1 to Run as a Non-Root User
To Reconfigure Access Manager 2 to Run as a Non-Root User
To Reconfigure the Web Server Administration Servers to Run as Non-Root Users
5.4 Configuring the Access Manager Load Balancer
To Configure the Access Manager Servers to Access the Directory Server Load Balancer
To Verify Successful Directory Server Load Balancing and System Failover
To Configure the Access Manager Load Balancer
To Verify that the Access Manager Load Balancer is Configured Properly
To Request an SSL Certificate for the Access Manager Load Balancer
To Install a Root CA Certificate on the Access Manager Load Balancer
To Install an SSL Certificate on the Access Manager Load Balancer
To Configure SSL Termination on the Access Manager Load Balancer
5.5 Importing the Root CA Certificate into the Access Manager Web Servers
To Import the Root CA Certificate into the Access Manager 1 Web Server
To Modify the AMConfig.properties File
To Import the Root CA Certificate into the Access Manager 2 Web Server
To Modify the AMConfig.properties File
5.6 Creating an Access Manager Site
To Create an Access Manager Site
To Verify that the Site was Configured Properly
Chapter 6 Installing and Configuring the Distributed Authentication UI Servers
6.1 Installing and Deploying the Distributed Authentication UI Servers
To Install a Container for Distributed Authentication UI Server 1
To Build and Deploy Distributed Authentication UI Server 1
To Install a Container for Distributed Authentication UI Server 2
To Build and Deploy Distributed Authentication UI Server 2
To Import the Root CA Certificate for the Access Manager Load Balancer into Authentication UI Server 1
To Verify that Authentication Through Authentication UI Server 1 is Successful
To Import the Root CA Certificate for the Access Manager Load Balancer into Authentication UI Server 2
To Verify that Authentication Through Authentication UI Server 2 is Successful
6.2 Configuring the Distributed Authentication UI Servers Load Balancer
To Configure the Distributed Authentication UI Servers Load Balancer
To Configure Distributed Authentication UI Servers to Authenticate to Access Manager as a Custom User
To Configure the Load Balancer Cookies for the Distributed Authentication UI Servers
To Request an SSL Certificate for the Distributed Authentication UI Load Balancer
To Install a Root CA Certificate on the Distributed Authentication UI Load Balancer
To Install an SSL Certificate on the Distributed Authentication UI Load Balancer
To Configure SSL Termination on the Distributed Authentication UI Load Balancer
Chapter 7 Integrating an Existing User Data Store
7.1 Creating and Configuring a New User Data Store
To Create a User Data Store Instance on Directory Server 1
To Create a User Data Store Instance on Directory Server 2
To Create a New Branch in the User Data Store
To Import Users into the User Data Store
7.2 Enabling Multi-Master Replication
To Enable Multi-Master Replication on Directory Server 1
To Enable Multi-Master Replication on Directory Server 2
To Create Replication Agreements on Directory Server 1
To Create Replication Agreements on Directory Server 2
To Initialize the Master Replica
7.3 Configuring the User Data Stores Load Balancer
To Configure the User Data Stores Load Balancer
7.4 Configuring a User Realm
To Create a New Realm
To Configure a Realm Alias
To Configure the Realm Authentication
To Configure Access Manager to Use Roles from the User Data Store
To Configure the User Data Stores
7.5 (Optional) Enabling Access Manager to Manage Users in the Existing User Data Store
To Configure Access Manager to Manage Users in an Existing User Data Store
To Verify that User Management with the Existing Data Store Works Properly
Chapter 8 Installing and Configuring the Protected Resources with Policy Agents
8.1 Installing Web Server 1 and Web Policy Agent 1
To Install Web Server 1 on Protected Resource 1
To Install Web Policy Agent 1
To Verify that Web Policy Agent 1 Works Properly
To Import the Root CA Certificate into the Web Server 1 Key Store
To Verify that the Web Policy Agent is Working Properly
To Create an Agent Profile on Access Manager
To Configure the Web Policy Agent to Use the New Agent Profile
To Verify that the Web Policy Agent is Working Properly
8.2 Installing Application Server 1 and J2EE Policy Agent 1
To Install Application Server 1 on Protected Resource 1
To Create an Agent Profile on Access Manager
To Run the J2EE Policy Agent Installer on Application Server 1
8.3 Completing the J2EE Policy Agent 1 Installation
To Modify the Application Server Startup File
To Deploy the J2EE Policy Agent Application
To Start the Agent Application
To Set Up the Agent Authentication Provider
To Edit the AMAgent.properties File
8.4 Setting Up a Test for the J2EE Policy Agent 1
To Deploy the Sample Application
To Create Roles in the External Data Store
To Create a Test Referral Policy in the Base Suffix
To Create a Test Policy in the User Realm
To Configure J2EE Properties for the Sample Application
To Verify that J2EE Policy Agent 1 is Configured Properly
8.5 Configuring Access Manager to Communicate Over SSL
To Import the Root CA Certificate into the Application Server Keystore
To Configure the J2EE Policy Agent for SSL
To Verify that J2EE Policy Agent 1 is Configured Properly
To Configure the Policy Agents to Access the Distributed Authentication UI Server
8.6 Installing Web Server 2 and Web Policy Agent 2
To Install Web Server 2 on Protected Resource 2
To Install Web Policy Agent 2
To Verify that Web Policy Agent 2 Works Properly
To Import the Root CA Certificate into the Web Server 2 Key Store
To Create an Agent Profile on Access Manager
To Configure the Web Policy Agent to Use the New Agent Profile
8.7 Installing Application Server 2 and J2EE Policy Agent 2
To Install Application Server 2 on Protected Resource 2
To Create an Agent Profile on Access Manager
To Run the J2EE Policy Agent Installer on Application Server 2
8.8 Completing the J2EE Policy Agent 2 Installation
To Modify the Application Server Startup Script
To Deploy the Agent Application
To Start the Agent Application
To Set Up the Agent Authentication Provider
To Edit the AMAgent.properties File
8.9 Setting Up a Test for the J2EE Policy Agent 2
To Deploy the Sample Application
To Restart the Application Server
To Create a Test Referral Policy in the Base Suffix
To Create a Test Policy in the User Realm
To Configure J2EE Properties for the Sample Application
To Verify that J2EE Policy Agent 2 is Configured Properly
8.10 Configuring Access Manager to Communicate Over SSL
To Configure the J2EE Policy Agent for SSL
To Import a Root CA Certificate into the Application Server 2 Key Store
To Verify that J2EE Policy Agent 2 is Configured Properly
To Configure the J2EE Policy Agents to Access the Distributed Authentication UI Server
Chapter 9 Setting Up Load Balancers for the Policy Agents
9.1 Configuring the Web Policy Agents Load Balancer
To Configure the Web Policy Agents Load Balancer
To Configure the Web Policy Agent
To Create Policies for the Agent Resources
To Verify that the Web Policy Agents Load Balancer is Working Properly
9.2 Configuring the J2EE Policy Agents Load Balancer
To Configure the J2EE Policy Agents Load Balancer
To Configure the Agent
To Create Polices for the Agent Resources
To Verify that the J2EE Policy Agents Load Balancer is Working Properly
Chapter 10 Implementing Session Failover
10.1 Installing Two Message Queue Instances
To Install Message Queue 1
To Install Message Queue 2
10.2 Installing the Access Manager Session Failover Components
To Install Access Manager Session Failover Components on Message Queue 1
To Install Access Manager Session Failover Components on Message Queue 2
To Identify The Session Store Components In Access Manager
To Edit the Access Manager Web Server Configuration Files
To Verify that Session Failover Works Properly
Part III Reference: Summaries of Server and Component Configurations
Appendix A Directory Servers
Appendix B Access Manager Servers
Appendix C Distributed Authentication UI Servers
Appendix D Sun Java System Web Servers and Web Policy Agents
Appendix E WebLogic Application Servers and J2EE Policy Agents
Appendix F Load Balancers
Appendix G Message Queue Servers
Appendix H Known Issues and Limitations
© 2010, Oracle Corporation and/or its affiliates