Documentation Home
> Deployment Example 1: Access Manager 7.1 Load Balancing, Distributed Authentication UI, and Session Failover
Deployment Example 1: Access Manager 7.1 Load Balancing, Distributed Authentication UI, and Session Failover
Book Information
Preface
Part I About This Deployment Example
Chapter 1 Components and Features
1.1 System Components and Architecture
1.2 Key Features of Deployment
1.3 Sequence of Interactions
Chapter 2 Technical Overview
2.1 Host Machines
2.2 Software
2.3 Main Service URLs for Deployment Components
2.4 Intercomponent Communication
2.5 Firewall Rules
2.6 Replicated Entries
Part II Building the Environment
Chapter 3 Before You Begin
3.1 Technical Conventions
3.2 Setting Up the Load Balancers
3.3 Obtaining Secure Socket Layer Certificates
3.4 Resolving Host Names
3.5 Known Issues and Limitations
Chapter 4 Installing Sun Java System Directory Server and Creating Instances for Sun Java System Access Manager Configuration Data
4.1 Installing and Configuring Directory Server 1 and Directory Server 2
To Download Sun Java System Directory Server Enterprise Edition 6.0 and Required Patches
To Patch the Directory Server Host Machines
To Install Directory Server 1
To Create an Access Manager Configuration Data Instance for Directory Server 1
To Create a Base Suffix for the Directory Server 1 Access Manager Configuration Data Instance
To Install Directory Server 2
To Create the Access Manager Configuration Data Instance for Directory Server 2
To Create a Base Suffix for the Directory Server 2 Access Manager Configuration Data Instance
4.2 Enabling Multi-Master Replication Between the Access Manager Configuration Data Instances
To Enable Multi-Master Replication for the Directory Server 1 Configuration Data Instance
To Enable Multi-Master Replication for the Directory Server 2 Configuration Data Instance
To Change the Default Replication Manager Passwords for Each Configuration Data Instance
To Create Replication Agreements for Each Configuration Data Instance
To Initialize the Configuration Data Instance Replication Agreements
To Verify that Configuration Data Replication Works Properly
4.3 Configuring a Load Balancer for the Directory Server Configuration Data Instances
To Configure the Access Manager Configuration Data Load Balancer 1
Chapter 5 Configuring Instances of Sun Java System Directory Server for User Data
5.1 Creating Directory Server Instances for User Data
To Create a User Data Instance for Directory Server 1
To Create a Base Suffix for the User Data Instance on Directory Server 1
To Create a User Data Instance for Directory Server 2
To Create a Base Suffix for the User Data Instance on Directory Server 2
5.2 Enabling Multi-Master Replication of the User Data Instances
To Enable Multi-Master Replication for User Data Instance on Directory Server 1
To Enable Multi-Master Replication for User Data Instance on Directory Server 2
To Change the Default Replication Manager Passwords for Each User Data Instance
To Create Replication Agreements for Each User Data Instance
To Initialize the User Data Instance Replication Agreements
To Verify that User Data Replication Works Properly
5.3 Configuring the Load Balancer for the User Data Instances
To Configure User Data Load Balancer 2
Chapter 6 Installing and Configuring Access Manager
6.1 Installing the Access Manager Web Containers
To Create a Non-Root User on the Access Manager 1 Host Machine
To Install Sun Java System Web Server for Access Manager 1
To Create a Non-Root User on the Access Manager 2 Host Machine
To Install Sun Java System Web Server for Access Manager 2
6.2 Deploying and Configuring Access Manager 1 and Access Manager 2
To Generate an Access Manager WAR File on the Access Manager 1 Host Machine
To Deploy the Access Manager WAR File as Access Manager 1
To Copy the Access Manager WAR File to Access Manager 2
To Deploy the Access Manager WAR File as Access Manager 2
To Configure Access Manager 1
To Configure Access Manager 2
To Back Up the Access Manager Configuration Data from Directory Server 1
6.3 Configuring the Access Manager Load Balancer
To Verify Successful Directory Server Load Balancing and System Failover for Access Manager 1 and Access Manager 2
To Configure the Access Manager Load Balancer
To Request an Secure Sockets Layer Certificate for the Access Manager Load Balancer
To Import a Certificate Authority Root Certificate on the Access Manager Load Balancer
To Install an SSL Certificate on the Access Manager Load Balancer
To Create an SSL Proxy for SSL Termination on the Access Manager Load Balancer
6.4 Configuring the Access Manager Platform Service
To Create an Access Manager Site on Access Manager 1
To Verify that the Access Manager Site was Configured Properly
6.5 Reconfiguring Access Manager to Communicate with Directory Server
To Reconfigure an Access Manager Realm to Retrieve Data from the Directory Server Configuration Data Instance
Chapter 7 Configuring an Access Manager Realm for User Authentication
7.1 Importing Test Users into User Data Instance
To Import the Test Users Data into Directory Server 1
7.2 Creating and Configuring a Realm for Test Users
To Create a Realm
To Change the Default User Data Store and Configure an Authentication Module for the Realm
To Verify That Access Manager Recognizes the External User Data Store
To Verify That a Realm Subject Can Successfully Authenticate
Chapter 8 Installing and Configuring the Distributed Authentication User Interface
8.1 Creating an Agent Profile and Custom User for Distributed Authentication User Interface
To Create an Agent Profile for the Distributed Authentication User Interface
To Verify that authuiadmin Was Created in Directory Server
To Define Agent Profile User as an Access Manager Special User
8.2 Installing and Configuring the Distributed Authentication User Interface 1
To Create a Non-Root User on the Distributed Authentication User Interface 1 Host Machine
To Install Sun Java System Web Server for Distributed Authentication User Interface 1
To Configure the WAR for Distributed Authentication User Interface 1
To Deploy the Distributed Authentication User Interface 1 WAR
To Import the Access Manager Load Balancer Certificate Authority Root Certificate into Distributed Authentication User Interface 1
To Verify that Authentication Through the Distributed Authentication User Interface 1 is Successful
8.3 Installing and Configuring the Distributed Authentication User Interface 2
To Create a Non-Root User on the Distributed Authentication User Interface 2 Host
To Install Sun Java System Web Server for Distributed Authentication User Interface 2
To Configure the WAR for Distributed Authentication User Interface 2
To Deploy the Distributed Authentication User Interface 2 WAR
To Import the Access Manager Load Balancer Certificate Authority Root Certificate into the Distributed Authentication User Interface 2
To Verify that Authentication Through the Distributed Authentication User Interface 2 is Successful
8.4 Configuring the Distributed Authentication User Interface Load Balancer
To Configure the Distributed Authentication User Interface Load Balancer
To Configure Load Balancer Cookies for the Distributed Authentication User Interface
To Request a Secure Sockets Layer Certificate for the Distributed Authentication User Interface Load Balancer
To Import a CA Root Certificate on the Distributed Authentication User Interface Load Balancer
To Install an SSL Certificate on the Distributed Authentication User Interface Load Balancer
To Configure SSL Termination on the Distributed Authentication User Interface Load Balancer
Chapter 9 Configuring the Protected Resource Host Machines
9.1 Configuring Protected Resource 1
9.1.1 Installing Web Container 1 and Web Policy Agent 1 on Protected Resource 1
To Create an Agent Profile for Web Policy Agent 1
To Install Sun Java System Web Server as Web Container 1 on Protected Resource 1
To Install and Configure Web Policy Agent 1 on Protected Resource 1
To Import the Certificate Authority Root Certificate into the Web Server 1 Keystore
To Configure Policy for Web Policy Agent 1 on Protected Resource 1
To Verify that Web Policy Agent 1 is Working Properly
9.1.2 Installing and Configuring the J2EE Container 1 and J2EE Policy Agent 1 on Protected Resource 1
To Create an Agent Profile for the J2EE Policy Agent 1
To Create Manager and Employee Groups Using Access Manager for J2EE Policy Agent Test
To Install BEA WebLogic Server as J2EE Container 1 on Protected Resource 1
To Configure BEA WebLogic Server as J2EE Container 1 on Protected Resource 1
To Install the J2EE Policy Agent 1 on Application Server 1
To Deploy the J2EE Policy Agent 1 Application
To Start the J2EE Policy Agent 1 Application
To Set Up the J2EE Policy Agent 1 Authentication Provider
To Edit the J2EE Policy Agent 1 AMAgent.properties File
9.1.3 Setting Up a Test for the J2EE Policy Agent 1
To Deploy the J2EE Policy Agent 1 Sample Application
To Create a Test Referral Policy in the Access Manager Root Realm
To Create a Test Policy in the Access Manager User Realm
To Configure Properties for the J2EE Policy Agent 1 Sample Application
To Verify that J2EE Policy Agent 1 is Configured Properly
9.1.4 Configuring the J2EE Policy Agent 1 to Communicate Over SSL
To Configure the J2EE Policy Agent 1 for SSL Communication
To Import the Certificate Authority Root Certificate into the Application Server 1 Keystore
To Verify that J2EE Policy Agent 1 is Configured Properly
To Configure the J2EE Policy Agent 1 to Access the Distributed Authentication User Interface
9.2 Configuring Protected Resource 2
9.2.1 Installing Web Container 2 and Web Policy Agent 2 on Protected Resource 2
To Create an Agent Profile for Web Policy Agent 2
To Install Sun Java System Web Server as Web Container 2 on Protected Resource 2
To Install and Configure Web Policy Agent 2 on Protected Resource 2
To Import the Certificate Authority Root Certificate into the Web Server 2 Keystore
To Configure Policy for Web Policy Agent 2 on Protected Resource 2
To Verify that Web Policy Agent 2 is Working Properly
9.2.2 Installing and Configuring the J2EE Container 2 and J2EE Policy Agent 2 on Protected Resource 2
To Install BEA WebLogic Server as J2EE Container 2 on Protected Resource 2
To Configure BEA WebLogic Server as J2EE Container 2 on Protected Resource 2
To Create an Agent Profile for the J2EE Policy Agent 2
To Install the J2EE Policy Agent 2 on Application Server 2
To Deploy the J2EE Policy Agent 2 Application
To Start the J2EE Policy Agent 2 Application
To Set Up the J2EE Policy Agent 2 Authentication Provider
To Edit the J2EE Policy Agent 2 AMAgent.properties File
9.2.3 Setting Up a Test for the J2EE Policy Agent 2
To Deploy the J2EE Policy Agent 2 Sample Application
To Create a Test Referral Policy in the Access Manager Root Realm
To Create a Test Policy in the Access Manager User Realm
To Configure Properties for the J2EE Policy Agent 2 Sample Application
To Verify that J2EE Policy Agent 2 is Configured Properly
9.2.4 Configuring the J2EE Policy Agent 2 to Communicate Over SSL
To Configure the J2EE Policy Agent 2 for SSL Communication
To Import the CA Root Certificate into the Application Server 2 Keystore
To Verify that J2EE Policy Agent 2 is Configured Properly
To Configure the J2EE Policy Agent 2 to Access the Distributed Authentication User Interface
Chapter 10 Setting Up Load Balancers for the Policy Agents
10.1 Configuring the Web Policy Agents Load Balancer
To Configure the Web Policy Agents Load Balancer
To Point the Web Policy Agents to Load Balancer 5
To Configure Policy for the Web Policy Agents Using Access Manager
To Verify the Web Policy Agents Load Balancer Configuration is Working Properly
10.2 Configuring the J2EE Policy Agents Load Balancer
To Configure the J2EE Policy Agents Load Balancer
To Point the J2EE Policy Agents to Load Balancer 6
To Create Polices for the Agent Resources
To Verify the J2EE Policy Agent Load Balancer Configuration is Working Properly
Chapter 11 Implementing Session Failover
11.1 Session Failover Architecture
11.2 Installing the Access Manager Session Failover Components
To Install Access Manager Session Failover Components on Message Queue 1
To Install Access Manager Session Failover Components on Message Queue 2
11.3 Configuring and Verifying Session Failover
To Configure Access Manager for Session Failover
To Verify That the Administrator Session Fails Over
To Verify that the User Session Fails Over
Part III Reference: Summaries of Server and Component Configurations
Appendix A Directory Servers
Appendix B Access Manager Servers
Appendix C Distributed Authentication User Interfaces
Appendix D Protected Resources
Appendix E Load Balancers
Appendix F Message Queue Servers
Appendix G Known Issues and Limitations
© 2010, Oracle Corporation and/or its affiliates