test

Sun Java System Access Manager Policy Agent 2.2 Guide for Sun Java System Application Server 9.0/Web Services

Installing Access Manager

The initial step in installing Access Manager 7.1 is to deploy the Access Manager WAR as a web application using the Application Server administration console. Instructions on how to do this can be found in Downloading an Access Manager 7.1 WAR File in Sun Java System Access Manager 7.1 Postinstallation Guide. Following is the procedure to complete the installation of Access Manager 7.1.

ProcedureTo Complete the Installation of Access Manager 7.1

The following configurations will complete the installation of Access Manager 7.1.

Before You Begin

These instructions assume that Sun Java System Application Server Platform Edition 9.0 has already been installed and the Access Manager WAR has already been deployed. For more information, see Sun Java System Application Server Platform Edition 9 Installation Guide and Downloading an Access Manager 7.1 WAR File in Sun Java System Access Manager 7.1 Postinstallation Guide respectively.

  1. Add the following as Java security permissions to the server.policy file of the Application Server.

    Each Application Server domain has its own standard J2SE policy file named server.policy. It is located in the domain-dir/config directory. More information can be found in The server.policy File in Sun Java System Application Server Platform Edition 9 Developer’s Guide.

    // ADDITIONS FOR Access Manager
 grant codeBase "file:\${com.sun.aas.instanceRoot}/applications/j2ee-modules/amserver/-" {
      permission java.net.SocketPermission "*", "connect,accept,resolve";
      permission java.util.PropertyPermission "*", "read, write";
      permission java.lang.RuntimePermission "modifyThreadGroup";
      permission java.lang.RuntimePermission "setFactory";
      permission java.lang.RuntimePermission "accessClassInPackage.*";
      permission java.util.logging.LoggingPermission "control";
      permission java.lang.RuntimePermission "shutdownHooks";
      permission javax.security.auth.AuthPermission "insertProvider.Mozilla-JSS";
      permission java.security.SecurityPermission "putProviderProperty.Mozilla-JSS";
      permission javax.security.auth.AuthPermission "getLoginConfiguration";
      permission javax.security.auth.AuthPermission "setLoginConfiguration";
      permission javax.security.auth.AuthPermission "modifyPrincipals";
      permission javax.security.auth.AuthPermission "createLoginContext.*";
      permission java.security.SecurityPermission "insertProvider.Mozilla-JSS";
      permission javax.security.auth.AuthPermission "putProviderProperty.Mozilla-JSS";
      permission java.io.FilePermission "<<ALL FILES>>", "execute,delete";
      permission java.util.PropertyPermission "java.util.logging.config.class", "write";
      permission java.security.SecurityPermission "removeProvider.SUN";
      permission java.security.SecurityPermission "insertProvider.SUN";
      permission java.security.SecurityPermission "removeProvider.Mozilla-JSS";
      permission javax.security.auth.AuthPermission "doAs";
      permission java.util.PropertyPermission "java.security.krb5.realm", "write";
      permission java.util.PropertyPermission "java.security.krb5.kdc", "write";
      permission java.util.PropertyPermission "java.security.auth.login.config", "write";
      permission java.util.PropertyPermission "user.language", "write";
      permission javax.security.auth.kerberos.ServicePermission "*", "accept";
      permission javax.net.ssl.SSLPermission "setHostnameVerifier";
      permission java.security.SecurityPermission "putProviderProperty.IAIK";
      permission java.security.SecurityPermission "removeProvider.IAIK";
      permission java.security.SecurityPermission "insertProvider.IAIK";
      
   };
   // END OF ADDITIONS FOR Access Manager

  2. Auto POST the following configuration data to configurator.jsp.

    configurator.jsp is the dynamic configuration page for the Access Manager single WAR application. It is used after deploying the WAR. When you launch Access Manager 7.1, if you have not yet configured the application, you will be directed to configurator.jsp. If Access Manager 7.1 is already configured, you will be directed to the Access Manager Console login page. configurator.jsp is located in the Access Manager_protocol://Access Manager_host:Access Manager_port/amserver/ directory. The required request parameters in configurator.jsp and accompanying values are:

    • SERVER_URL: The fully qualified name and port of the host on which Access Manager is installed. Use the format:

      Access Manager_protocol://Access Manager_host:Access Manager_port

    • SERVER_URI: By default, the value is /amserver.

    • BASE_DIR: The path to the directory in which Access Manager will create its flat file database. By default, /tmp/amserver.

    • ADMIN_PWD: The password of the top-level administrator; by default, admin123.

    • ADMIN_CONFIRM_PWD: Confirmation of the password defined in ADMIN_PWD.

    More information on the configurator.jsp can be found in Chapter 12, Deploying Access Manager as a Single WAR File, in Sun Java System Access Manager 7.1 Postinstallation Guide.

    Note –

    Auto POST means to use an HTTP POST of the required request parameters for this JavaServer Page (JSP) programmatically (from the installer code itself) without showing these parameters or prompting the user.

  3. Check that the Access Manager server is running using the following URL:

    Access Manager_protocol://Access Manager_host:Access Manager_port/amserver/isAlive.jsp

  4. Log in to Access Manager as the top-level administrator using the following URL:

    Access Manager_protocol://Access Manager_host:Access Manager_port/amserver

    By default, the top-level administrator is amadmin, and the amadmin password is admin123.