Configuring Access Manager With Directory Server in SSL Mode

Access Manager uses the LDAPS communications protocol to provide secure communications over the network with Directory Server. LDAPS is the standard LDAP protocol that runs on top of the Secure Sockets Layer (SSL) to encrypt data. The basic steps are as follows:

• Configuring Directory Server in SSL Mode

• Configuring Access Manager to Connect to an SSL-Enabled Directory Server

Configuring Directory Server in SSL Mode

To configure Directory Server in SSL mode, you must obtain and install a server certificate, configure Directory Server to trust the CA’s certificate, and then enable SSL. For the detailed steps to complete these tasks, see Using SSL With Directory Server in Sun Java System Directory Server Enterprise Edition 6.0 Administration Guide.

After you finish, or if your Directory Server is already SSL-enabled, continue with the next section to configure Access Manager to connect to the SSL-enabled Directory Server.

Configuring Access Manager to Connect to an SSL-Enabled Directory Server

After Directory Server is configured for SSL mode, you must configure Access Manager to securely connect to Directory Server. You perform some of the following steps in the Access Manager Console, and then you edit the serverconfig.xml and AMConfig.properties files.

To Configure Access Manager to Connect to an SSL-Enabled Directory Server

1. Login to the Access Manager Console as amadmin.

2. Click the Configuration tab.

3. Under Authentication Service Name, click LDAP.

   On the LDAP pane:

   1. Under Primary LDAP Server, change the Directory Server port to the SSL port.

   2. For SSL Access to LDAP Server, click Enabled.

   3. Click Save.

4. Click Back to Configuration and then under Authentication Service Name, click Membership.

   On the Membership pane:

   1. Under Primary LDAP Server, change the Directory Server port to the SSL port.

   2. For SSL Access to LDAP Server, click Enabled.

   3. Click Save.

5. Click Back to Configuration and then under Global Properties, click Policy Configuration.

   On the Policy Configuration pane:

   1. Under Primary LDAP Server, change the Directory Server port to the SSL port.

   2. For LDAP SSL, click Enabled.

   3. Click Save and log out of the console.

6. In the serverconfig.xml file, change the following values in the <Server> element:

   • For port, specify the SSL port to which Access Manager listens (default is 636).

   • For type, change SIMPLE to SSL.

7. In the AMConfig.properties file, set the following properties:

   • com.iplanet.am.directory.port=636 (if you are using the default port)

   • com.iplanet.am.directory.ssl.enabed=true

8. Restart the Access Manager web container.

Configuration File Locations

The serverconfig.xml and AMConfig.properties files are in the following directory, depending on you platform:

• Solaris systems: /etc/opt/SUNWam/config

• Linux systems: /etc/opt/sun/identity/config