# Copyright 2005 Sun Microsystems, Inc. All rights reserved. # # Sun Microsystems, Inc. has intellectual property rights relating to # technology embodied in the product that is described in this document. # In particular, and without limitation, these intellectual property rights # may include one or more of the U.S. patents listed at # http://www.sun.com/patents and one or more additional patents or pending # patent applications in the U.S. and in other countries. # # U.S. Government Rights - Commercial software. Government users are subject # to the Sun Microsystems, Inc. standard license agreement and applicable # provisions of the FAR and its supplements. # # Use is subject to license terms. # # This distribution may include materials developed by third parties.Sun, # Sun Microsystems and the Sun logo are trademarks or registered trademarks # of Sun Microsystems, Inc. in the U.S. and other countries. # # Copyright 2005 Sun Microsystems, Inc. Tous droits rservs. # Sun Microsystems, Inc. dtient les droits de proprit intellectuels relatifs # technologie incorpore dans le produit qui est dcrit dans ce document. # En particulier, et ce sans limitation, ces droits de proprit # intellectuelle peuvent inclure un ou plus des brevets amricains lists # adresse http://www.sun.com/patents et un ou les brevets supplmentaires # ou les applications de brevet en attente aux Etats - Unis et dans les # autres pays. # # L'utilisation est soumise aux termes du contrat de licence. # # Cette distribution peut comprendre des composants dvelopps par des # tierces parties. # # Sun, Sun Microsystems et le logo Sun sont des marques de fabrique ou des # marques dposes de Sun Microsystems, Inc. aux Etats-Unis et dans # d'autres pays. ############################################################################## ### ### Access Manager common deployment variables. The variables in the common ### section, as well as those in the container specific sections must be ### set to the proper values for the amconfig script to successfully ### configure or deploy Access Manager. ### ### DEPLOY_LEVEL is a numeric value corresponding to the type of installation ### which should be performed. See supported values below. ### ### DEPLOY_LEVEL possible values ### 1 = Full install ### 2 = Console only install ### 3 = SDK only install ### 4 = SDK only with container config ### 5 = Federation common domain install ### 6 = Server only install ### 7 = Container config ### 8 = Distributed Auth ### 9 = Client SDK ### 10 = AM Single War ### 11 = Full uninstall ### 12 = Uninstall console only ### 13 = Uninstall SDK ### 14 = Uninstall SDK and unconfig container ### 15 = Uninstall Federation ### 16 = Uninstall server ### 17 = Uninstall container config ### 18 = Uninstall Distributed Auth ### 19 = Uninstall Client SDK ### 21 = Redeploy console password services common ### 26 = Undeploy console password services common ### ### SERVER_PROTOCOL is the protocol (http or https) used by the web ### container instance on which the Access Manager server has been or ### will be deployed. ### ### SERVER_NAME is the name of the host on which ### the Access Manager server (/amserver) has been or will be deployed. ### ### SERVER_HOST is the fully qualified domain name of the host on which ### the Access Manager server (/amserver) has been or will be deployed. ### ### SERVER_PORT is the port on SERVER_HOST on which the Access Manager ### server has been or will be deployed. ### ### ADMIN_PORT is the port on which the administration ### instance will listen for connections. ### ### ADMIN_PORT default values are: ### 4849 => Application Server 8.x ### 7001 => WebLogic 8.x ### 9080 => Websphere 5.1 ### 8989 => Webserver 7.0 ### ### DS_HOST is the fully qualified domain name of the host on which the ### directory server is running. ### ### DS_HOST is the fully qualified domain name of the host on which the ### directory server is running. ### ### DS_DIRMGRPASSWD is the password for the directory manager. ### ### ROOT_SUFFIX is the initial or root suffix of the directory server. ### ### ADMINPASSWD, the amadmin password, and AMLDAPUSERPASSWD, the amldapuser ### password, must be set to different values ### ### COOKIE_DOMAIN contains the name(s) of the trusted DNS domain(s) that ### Access Manager returns to a browser when it grants a session ID to a user. ### ### AM_ENC_PWD is the password encryption key. In a multiserver installation, ### this parameter must have the same value as the other servers. By default, ### ### AM_ENC_PWD is set to "" which means that Access Manager will generate a ### random password encryption key. ### ### NEW_OWNER is the user which will have ownership of the Access Manager ### files. ### ### NEW_GROUP is the group which corresponds to NEW_OWNER. Solaris 8 and 9 ### installations using root as NEW_OWNER should set this parameter to other. ### Solaris 10 and Linux installations using root as NEW_OWNER should set ### NEW_GROUP to root as the same default value. ### ### PAM_SERVICE_NAME is the name of the PAM service from the PAM ### configuration/stack that comes with the OS and is used for the Unix ### authentication module (normally 'other' for Solaris or 'password' for ### Linux) ### ### WEB_CONTAINER is the web container on which Access Manager will be ### configured and/or deployed. See supported values below. ### ### WEB_CONTAINER values can be: ### AS8 => Application Server 8.1 ### WAS5 => IBM WebSphere 5.x ### WL8 => BEA WebLogic 8.x ### WS6 => Sun Web Server 6.x ### WS => Sun Web Server ############################################################################# DEPLOY_LEVEL=1 SERVER_PROTOCOL=http # The following entries contain sample values! # These should be modified for your specific installation # and then uncommented (remove the # from the line) # SERVER_NAME=servername SERVER_HOST=$SERVER_NAME.domain.com SERVER_PORT=38080 ADMIN_PORT=4849 DS_HOST=domain.com DS_DIRMGRPASSWD=dmpassword ROOT_SUFFIX="dc=ROOT_SUFFIX,dc=com" ADMINPASSWD=ampassword AMLDAPUSERPASSWD=password COOKIE_DOMAIN=.domain.com AM_ENC_PWD="passwordpassword" NEW_OWNER=root NEW_GROUP=root PAM_SERVICE_NAME=root WEB_CONTAINER=AS8 ############################################################################## ### DISTAUTH_PROTOCOL is the protocol (http or https) used by the web ### container instance on which the Distributed Authentication web ### application has been or will be deployed. ### ### DISTAUTH_HOSTNAME is the fully qualified host where a distributed ### authentication server is located. ### ### DISTAUTH_PORT is the port on DISTAUTH_HOST on which the distributed ### authentication server has been or will be deployed. ### ### APPLICATION_USER is the user name for the application. ### ### APPLICATION_PASSWD is the users password for the application. ### ### AM_ENC_SECRET sets the password encryption secret key from the Server. ### ### AM_ENC_LOCAL sets the password encryption key. ### ### DEBUG_LEVEL is used to configure the debug service. Possible values ### are: error | warning | message ### ### DEBUG_DIR is directory where the debug files will be created. ### ############################################################################## DISTAUTH_PROTOCOL=http #DISTAUTH_HOST=distAuth_sample.com #DISTAUTH_PORT=80 #APPLICATION_USER=username #APPLICATION_PASSWD=11111111 #AM_ENC_SECRET="" #AM_ENC_LOCAL="" DEBUG_LEVEL=error DEBUG_DIR=/var/opt/SUNWam/logs ############################################################################## ### SSL_PASWORD is used when a container is automatically restarted ############################################################################## SSL_PASSWORD="sample" ############################################################################## ### BASEDIR is the directory in which the Access Manager jars, libraries, ### utilities, etc. will be installed. ### ### PLATFORM_DEFAULT indicates /opt on Solaris and /opt/sun on Linux. ### ### To use a base directory other than the default, set the BASEDIR variable ### below to the directory you want to use. ############################################################################## BASEDIR=/space/AM ############################################################################## ### CONSOLE_HOST is the fully qualified domain name of the host on which ### the Access Manager Console has been or will be deployed. ### ### CONSOLE_PORT is the port on CONSOLE_HOST on which the Access Manager ### console has been or will be deployed. ### ### CONSOLE_PROTOCOL is the protocol (http or https) used by the web ### container instance on which the Access Manager console has been or ### will be deployed. ############################################################################## CONSOLE_HOST=$SERVER_HOST CONSOLE_PORT=$SERVER_PORT CONSOLE_PROTOCOL=$SERVER_PROTOCOL ############################################################################## ### CONSOLE_REMOTE should be set to true if the Access Manager console ### is or will be running on a different web container instance than the ### the Access Manager server. ############################################################################## CONSOLE_REMOTE=false ############################################################################## ### SERVER_DEPLOY_URI is the URI prefix for accessing content associated ### with the Access Manager server and Access Manager 7.0 administration ### console. ### ### CONSOLE_DEPLOY_URI is the URI prefix for accessing content associated ### with the Access Manager 6.3 administration console. ### ### PASSWORD_DEPLOY_URI is the URI prefix for accessing content associated ### with the Access Manager password reset module. ### ### COMMON_DEPLOY_URI is the URI prefix for accessing content associated ### with the Access Manager common domain services. ### ### DISTAUTH_DEPLOY_URI is the URI prefix for accessing content associated ### with the Distributed Authentication web application. ### ### CLIENT_DEPLOY_URI is the URI prefix for accessing content associated ### with the Client SDK. ############################################################################## SERVER_DEPLOY_URI=/amserver CONSOLE_DEPLOY_URI=/amconsole PASSWORD_DEPLOY_URI=/ampassword COMMON_DEPLOY_URI=/amcommon DISTAUTH_DEPLOY_URI=/amdistauth CLIENT_DEPLOY_URI=/amclient ############### Configuration for Directory Server ######################### ############################################################################# ### DIRECTORY_MODE is a numeric value which determines how Access Manager ### will configure the directory server. ### ### DIRECTORY_MODE possible values ###1 = Default (Fresh new installation of a DIT) ### ###2 = Existing DIT (Naming attributes and object classes are same, ### to load installExisting.ldif and umsExisting.xml. Also ### do the tag swapping.) ### ###3 = Existing DIT Manual(Naming attributes and object classes are ### different, so do NOT load installExisting.ldif and ### umsExisting.xml. Do the tag swapping only. Do NOT delete ### ldif files, and amserveradmin after installation. All the ### ldif files and the services will be loaded manually by the ### user later.) ### ###4 = Existing Multiserver(Only do tag swapping). It will be ### modified later to add more features. Currently it is same ### as option 5. ### ###5 = Existing upgrade (Only do tag swapping) ### ### DS_PORT is the port on which the directory server on DS_HOST is running. ### ### DS_DIRMGRDN is the DN (distinguished name) of the directory manager, ### the user who has unrestricted access to Directory Server. ### ### USER_NAMING_ATTR is the user naming attribute in the directory server. ### ### ORG_NAMING_ATTR is the organization naming attribute in the directory ### server. ### ### ORG_OBJECT_CLASS is the organization object class. ### ### USER_OBJECT_CLASS is the user object class. ### ### DEFAULT_ORGANIZATION is the default organization name. ############################################################################# DIRECTORY_MODE=1 DS_PORT=389 DS_DIRMGRDN="cn=Directory Manager" USER_NAMING_ATTR=uid ORG_NAMING_ATTR=o ORG_OBJECT_CLASS=sunismanagedorganization USER_OBJECT_CLASS=inetorgperson DEFAULT_ORGANIZATION= ############### Required for Active Directory Configuration ################ ############################################################################# ### To store service schema and services in a different datastore namely, ### Active Directory Support, change the values here. ### CONFIG_AD set to true if AD is chosen as configuration data store. ### Active Directory schema will be loaded. ############################################################################## CONFIG_AD="false" CONFIG_SERVER=$DS_HOST CONFIG_PORT=$DS_PORT CONFIG_ADMINDN="cn=dsameuser,ou=DSAME Users" CONFIG_ADMINPASSWD="$ADMINPASSWD" ############################################################################## ### JAVA_HOME is the JDK installation directory. This value of this ### parameter will be the JDK which will be used by Access Manager ### utilities (for example, the amadmin script). ############################################################################## JAVA_HOME=/usr/jdk/entsys-j2se ############################################################################## ### AM_REALM indicates whether realm mode should be enabled. ### If AM_REALM is set to disabled, then Access Manager will operate in ### compatiblity mode to use Access Manager 6.x directory information. ############################################################################## AM_REALM=disabled ############################################################################## ### PLATFORM_LOCALE is the locale of Access Manager. ############################################################################## PLATFORM_LOCALE=en_US XML_ENCODING=ISO-8859-1 ############################################################################# ### NEW_INSTANCE should be set to true when deploying Access Manager to ### a new user-created web container instance. ############################################################################# NEW_INSTANCE=false ############### Required for Application Server 8.x ######################## ############################################################################# ### AS81_HOME is the directory which contains the Application Server 8.1 ### utilities (bin) directory. The default value for Linux installations ### should be /opt/sun/appserver. ### ### AS81_PROTOCOL is the protocol (http or https) which is being used ### by the Application Server instance. ### ### AS81_HOST is the fully qualified domain name on which the Application ### Server instance listens for connections. ### If using Distributed Authentication this should be set to the same ### value as DISTAUTH_HOST. ### ### AS81_PORT is the port on which the Application Server instance will ### listen for connections. ### ### AS81_ADMINPORT is the port on which the Application Server administration ### instance will listen for connections. ###Default for Application Server is 4849 ### ### AS81_ADMIN is the user ID of the Application Server administrator. ### ### AS81_ADMINPASSWD is the password of the Application Server administrator. ### ### AS81_INSTANCE is the name of the Application Server instance on which ### Access Manager will be configured and/or deployed. ### ### AS81_DOMAIN is the name of the Application Server domain in which the ### Application Server instance exists. ### ### AS81_INSTANCE_DIR is the path to the directory where the Application ### Server instance stores its files. The default value for Linux ### installations is /var/opt/sun/apppserver/domains/domain1. ### ### AS81_DOCS_DIR is the document root of the Application Server instance ### on which Access Manager will be configured and/or deployed. The default ### value for Linux installations is ### /var/opt/sun/appserver/domains/domain1/docroot. ### ### AS81_ADMIN_IS_SECURE (true / false) specifies whether the Application ### Server administration instance is using SSL. By default this should be ### set to true. ############################################################################# AS81_HOME=/space/AS/appserver AS81_PROTOCOL=$SERVER_PROTOCOL AS81_HOST=$SERVER_HOST #AS81_HOST=$DISTAUTH_HOST AS81_PORT=$SERVER_PORT AS81_ADMINPORT=$ADMIN_PORT AS81_ADMIN=admin AS81_ADMINPASSWD="password" AS81_INSTANCE=server1 AS81_DOMAIN=domain1 AS81_INSTANCE_DIR=/space/AS/nodeagents/node1/server1 AS81_DOCS_DIR=/space/AS/nodeagents/node1/server1/docroot AS81_ADMIN_IS_SECURE=true ############### Required for BEA WebLogic 8.1.x ################################ ############################################################################# ### WL8_HOME is the installation directory for WebLogic 8.1. ### ### WL8_PROJECT_DIR is the name of the WebLogic projects directory. ### ### WL8_DOMAIN is the name of the WebLogic domain in which Access Manager will ### be configured and/or deployed. ### ### WL8_CONFIG_LOCATION should be set to the parent directory of the ### directory where the WebLogic start script (by default startWebLogic.sh) ### exists for the domain on which Access Manager is being deployed ### ### WL8_SERVER is the name of the WebLogic server instance in which ### Access Manager will be configured and/or deployed. ### ### WL8_INSTANCE is the directory under which the WebLogic libraries ### and utility classes reside. ### ### WL8_PROTOCOL is the protocol (http or https) which is being used by the ### WebLogic instance. ### ### WL8_HOST is the hostname on which the WebLogic instance is listening ### for connections. ### If using Distributed Authentication this should be set to the same ### value as DISTAUTH_HOST. ### ### WL8_PORT is the port on which the WebLogic instance is listening ### for HTTP connections. ###Default for WebLogic is 7001 ### ### WL8_SSLPORT is the port on which the WebLogic instance is listening ### for HTTPS connections. ###Default for WebLogic is 7002 ### ### WL8_ADMIN is the username for the WebLogic administrator. ### ### WL8_PASSWORD is the password for the WebLogic administrator. ### ### WL8_JDK_HOME is the base directory of the JDK in which WebLogic is ### running. ############################################################################# WL8_HOME=/usr/local/bea WL8_PROJECT_DIR=user_projects WL8_DOMAIN=mydomain WL8_CONFIG_LOCATION=$WL8_HOME/$WL8_PROJECT_DIR/domains WL8_SERVER=myserver WL8_INSTANCE=$WL8_HOME/webLogic81 WL8_PROTOCOL=$SERVER_PROTOCOL WL8_HOST=$SERVER_HOST #WL8_HOST=$DISTAUTH_HOST WL8_PORT=$SERVER_PORT WL8_SSLPORT=$ADMIN_PORT WL8_ADMIN="webLogic" WL8_PASSWORD="$ADMINPASSWD" WL8_JDK_HOME=$WL8_HOME/jdk142_04 ############### Required for IBM WebSphere 5.1 ################################ ############################################################################# ### WAS51_HOME is the WebSphere 5.1 installation directory. ### ### WAS51_JDK_HOME is the base directory of the WebSphere JDK. ### ### WAS51_CELL is the name of cell in which the WebSphere instance resides. ### ### WAS51_NODE is the name of node on which the WebSphere instance resides. ### ### WAS51_INSTANCE is the name of the WebSphere instance on which Access ### Manager will be configured and/or deployed. ### ### WAS51_PROTOCOL is the protocol (http or https) which is being used by the ### WebSphere instance. ### ### WAS51_HOST is the hostname on which the WebSphere instance is listening ### for connections. ### If using Distributed Authentication this should be set to the same ### value as DISTAUTH_HOST. ### ### WAS51_PORT is the port on which the WebSphere instance is listening ### for HTTP connections. ###Default for WebSphere is 9080 ### ### WAS51_SSLPORT is the port on which the WebSphere instance is listening ### for HTTPS connections. ### ### WAS51_ADMIN is the username for the WebSphere administrator. ### ### WAS51_ADMINPORT is the port on which the WebSphere administration ### instance will listen for connections. ###Default for WebSphere is 9090 ############################################################################# WAS51_HOME=/opt/WebSphere/AppServer WAS51_JDK_HOME=/opt/WebSphere/AppServer/java WAS51_CELL=$SERVER_NAME WAS51_NODE=$SERVER_NAME WAS51_INSTANCE=server1 WAS51_PROTOCOL=$SERVER_PROTOCOL WAS51_HOST=$SERVER_NAME #WAS51_HOST=$DISTAUTH_HOST WAS51_PORT=$SERVER_PORT WAS51_SSLPORT=9081 WAS51_ADMIN="admin" WAS51_ADMINPORT=$ADMIN_PORT ############### Required for Web Server ############################### ############################################################################# ### WS_INSTANCE is the name of the Web Server instance on which Access ### Manager will be configured and/or deployed. The value of this parameter ### should correspond to a directory beneath WS61_HOME. The default for WS6.x ### is https-$SERVER_HOST. For WS7.x the default is $SERVER_HOST. ### ### WS_CONFIG is the name of the Web Server configuration. ### ### WS_HOME is the Web Server instance directory. The default value ### for Linux installations is /var/opt/sun/webserver7/$WS_INSTANCE. ### ### WS_PROTOCOL is the protocol (http or https) which is being used by ### the Web Server instance. ### ### WS_HOST is the fully qualified domain name on which the Web Server ### instance is listening for connections. ### If using Distributed Authentication this should be set to the same ### value as DISTAUTH_HOST. ### ### WS_PORT is the port on which WS_INSTANCE will listen for connections. ###Default for Webserver is 80 ### ### WS_ADMINPORT is the port on which the Web Server administration ### instance will listen for SSL connections. ###Default for Webserver is 8989 ### ### WS_ADMIN is the user ID of the Web Server administrator. ### ### WS_PASSWORD is the password for the Webserver administrator (defaults to ### the same value as the amadmin password). ### ############################################################################# WS61_INSTANCE=https-$SERVER_HOST WS61_HOME=/opt/SUNWwbsvr WS61_PROTOCOL=$SERVER_PROTOCOL WS61_HOST=$SERVER_HOST WS61_PORT=$SERVER_PORT WS61_ADMINPORT=$ADMIN_PORT WS61_ADMIN="admin" WS_INSTANCE=$SERVER_HOST WS_CONFIG=$SERVER_HOST WS_HOME=/var/opt/SUNWwbsvr7 WS_PROTOCOL=$SERVER_PROTOCOL WS_HOST=$SERVER_HOST #WS_HOST=$DISTAUTH_HOST WS_PORT=$SERVER_PORT WS_ADMINPORT=$ADMIN_PORT WS_ADMIN="admin" WS_ADMINPASSWD=$ADMINPASSWD ############################################################################# |