Access Manager provides the amsfoconfig script to configure an Access Manager deployment for session failover.
On Windows systems, Access Manager provides the amsfo.pl script and amsfo.conf file to configure an Access Manager deployment for session failover. To run this script, Active Perl version 5.8 or later is required.
To run the amsfoconfig script, an Access Manager deployment must meet the following requirements:
Two or more Access Manager instances must be installed and configured in the deployment, but the deployment cannot be configured as a site. If the amsfoconfig script determines that the deployment is configured as a site or that any of the server entries in the platform server list are site enabled, the script displays a message and exits. To configure session failover manually, see Configuring Session Failover Manually
The Java Message Queue (MQ) broker must be installed and configured on at least two servers in the deployment.
The Berkeley DB client and database must be installed and configured in the deployment.
Directory Server must be running, accessible to the script, and configured with Access Manager data.
The amsfoconfig script reads the amsfo.conf configuration file and then configures an Access Manager deployment for session failover by performing these functions:
Configures a new site. The script uses the Access Manager instances in the platform server list and the load balancer information from the amsfo.conf file to create a new site for the Access Manager session failover deployment. The script modifies the existing platform server list, so that after the site is configured, all server entries under the platform server list then belong to the site.
For example, http://server1.example.com:80|01 changes to http://server1.example.com:80|01|10, if the default value of 10 is used as the SiteID.
Modifies the existing Realm/DNS alias list. The script appends the host name of the load balancer to the list. This host name is obtained from the lbServerHost variable of the amsfo.conf file.
Loads session failover configuration XML into Directory Server. The script dynamically generates the session configuration XML file based on the configuration information and loads the generated XML into Directory Server. This information corresponds to the Secondary Configuration Instance under Session in the Access Manager Console.
The following table lists the Access Manager session failover scripts and configuration files.
Table 6–2 Access Manager Session Failover Scripts and Configuration Files
Name |
Description and Location |
---|---|
amsofconfig |
Script to configure Access Manager for session failover. Solaris systems: AccessManager-base/SUNWam/bin Linux systems: AccessManager-base/identity/bin |
amsfo |
Script to start and stop the Message Queue broker and amsessiondb client. Solaris systems: AccessManager-base/SUNWam/bin Linux systems: AccessManager-base/identity/bin |
amsfopassword |
Script to generate the encrypted Message Queue broker user password. Solaris systems: AccessManager-base/SUNWam/bin Linux and HP-UX systems: AccessManager-base/identity/bin Windows systems: javaes-install-dir\identity\bin javaes-install-dir represents the Java ES 5 installation directory. The default value is C:\Program Files\Sun\JavaES5. |
amsfo.conf |
Session failover configuration file. Solaris systems: AccessManager-base/SUNWam/lib Linux and HP-UX systems: AccessManager-base/sun/identity/lib Windows systems: javaes-install-dir\identity\lib javaes-install-dir represents the Java ES 5 installation directory. The default value is C:\Program Files\Sun\JavaES5. |
amProfile.conf |
Session failover environment file. Solaris systems: etc/opt/SUNWam/config Linux and HP-UX systems: etc/opt/sun/identity/config Windows systems: javaes-install-dir\identity\config javaes-install-dir represents the Java ES 5 installation directory. The default value is C:\Program Files\Sun\JavaES5. |
AccessManager-base represents the base installation directory for Access Manager. The default values are: Solaris systems: /opt Linux and HP-UX systems: /opt/sun |
The amsfoconfig script configures Access Manager for session failover.
Log in as or become superuser (root).
Set the variables in the amsfo.conf file, as described in Table 6–3.
Run the amsfoconfig script (or amsfo.pl script on Windows systems) . For example, on a Solaris system with Access Manager installed in the default directory:
# cd /opt/SUNWam/bin # ./amsfoconfig
The script displays status information as it runs.
When the script prompts you, enter the following passwords:
Access Manager administrator (amAdmin) password
Message Queue broker user password
To check the results, see the /var/tmp/amsfoconfig.log file.
The following table describes the variables in the amsfo.conf file that are used by the amsfoconfig script. Set these variables as needed for your deployment before you run the amsfoconfig script.
Table 6–3 Variables in the amsfo.conf File Used by the amsfoconfig Script
Variable |
Description |
---|---|
CLUSTER_LIST |
Message Queue broker list participating in the cluster. The format is: host1:port,host2:port,host3:port For example: jmq1.example.com:7777,jmq2.example.com:7777,jmq3.example.com:7777 There is no default. |
lbServerPort |
Port for the load balancer. The default is 80. |
lbServerProtocol |
Protocol (http or https) used to access the load balancer. The default is http. |
lbServerHost |
Name of the load balancer. For example: lbhost.example.com |
SiteID |
Identifier for the new site (and the load balancer) that the amsfoconfig script will create. SiteID can be any value greater than the Server IDs that already exist in the platform server list. The default is 10. |
The following example shows a sample run of the amsfoconfig script.
==================================================================== Welcome to Sun Java System Access Manager 7 2005Q4 Session Failover Configuration Setup script. ==================================================================== ==================================================================== Checking if the required files are present... ==================================================================== Running with the following Settings. ------------------------------------------------- Environment file: /etc/opt/SUNWam/config/amProfile.conf Resource file: /opt/SUNWam/lib/amsfo.conf ------------------------------------------------- Using /opt/SUNWam/bin/amadmin Validating configuration information. Done... Please enter the LDAP Admin password: (nothing will be echoed): password1 Verify: password1 Please enter the JMQ Broker User password: password2(nothing will be echoed): Verify: password2 Retrieving Platform Server list... Validating server entries. Done... Retrieving Site list... Validating site entries. Done... Validating host: http://amhost1.example.com:80|01 Validating host: http://amhost2.example.com:80|02 Done... Creating Platform Server XML File... Platform Server XML File created successfully. Creating Session Configuration XML File... Session Configuration XML File created successfully. Creating Organization Alias XML File... Organization Alias XML File created successfully. Loading Session Configuration schema File... Session Configuration schema loaded successfully. Loading Organization Alias List File... Organization Alias List loaded successfully. Loading Platform Server List File... Platform Server List server entries loaded successfully. Please refer to the log file /var/tmp/amsfoconfig.log for additional information. ################################################################### Session Failover Setup Script. Execution end time 12/12/06 15:03:30 ###################################################################