Installing and Configuring a Distributed Authentication UI Server Using the Java ES Installer
Installing and configuring (or reconfiguring) a Distributed Authentication UI server involves running the Java ES installer and the amconfig script on the server. One or more Access Manager full server instances must be installed and running remotely in the deployment.
To Install and Configure a Distributed Authentication
UI Server
-
Log in as or become superuser (root) on the Distributed Authentication UI server.
-
Get the Java ES installer. For information, see Getting the Java ES Installer.
-
Install the Access Manager web container that you plan to use for the Distributed Authentication UI server:
-
Web Server or Application Server: Install using the Java ES installer.
-
BEA WebLogic Server or IBM WebSphere Application Server: See the respective BEA or IBM product documentation for installation instructions.
-
-
Install the Distributed Authentication UI subcomponent by running the Java ES installer with either the Configure Now or Configure Later option. On the installer Component Selection page, check Distributed Authentication.
If you are using the Configure Now option, see Distributed Authentication UI Server Configuration Variables for the values that you must specify during installation.
-
If you specified the Configure Later option during the previous step, or if you need to reconfigure the Distributed Authentication UI server, run the amconfig script as follows:
-
Copy the amsamplesilent file and set the configuration variables in the new file. For example, you might name the new file as DistAuth_config.
On Windows systems, copy the AMConfigurator.properties file to AMConfigurator-distauth.properties.
For the variables that you need to set, see Distributed Authentication UI Server Configuration Variables.
-
Run the amconfig script using the new configuration file. For example, on a Solaris system with Access Manager installed in the default directory:
# cd /opt/SUNWam/bin # ./amconfig -s ./DistAuth_config
On Windows systems, in the amconfig.bat file, change AMConfigurator.properties to AMConfigurator-distauth.properties, and then run the edited amconfig.bat file.
-
-
Restart the web container on the Distributed Authentication UI server.
Example 11–1 Distributed Authentication UI Server Sample Configuration File
DEPLOY_LEVEL=8 DISTAUTH_PROTOCOL=http DISTAUTH_HOST=distauth.example.com DISTAUTH_PORT=80 APPLICATION_USER=username APPLICATION_PASSWD=application-user-password AM_ENC_SECRET=am-secret-password AM_ENC_LOCAL=am-password-encryption-key-used-by-the-Access-Manager-server DEBUG_LEVEL=error DEBUG_DIR=/var/opt/SUNWam/logs
Distributed Authentication UI Server Configuration Variables
Table 11–1 Distributed Authentication UI Server Configuration Variables|
Variable |
Description |
|---|---|
|
DEPLOY_LEVEL |
DEPLOY_LEVEL=8 - Configure (or reconfigure) a Distributed Authentication UI server. DEPLOY_LEVEL=18 - Uninstall a Distributed Authentication UI server. |
|
SERVER_HOST, SERVER_PORT SERVER_DEPLOY_URI, CONSOLE_DEPLOY_URI ADMINPASSWD, AMLDAPUSERPASSWD, COOKIE_DOMAIN, AM_ENC_PWD |
Corresponding values that used for the full Access Manager server installation. Important You must set the password encryption key (AM_ENC_PWD) to the same value used by the Access Manager server instance. |
|
DS_HOST, DS_DIRMGRPASSWD, and ROOT_SUFFIX |
Corresponding Directory Server values that were used for the full Access Manager server installation. |
|
NEW_OWNER and NEW_GROUP |
Runtime user and group that will own the web container processes on which the Distributed Authentication UI server will be deployed. |
|
PAM_SERVICE_NAME |
If the Distributed Authentication UI server host is running the Linux OS, set to password. |
|
WEB_CONTAINER Web container configuration variables |
Web container on which the Distributed Authentication UI server is or will be deployed. For example, if the web container is Sun Java System Web Server 7, set WEB_CONTAINER=WS. Set the configuration variables for the web container specified by WEB_CONTAINER. For more information, see Web Container Configuration Variables. |
|
DISTAUTH_PROTOCOL |
Protocol (http or https) used by the web container instance on which the Distributed Authentication UI server is or will be deployed. Default: http |
|
DISTAUTH_HOST |
Fully qualified host name where the Distributed Authentication UI server is located. Default: distAuth_sample.com |
|
DISTAUTH_PORT |
Port on DISTAUTH_HOST on which the Distributed Authentication UI server has been or will be deployed. Default: 80 |
|
APPLICATION_USER |
User name for the application. Default: username |
|
APPLICATION_PASSWD |
Password of the user for the application. Default: none |
|
AM_ENC_SECRET |
Password encryption secret key from the server. Default: none |
|
AM_ENC_LOCAL |
Password encryption key. Default: none |
|
DEBUG_LEVEL |
Level for the debug service. Values can be: error, warning, or message. Default: error |
|
DEBUG_DIR |
Directory where the debug files will be created. Default: Solaris systems: /var/opt/SUNWam/logs Linux and HP-UX systems: /var/opt/sun/identity/logs Windows systems: javaes-install-dir\identity\logs javaes-install-dir represents the Java ES 5 installation directory. The default value is C:\Program Files\Sun\JavaES5. |
|
BASEDIR |
Base directory where the Distributed Authentication UI server was installed. |
|
CONSOLE_HOST, CONSOLE_PORT, and CONSOLE_PROTOCOL |
Corresponding values for the host on which the Access Manager console has been deployed. |
|
CONSOLE_REMOTE |
Specifies whether the Access Manager Console is on a different web container than the Access Manager server. The default value is false. |
|
DISTAUTH_DEPLOY_URI |
Deployment URI that will be used on the local host by the Distributed Authentication UI server. The default value is /amdistauth. |
- © 2010, Oracle Corporation and/or its affiliates