Sun Java Enterprise System 5 Update 1 Installation Reference for UNIX

Chapter 3 Configuration Information

This chapter describes the information you need to provide to the Sun Java^TM Enterprise System (Java ES) installer for configuring components during installation.

This chapter contains the following sections:

How to Use This Chapter

This chapter provides configuration information for the product components that can be configured during installation (Configure Now). Use this chapter in conjunction with the worksheets in Chapter 4, Configuration Worksheets.

For a Configure Later Installation

If you select the Configure Later installation type, little is required during installation.

Note –

The following components cannot be configured by the Java ES installer and, therefore, must be configured after installation: Directory Proxy Server, Java DB, Monitoring Console, Service Registry, and Sun Cluster components.

After installation, refer to Chapter 6, Completing Postinstallation Configuration, in Sun Java Enterprise System 5 Update 1 Installation Guide for UNIX for guidance on configuring these product components.

For a Configure Now Installation

In a Configure Now installation, the Java ES installer displays configuration pages for the selected components that are configurable during installation. You can accept default information or enter alternate information. If you specify alternates, you are responsible for consistently pointing components to that directory or port during configuration. The default common server settings for a Configure Now installation are contained in Common Settings. You can also use individual component configurators to make additional changes.

To complete the postinstallation configuration for components that can be configured during installation, you will most likely use the tables and worksheets in this manual in addition to the instructions in Chapter 6, Completing Postinstallation Configuration, in Sun Java Enterprise System 5 Update 1 Installation Guide for UNIX.

Configuration Information Provided by the Installer

At the end of an installation session, a summary file contains the configuration values that are set during installation. You can view this file from the final page of the installer, or from the directory where the file is saved:

Solaris OS: /var/sadm/install/logsLinux: /var/opt/sun/install/logs

Using the Configure Now Configuration Tables

The tables in this chapter have two columns: Label and State File Parameter, and Description. The Label and State File Parameter column contains the following information:

Label. This is the text that identifies information in the pages of the interactive graphical installer, usually a label on an input field. The text-based installer uses similar terminology.
State File Parameter. A state file parameter is the key that identifies the information in a silent installation state file. State file parameters are uppercase and appear in monospace font. For example, AS_ADMIN_USER_NAME.

Tip –

A good way to see how the parameters are used is to examine the example state file in Appendix C, Example State File, in Sun Java Enterprise System 5 Update 1 Installation Guide for UNIX.

The Description column describes the parameter listed in the Label and State File Parameter column. If a default applies to the parameter, the default value is listed. Default values apply to all installer modes, unless the description provides a separate value for a silent mode state file. State file values are case sensitive except where noted. Other information is provided as it applies to that parameter, such as examples, paths, or notes explaining anything you need to be aware of about that parameter.

If you are using this chapter as an aid for answering configuration questions posed by the installer during a Configure Now installation, do the following:

Locate the section in this chapter that describes that product component.
Find the table whose content matches the installer page being displayed. A table contains all the fields and questions contained on a single page of the installer.
If you are using this chapter to get information about parameters in a state file, do the following:
- If you are using the guide online, use the HTML or PDF search feature to find the parameter string.
- If you are using a printed book, refer to the index. The index contains an entry for each parameter name, either under the parameter name itself, or under the State File Parameters entry.

Configuration Terminology

During installation and configuration, you are prompted for values relating to various types of domains, organizations, and related configuration information.

Domain Name System (DNS). The Domain Name System (DNS) is a distributed internet directory service. DNS is used mostly to translate between domain names and IP addresses, and to control email delivery.
DNS Domain Name. A DNS domain name identifies a group of servers on a network. Examples of domain names: example.com, red.example.com
Fully Qualified Domain Name (FQDN). An FQDN is the human-readable name corresponding to the TCP/IP address of a network interface, as found on a server, router, or other networked device. An FQDN for a server includes both its host name and its domain name. Example of a FQDN for a server: myComputer.example.com
Host Name. The host name is a unique name by which a server is known on a network. A host name can be represented as the combination of a server's local name with its organization's domain name. This representation is also the FQDN for the server. Within the context of a domain, a host name can be represented solely by its local name. This is because the local name must be unique within the domain. Examples of host names:
- FQDN representation: myComputer.red.example.com
- Local name representation which is unique within red.example.com domain: myComputer
Configuration Directory. An instance of Directory Server that stores configuration information for various administration domains. The administration server accesses the configuration directory when administering these domains. The base suffix of the subtree that holds configuration information is always o=NetscapeRoot.
User/Group Directory. An instance of Directory Server that stores information about organizations in an LDAP hierarchy. Typically, organizations are represented by their DNS domain names in the LDAP hierarchy. Each organization in the hierarchy might contain entries representing people, organizational units, printers, documents, and so on.
Administration Domain. A set of servers represented in a Directory Server configuration directory server and administered through the Sun Java System Server Console. Typically, an administration domain is represented in the LDAP hierarchy with its DNS domain name, but you can use any name to represent the group of servers that make up the administration domain.
Email Domain. A unique domain in DNS that is used for routing email. An email domain for an organization can be its DNS domain name, but can also be another domain used to route email. For example: DNS Domain: example.com Email Domain: sfbay.example.com (In Sun's LDAP Schema 2, the email domain is represented in the User/Group directory as an attribute of an organization.)
Authentication Domain. In Access Manager, circle of trust is implemented as an authentication domain. An authentication domain is not a DNS domain. In Access Manager, an authentication domain describes entities that are grouped together for the purposes of identity federation.
Organization DN. The unique name of an organization in the LDAP hierarchy of a User/Group directory. Typically, organizations are represented by their DNS domain names in the LDAP hierarchy by using the o, ou, or dc LDAP attributes. An organization can contain sub-organizations.
Directory Manager. The privileged Directory Server administrator, comparable to the root user in UNIX. The default Directory Manager DN is cn=Directory Manager but can be changed. During installation and configuration, you must supply the Directory Manager DN and password to make changes to the LDAP configuration.

Common Settings

When you install product components using the Configure Now option, the installer presents pages that allow you to specify how some common settings are to be handled during install-time configuration:

Caution –

In a state file created for silent install, the variables can specify sensitive data, such as administrator passwords. Make sure to protect the file as appropriate for your deployment.

Password Choice

For a Configure Now installation, the Password Choice page allows you to specify a single administrator account and password for all the product components that use the administrator settings.

Table 3–1 Password Choice


Label and State File Parameter	Description
Choose to use a default admin account and password. `USE_DEFAULT_PASSWORD`	For a Configure Now installation, allows you to specify a single administrator account and password for all product components. If you accept this default, you will not be prompted for this data on subsequent configuration pages. If you choose to use different administrator accounts for each product component, you will be prompted for the administrator account and password on the component configuration pages. The default value is `true.` Note: In the Java ES installer, white space cannot be used in admin passwords, nor can the following symbols: `; & ( ) ! \| < > ' “ $ ^ \ # / , @ %`

Common Server Settings

Common server settings are used to provide default values for the product components that use the settings.

On the configuration pages of the installer, the notation “Shared default value” indicates which setting are default values from the Common Server Settings page. You can accept the default value or you can override it by entering a value that is specific to the product component you are configuring.

Table 3–2 Common Server Settings


Label and State File Parameter	Description
Host Name `CMN_HOST_NAME`	The host name of the host on which you are installing Java ES components. Output of the `hostname` command. For example: `thishost`
DNS Domain Name `CMN_DOMAIN_NAME`	Domain for the host on which you are installing. Domain name of this computer as registered in the local DNS server. This format should be subdomain.domain.com. Example, `example.com`.
Host IP Address `CMN_IPADDRESS`	The IP address of the host on which you are installing, that is, the local host. For example: 127.51.91.192
Administrator User ID `CMN_ADMIN_USER`	Default user ID for the administrator for all components being installed. For example: `admin` Note: If you chose to use a single administrator account, this field is not present.
Administrator Password `CMN_ADMIN_PASSWORD`	Default password for the administrator for all components being installed. There is no default value. The password must have at least eight character. Note: If you chose to use a single administrator account, this field is not present. Note: In the Java ES installer, white space cannot be used in admin passwords, nor can the following symbols: `; & ( ) ! \| < > ' “ $ ^ \ # / , @ %`
System User `CMN_SYSTEM_USER`	User ID (UID) under which component processes run. The default value is `root.`
System Group `CMN_SYSTEM_GROUP`	Group ID (GID) of the system user. The default value is `root.`

Access Manager Configuration Information

The Java ES installer supports the installation of these subcomponents of Access Manager:

Note –

Access Manager SDK is automatically installed as part of Identity Management and Policy Services Core, but the SDK can also be installed separately on a remote host. For information about separate installation of Access Manager SDK, refer to Access Manager SDK Configuration Information

Access Manager Administration Information

Table 3–3 Access Manager Administration Information


Label and State File Parameter	Description
Install type `AM_REALM`	Indicates whether or not to use Realm mode as the install type for the installation. The install type indicates the level of interoperability with other components. You have a choice of Realm mode (version 7.x style) or Legacy mode (version 6.x style). The default value is disabled, which means Legacy mode will be used. (`AM_REALM` should be set to Enabled for Realm mode and should be set to Disabled for Legacy mode.) Note: When you are installing Access Manager with Portal Server, you can select either Realm (Access Manager 7.x compatible) mode or Legacy (6.x compatible) mode for Access Manager. If installing Portal Server, you may use Realm mode only if Directory Server and Access Manager SDK are already installed and configured. If you are using Communications products, Legacy mode is required.
Administrator User ID `IS_ADMIN_USER_ID`	Access Manager top-level administrator. This user has unlimited access to all entries managed by Access Manager. The default name, `amadmin`, cannot be changed. This ensures that the Access Manager administrator role and its privileges are created and mapped properly in Directory Server, allowing you to log onto Access Manager immediately after installation.
Administrator Password `IS_ADMINPASSWD`	Password of the `amadmin` user. The value must have at least eight characters.
LDAP User ID `IS_LDAP_USER`	Bind DN user for LDAP, Membership, and Policy services. This user has read and search access to all Directory Server entries. The default user name, `amldapuser`, cannot be changed.
LDAP Password `IS_LDAPUSERPASSWD`	Password of the `amldapuser` user. This password must be different from the password of the `amadmin` user. It can be any valid Directory Service password.
Password Encryption Key `AM_ENC_PWD`	A string that Access Manager uses to encrypt user passwords. The interactive installer generates a default password encryption key. You can accept the default value or specify any key produced by a J2EE random number generator. The password encryption key can be blank or at least 12 characters long. During Access Manager installation, its property file is updated and the property `am.encryption.pwd` is set to this value. The property file is `AMConfig.properties` . Location is: Solaris OS: `/etc/opt/SUNWam/config` Linux : `/etc/opt/sun/identity/config` All Access Manager subcomponents must use the same encryption key that the Identity Management and Policy Services Core uses. If you are distributing Access Manager subcomponents across hosts and installing Administration Console or Common Domain Services for Federation Management, copy the value for `am.encryption.pwd` as generated by the installation of the core, and paste the value into this field.

Access Manager Web Container Information

The Identity Management and Policy Services Core subcomponent of Access Manager runs in a web container, usually Web Server or Application Server.

Note –

Access Manager can also run in a third-party web container, specifically IBM WebSphere Application Server or BEA WebLogic Server. After installing Access Manager with the Configure Later option, you then run the amconfig script to do postinstallation configuration. You must follow the IBM or BEA documentation to install and configure the third-party web container.

The information that the installer needs is different for each web container:

Access Manager With Application Server

This section describes the information that the installer needs when Application Server is the web container for the Identity Management and Policy Services Core subcomponent of Access Manager.

Table 3–4 Access Manager With Application Server as Web Container


Label and State File Parameter	Description
Secure Server Instance Port `IS_IAS81INSTANCE_PORT`	Port on which Application Server listens for connections to the instance. The default value is `8080`. If you make a selection that does not correspond to the protocol set earlier for Application Server, an error is displayed. You must resolve the situation before continuing.
Secure Administrator Server Port `IS_IAS81_ADMINPORT`	Port on which the administration server for Application Server listens for connections. The default value is `4849`.
Administrator User ID `IS_IAS81_ADMIN`	User ID of the Application Server administrator. The default value is the administrator user ID you provided under Common Server settings. Note: If you chose to use a single administrator account, this field is not present.
Administrator Password `IS_IAS81_ADMINPASSWORD`	The default value is the administrator password you provided under Common Server settings. Note: If you chose to use a single administrator account, this field is not present. Note: In the Java ES installer, white space cannot be used in admin passwords, nor can the following symbols: `; & ( ) ! \| < > ' “ $ ^ \ # / , @ %`

Access Manager With Web Server

This section describes the information that the installer needs when Web Server is the web container for the Identity Management and Policy Services Core subcomponent of Access Manager.

Table 3–5 Access Manager With Web Server as Web Container


Label and State File Parameter	Description
Host Name `IS_WS_HOST_NAME`	The fully qualified domain name for the host. For example, if this host is `siroe.example.com`, this value is `siroe.example.com`. The default value is the fully qualified domain name for the current host.
Administrator User ID `IS_WS_ADMIN_ID`	User ID of the Web Server administrator. The default value is the administrator user ID you provided under Common Server settings. Note: If you chose to use a single administrator account, this field is not present.
Administrator Password `IS_WS_ADMIN_PASSWORD`	Password of the Web Server master administrator. The default value is the administrator password you provided under Common Server settings. Note: If you chose to use a single administrator account, this field is not present. Note: In the Java ES installer, white space cannot be used in admin passwords, nor can the following symbols: `; & ( ) ! \| < > ' “ $ ^ \ # / , @ %`
Document Root Directory `IS_WS_DOC_DIR`	Directory where Web Server stores content documents. Solaris OS: `/var/opt/SUNWwbsvr7/https-hostname.domain/docs` Linux : `/var/opt/sun/webserver7/https-hostname.domain/docs`
Web Server Port `IS_WS_INSTANCE_PORT`	Port on which Web Server administration instance listens for HTTPS connections. If this port is in use, you are presented with a choice of available ports. Default value is 80.
Web Server Instance Directory `IS_WS_INSTANCE_DIR`	Path to the directory where an instance of Web Server is installed, using the following syntax: `WebServer-base/https-webserver-instancename` If you are installing Web Server in this session, the default value for `WebServer-base` is the Web Server instance directory: Solaris OS: `/var/opt/SUNWwbsvr7` Linux : `/var/opt/sun/webserver7`
Web Server Protocol `IS_WS_PROTOCOL`	Protocol specified for Web Server to listen on the Web Server port. A secure port uses the HTTPS protocol. A non-secure port uses HTTP. The default value is HTTP.

Access Manager Services

The installer needs different information about Access Manager services for the following Access Manager subcomponents.

Access Manager Web Container Information

This section describes the services information that the installer needs when you are specifying web container details.

Table 3–6 Access Manager Services Information for Specifying Web Container


Label and State File Parameter	Description
Host Name `IS_SERVER_HOST`	Fully qualified domain name of the host on which you are installing Java ES. The default value is the fully qualified domain name of the local host.
Services Deployment URI `SERVER_DEPLOY_URI`	Uniform Resource Identifier (URI) prefix for accessing the HTML pages, classes, and JAR files associated with the Identity Management and Policy Services Core subcomponent. This URI is used to access the realm (Access Manager 7.x compatible) console. The default value is `amserver`. Do not enter a leading slash.
Common Domain Deployment URI `CDS_DEPLOY_URI`	URI prefix for accessing the common domain services on the web container. The default value is `amcommon`. Do not enter a leading slash.
Cookie Domain `COOKIE_DOMAIN_LIST`	The names of the trusted DNS domains that Access Manager returns to a browser when Access Manager grants a session ID to a user. You can scope this value to a single top-level domain, such as `example.com` . The session ID will provide authentication for all subdomains of example.com. Alternatively, you can scope the value to a comma-separated list of subdomains, such as `.corp.example.com,.sales.example.com`. The session ID will provide authentication for all subdomains in the list. A leading dot (`.`) is required for each domain in the list. The default value is the current domain, prefixed by a dot (`.`).
Password Deployment URI `PASSWORD_SERVICE_DEPLOY_URI`	URI that determines the mapping that the web container running Access Manager will use between a string you specify and a corresponding deployed application. This is the URI for the Access Manager password reset service. The default value is `ampassword`. Do not enter a leading slash.
Console Protocol `CONSOLE_PROTOCOL`	Protocol specified for Web Server to listen on the Web Server port. A secure port uses the HTTPS protocol. A non-secure port uses HTTP. The default value is HTTP.

Access Manager Console Information for Services

This section describes the services information the installer needs for the Access Manager console.

Table 3–7 Access Manager Services Information for Access Manager Console


Label and State File Parameter	Description
Administration Console: Deploy new console or use existing console `USE_DSAME_SERVICES_WEB_CONTAINER` `CONSOLE_REMOTE`	Choose Deploy new console to deploy the console into the web container of the host on which Access Manager is being installed. Choose Use existing console to use an existing console that is, or will be, deployed on a remote host in Realm mode. The default value is False. In both cases, you specify the Console Deployment URI and Password Deployment URI. If you choose to use an existing console, you must also specify the Console Host Name and Console Port.
Console Deployment URI `CONSOLE_DEPLOY_URI`	URI prefix for accessing the HTML pages, classes, and JAR files associated with the Access Manager Legacy mode (Access Manager 6.x compatible) console. Only applies to Legacy mode. The default value is `amconsole`. Note: If `AM_REALM` is enabled (setting Realm mode 7.x), then `CONSOLE_DEPLOY_URI` is ignored.
Console Host Name `CONSOLE_HOST`	Fully qualified domain name for the server hosting the existing console. This value is not needed if you are deploying a new console. In graphical installation mode, you can edit the field only if you are using an existing console. The default value contains the value that you provided for Host (`IS_SERVER_HOST` ), a dot, and then the value that you provided for DNS Name in the Common Server Settings. For example, if the host is `siroe` and the domain is `example.com`, the default value is `siroe`.`example` .`com`.
Console Port `CONSOLE_PORT`	Port on which the existing console is listening or will listen for connections. Permitted values are any valid and unused port number, in the range 0 (zero) through 65535. This value is not needed if you are deploying a new console. In graphical installation mode, you can edit the field only if you are using an existing console. The default value is the value you provided for one of the following web container ports: Web Server default value is `80.` Application Server default value is `8080.`

Installing Access Manager Console (Core Already Installed)

This section describes the services information the installer needs when the following are both true:

You are installing only the Access Manager Administration Console subcomponent.
The Identity Management and Policy Services Core subcomponent is already installed on the same host.

Note –

You can only install AM Console by itself in Realm mode (Access Manager 7.x compatible). This cannot be done in Legacy mode (6.x compatible).

Table 3–8 Access Manager Services Information for Installing Console Only (Core Already Installed)


Label and State File Parameter	Description
Console Deployment URI `CONSOLE_DEPLOY_URI`	URI prefix for accessing the HTML pages, classes and JAR files associated with the Access Manager Legacy mode (Access Manager 6.x compatible) console. Only applies to Legacy mode. The default value is `amconsole`. If `AM_REALM` is enabled (setting Realm mode 7.x), then `CONSOLE_DEPLOY_URI` is ignored.
Password Services Deployment URI `PASSWORD_SERVICE_DEPLOY_URI`	URI that determines the mapping that the web container running Access Manager will use between a string you specify and a corresponding deployed application. This is the URI for the Access Manager password reset service. The default value is `ampassword`. Do not enter a leading slash.

Installing Access Manager Console (Core Not Already Installed)

This section describes the services information the installer needs when the following are both true:

You are installing only the Access Manager Administration Console subcomponent.
The Identity Management and Policy Services Core subcomponent is not installed on the same host.

Table 3–9 Access Manager Services Information for Installing Console (Core Not Already Installed)


Label and State File Parameter	Description
Web Container for Access Manager Administration Console
Console Host Name `CONSOLE_HOST`	Fully qualified domain name for the host on which you are installing.
Console Deployment URI `CONSOLE_DEPLOY_URI`	URI prefix for accessing the HTML pages, classes and JAR files associated with the Access Manager Legacy mode (Access Manager 6.x compatible) Console. Only applies to Legacy mode. The default value is `amconsole`. If `AM_REALM` is enabled (setting Realm mode 7.x), then `CONSOLE_DEPLOY_URI` is ignored.
Password Services Deployment URI `PASSWORD_SERVICE_DEPLOY_URI`	Deployment URI for the password service. The default value is `ampassword`. Do not enter a leading slash.
Web Container for Access Manager Services
Services Host Name `IS_SERVER_HOST`	Fully qualified domain name of the host where the Identity Management and Policy Services Core subcomponent is installed. The default value is the fully qualified domain name of this host. Use the default value as an example of format only, and edit the value to supply the correct remote host name. In a state file, supply the fully qualified domain name of a remote host.
Port `CONSOLE_PORT`	Port on which the Identity Management and Policy Services Core subcomponent listens for connections. This port is the HTTP or HTTPS port used by the web container.
Services Deployment URI `SERVER_DEPLOY_URI`	URI prefix for accessing the HTML pages, classes, and JAR files associated with the Identity Management and Policy Services Core subcomponent. This URI is used to access the realm (Access Manager 7.x compatible) console. The default value is `amserver`. Do not enter a leading slash.
Cookie Domain `COOKIE_DOMAIN_LIST`	The names of the trusted DNS domains that Access Manager returns to a browser when Access Manager grants a session ID to a user. You can scope this value to a single top-level domain, such as `example.co` m. The session ID will provide authentication for all subdomains of example.com. Alternatively, you can scope the value to a comma-separated list of subdomains, such as `.corp.example.com`. The session ID will provide authentication for all subdomains in the list. A leading dot (`.`) is required for each domain. The default value is the current domain, prefixed by a dot (`.`).

Installing Federation Management (Core Already Installed)

This section describes the services information the installer needs when you are installing only the Common Domain Services for Federation Management subcomponent.

Table 3–10 Access Manager Services Information for Installing Federation Management (Core Already Installed)


Label and State File Parameter	Description
Common Domain Deployment URI `CDS_DEPLOY_URI`	URI prefix for accessing the common domain services on the web container. The default value is `amcommon`. Do not enter a leading slash.

Access Manager Directory Server Information

The installer needs the following information if you are installing Identity Management and Policy Services Core.

Table 3–11 Directory Server Information for Access Manager


Label and State File Parameter	Description
Directory Server Host `IS_DS_HOSTNAME`	A host name or value that resolves to the host on which Directory Server resides. The default value is the fully qualified domain name of the local host. For example, if the local host is `siroe.example.com`, the default value is `siroe.example.com`.
Directory Server Port `IS_DS_PORT`	Port on which Directory Server listens for client connections. The default value is `389`.
Access Manager Directory Root Suffix `IS_ROOT_SUFFIX`	Distinguished name (DN) to set as the Access Manager root suffix. The default value is based on the fully qualified domain name for this host, minus the host name. For example, if this host is `siroe.subdomain.example.com`, the value is `dc=subdomain,dc=example,dc=com.`
Directory Manager DN `IS_DIRMGRDN`	DN of the user who has unrestricted access to Directory Server. The default value is `cn=Directory Manager`.
Directory Manager Password `IS_DIRMGRPASSWD`	Password for the Directory Manager.

Access Manager Provisioned Directory Information

The information needed to configure a provisioned directory depends on whether the installer detects an existing provisioned directory on your host. When the installer is generating a state file, IS_EXISTING_DIT_SCHEMA=y is written to the state file if the installer finds an existing provisioned directory. The installer writes IS_EXISTING_DIT_SCHEMA=n to the state file if the installer does not find an existing provisioned directory.

Existing Provisioned Directory Found

If the installer finds an existing provisioned directory, you provide the following information.

Table 3–12 Existing Provisioned Directory Information for Access Manager


Label and State File Parameter	Description
User Naming Attribute `IS_USER_NAMING_ATTR`	Naming attribute used for users in the provisioned directory. The default value is `uid`.

No Existing Provisioned Directory Found

If the installer does not find an existing provisioned directory, you can choose whether to use an existing provisioned directory. If you answer yes to the first question in this table, you must answer the remaining questions in the table.

Table 3–13 No Existing Provisioned Directory Information for Access Manager


Label and State File Parameter	Description
Is Directory Server provisioned with user data? `IS_LOAD_DIT`	Specifies whether you want to use an existing provisioned directory. Permitted values are `y` or `n`. The default value is `n`.
Organization Marker Object Class `IS_ORG_OBJECT_CLASS`	Object class defined for the organization in the existing provisioned directory. This value is used only if the value for the first item in this table is `y`. The default value is `SunISManagedOrganization`.
Organization Naming Attribute `IS_ORG_NAMING_ATTR`	Naming attribute used to define organizations in the existing provisioned directory. This value is used only if the value for the first item in this table is `y`. The default value is `o`.
User Marker Object Class `IS_USER_OBJECT_CLASS`	Object class defined for users in the existing provisioned directory. This value is used only if the value for the first item in this table is `y`. The default value is `inetorgperson`.
User Naming Attribute `IS_USER_NAMING_ATTR`	Naming attribute used for users in the existing provisioned directory. This value is used only if the value for the first item in this table is `y`. The default value is `uid`.

Access Manager SDK Configuration Information

Access Manager SDK is automatically installed when you install Identity Management and Policy Services Core, a subcomponent of Access Manager. You can also install Access Manager SDK as a discrete product component on a host that is remote from the Access Manager core services.

Before you install Access Manager SDK, the Access Manager core services must be installed and running on a remote host. The web container information and Directory Server configuration information that you provide during this installation must match the web container and Directory Server configuration information that you provided during installation of Access Manager core services.

Note –

When the installer asks for information about the remote web container and Directory Server, default values are displayed based on the local host.

Do not accept the default values; use them only as examples of format. Instead, you must supply the correct remote information.

If you are installing Access Manager SDK as a discrete product component , you must provide the following types of information:

Access Manager SDK Administration Information

The installer needs the following administration information if you are installing only Access Manager SDK.

Table 3–14 Administration Information for Access Manager SDK


Label and State File Parameter	Description
Administrator User ID `IS_ADMIN_USER_ID`	Access Manager top-level administrator. This user has unlimited access to all entries managed by Access Manager. The default name, `amadmin`, cannot be changed. This ensures that the Access Manager administrator role and its privileges are created and mapped properly in Directory Server, allowing you to log onto Access Manager immediately after installation.
Administrator Password `IS_ADMINPASSWD`	Password of the `amadmin` user. The value must have at least eight characters. Set this value to the same value used by Access Manager on the remote host.
LDAP User ID `IS_LDAP_USER`	Bind DN user for LDAP, Membership, and Policy services. This user has read and search access to all Directory Server entries. The default user name, `amldapuser`, cannot be changed.
LDAP Password `IS_LDAPUSERPASSWD`	Password of the `amldapuser` user. This password must be different from the password of the `amadmin` user. It can be any valid Directory Service password. Set this value to the same value used by Access Manager on the remote host.
Password Encryption Key `AM_ENC_PWD`	A string that Access Manager uses to encrypt user passwords. All Access Manager subcomponents must use the same encryption key that the Identity Management and Policy Services Core subcomponent uses. The password encryption key can be blank or at least 12 characters long. To specify the encryption key for Access Manager SDK, do the following: Copy the value for `am.encryption.pwd` as generated by the installation of the core. Paste the copied value into this field.

Access Manager SDK Directory Server Information

The installer needs the following Directory Server information if you are installing Access Manager SDK without other Access Manager subcomponents.

Table 3–15 Directory Server Information for Access Manager SDK


Label and State File Parameter	Description
Directory Server Host `IS_DS_HOSTNAME`	A host name or value that resolves to the host on which Directory Server resides. Set this value to the same value used by Access Manager on the remote host.
Directory Server Port `IS_DS_PORT`	Port on which Directory Server listens for client connections. Set this value to the same value used by Access Manager on the remote host.
Access Manager Directory Root Suffix `IS_ROOT_SUFFIX`	The distinguished name (DN) specified as the Access Manager root suffix when Directory Server was installed. This root suffix indicates the part of the directory that is managed by Access Manager. Set this value to the same value used by Access Manager on the remote host. The default value is based on the fully qualified domain name for this host, without the host name. For example, if this host is `siroe.subdomain.example.com` , the value is `dc=subdomain,dc=example,dc=com`. Use this default value as an example of format only.
Directory Manager DN `IS_DIRMGRDN`	DN of the user who has unrestricted access to Directory Server. Set this value to the same value used by Access Manager on the remote host. The default value is `cn=Directory Manager`.
Directory Manager Password `IS_DIRMGRPASSWD`	Password for the directory manager. Set this value to the same value used by Access Manager on the remote host.

Access Manager SDK Provisioned Directory Information

The information needed to configure a provisioned directory depends on whether the installer detects an existing provisioned directory on your host.

When the installer is generating a state file, IS_EXISTING_DIT_SCHEMA=y is written to the state file if the installer finds an existing provisioned directory. The installer writes IS_EXISTING_DIT_SCHEMA=n to the state file if the installer does not find an existing provisioned directory.

Existing Provisioned Directory Found

If the installer finds an existing provisioned directory, you provide the following information.

Table 3–16 Existing Provisioned Directory Information for Access Manager SDK


Label and State File Parameter	Description
User Naming Attribute `IS_USER_NAMING_ATTR`	Naming attribute used for users in the provisioned directory. The default value is `uid`.

No Existing Provisioned Directory Found

Table 3–17 No Existing Provisioned Directory Information for Access Manager SDK


Label and State File Parameter	Description
Is Directory Server provisioned with user data? `IS_LOAD_DIT`	Specifies whether you want to use an existing provisioned directory. Permitted values are `y` or `n`. The default value is `n`.
Organization Marker Object Class `IS_ORG_OBJECT_CLASS`	Object class defined for the organization in the existing provisioned directory. This value is used only if the value for the first item in this table is `y`. The default value is `SunISManagedOrganization`.
Organization Naming Attribute `IS_ORG_NAMING_ATTR`	Naming attribute used to define organizations in the existing provisioned directory. This value is used only if the value for the first item in this table is `y`. The default value is `o`.
User Marker Object Class `IS_USER_OBJECT_CLASS`	Object class defined for users in the existing provisioned directory. This value is used only if the value for the first item in this table is `y`. The default value is `inetorgperson`.
User Naming Attribute `IS_USER_NAMING_ATTR`	Naming attribute used for users in the existing provisioned directory. This value is used only if the value for the first item in this table is `y`. The default value is `uid`.

Access Manager SDK Web Container Information

The installer needs the following web container information if you are installing only Access Manager SDK.

Table 3–18 Web Container Information for Access Manager SDK


Label and State File Parameter	Description
Host `IS_WS_HOST_NAME`	Host name of the web container that runs Access Manager core services. Use the value specified during the installation of Access Manager on the remote host. There is no default value.
Services Deployment URI `SERVER_DEPLOY_URI`	URI prefix for accessing the HTML pages, classes, and JAR files associated with Access Manager. Set this value to the same value used by Access Manager on the remote host. This URI is used to access the realm (Access Manager 7.x compatible) console. The default value is `amserver`. Do not enter a leading slash.
Cookie Domain `COOKIE_DOMAIN_LIST`	The names of the trusted DNS domains that Access Manager returns to a browser when Access Manager grants a session ID to a user. Set this value to the same value used by Access Manager on the remote host. The default value is the current domain, prefixed by a dot (`.`).
Web Container Hostname `IS_SERVER_HOST`	Host name where the web container that runs Access Manager core services is located.
Web Container Port `IS_SERVER_PORT`	Port number for the web container that runs Access Manager core services.
Web Container Protocol `IS_SERVER_PROTOCOL`	Protocol for listening on the Access Manager web container port. A secure port uses the HTTPS protocol. A non-secure port uses HTTP. The default value is `HTTP.`
Services Port `IS_WS_INSTANCE_PORT` `IS_IAS81INSTANCE_PORT`	Port number of the web container instance that runs Access Manager core services. Use the port number specified when Access Manager core services were installed. Web Server default value is `80`. Application Server default value is `8080`.

Application Server Configuration Information

The installer needs the following information for Application Server:

Application Server Administration Information

Table 3–19 Administration Information for Application Server


Label and State File Parameter	Description
Admin User Name `AS_ADMIN_USER_NAME`	User ID of the Application Server administrator. The default value is the Administrator User ID you provided under Common Server Settings. Note: If you chose to use a single administrator account, this field is not present.
Password `AS_PASSWORD`	Password for the Application Server administrator. The default value is the Administrator Password you provided under Common Server Settings. Minimum of 8 characters. Note: If you chose to use a single administrator account, this field is not present. Note: In the Java ES installer, white space cannot be used in admin passwords, nor can the following symbols: `; & ( ) ! \| < > ' “ $ ^ \ # / , @ %`
Admin Port `AS_ADMIN_PORT`	Port on which Application Server’s administrative server listens for HTTPS connections. Provides access to the administration tools. The default value is `4849`.
JMX Port `AS_JMX_PORT`	Port on which Application Server listens for JMX connections. The default value is `8686`.
HTTP Server Port `AS_HTTP_PORT`	Port on which Application Server listens for HTTP connections. The default value is `8080`. If the installer detects that the default port is used, an alternative value is suggested.
HTTPS Port `AS_HTTPS_PORT`	Port on which Application Server listens for HTTPS connections. The default value `is` `8181`.
Master Password `AS_MASTER_PASSWORD`	SSL certificate database password, used for `asadmin` operations such as Domain Administration Server startup and Node Agent startup. The default value is the Administrator Password you provided under Common Server Settings. Minimum of 8 characters.

Application Server Node Agent Information

Table 3–20 Node Agent Information for Application Server


Label and State File Parameter	Description
Admin Host Name `ASNA_ADMIN_HOST_NAME`	Host name for domain administration which the node agent can connect to. The default value is the name of local host, including domain.
Admin User Name `ASNA_ADMIN_USER_NAME`	User ID of the Application Server admin user. The default value is the Administrator User ID you provided under Common Server Settings. Note: If you chose to use a single administrator account, this field is not present.
Password `ASNA_PASSWORD`	Password for the Application Server admin user. There is no default value. Note: If you chose to use a single administrator account, this field is not present. Note: White space cannot be used in admin passwords, nor can the following symbols: `; & ( ) ! \| < > ' “ $ ^ \ # / , @ %`
Master Password `ASNA_MASTER_PASSWORD`	SSL certificate database password, used for `asadmin` operations such as Domain Administration Server startup and Node Agent startup. The default value is the admin password you provided under Common Server Settings.
Admin Port `ASNA_ADMIN_PORT`	Port on which Application Server’s node agent listens for connections. Provides access to the administration tools. The default value is `4849`.
Node Agent Name `ASNA_NODE_AGENT_NAME`	Name of the local node. The default value is the local host name.

Application Server Load Balancing Plugin Information

Table 3–21 Load Balancing Plugin Information for Application Server


Label and State File Parameter	Description
Web server that the load balancing plugin will use `AS_WEB_SERVER_PLUGIN_TYPE`	Choice of Sun Java System Web Server or Apache Web Server. The default value is `Sun Java System Web Server`.
Web server installation directory `AS_WEB_SERVER_LOCATION`	Installation directory for Web Server or Apache HTTP Server. The default value is: Solaris OS: `/opt` Linux : `/opt/sun`
Web Server instance directory `CMN_WS_INSTANCE_DIR`	Instance directory for Web Server or Apache HTTP Server. The default value is: Solaris OS: `/var/opt/SUNWwbsvr7/https-hostname.domainname` Linux : `/var/opt/sun/webserver7/https-hostname.domainname`

Directory Server Configuration Information

The installer needs the following information for Directory Server:

Directory Server Instance Creation Choice Information

Table 3–22 Instance Creation Choice for Directory Server


Label and State File Parameter	Description
Choose to create a directory instance `CREATE_INSTANCE`	Allows you to create a directory instance during installation. this is not a requirement. The default value is `Yes.` If you accept the default, you will be asked to provide the information required to create an instance.

Directory Server Instance Creation Information

This page is displayed when you select Yes on the Directory Server Instance Choice Panel. If you select No, this page is not displayed. If another component requires a Directory Server instance, you will be prompted to either use the instance you can create on this page, or use a previously installed and configured instance of Directory Server.

Table 3–23 Instance Creation Information for Directory Server


Label and State File Parameter	Description
Instance Directory `DSEE_INSTANCE_DIR`	Location of new instance. The default value is: Solaris OS:`/var/opt/SUNWdsee/dsins1` Linux: `/var/opt/sun/dsins1`
Directory Instance Port `DSEE_INSTANCE_PORT`	Unsecure port for the new instance. The default value is `389`.
Directory Instance SSL Port `DSEE_INSTANCE_SSL_PORT`	Secure port for the new instance. The default value is `636`.
Directory Manager DN `DSEE_DN_MANAGER`	Distinguished Name (DN) of the user who has unrestricted access to Directory Server. The default value is `cn=Directory Manager`.
System User `DSEE_INSTANCE_USER`	User ID under which the new instance runs. The default value is `root`.
System Group `DSEE_INSTANCE_GROUP`	Group ID of the new instance. The default value is `root.`
Directory Manager Password `DSEE_INSTANCE_PASSWORD`	Password for the Directory Manager. The default value is the Administrator Password you provided under Common Server Settings. Minimum of 8 characters.
Suffix `DSEE_SUFFIX`	Initial directory suffix managed by this instance. The default value is formed by the segments of the fully qualified domain name for the current host. For example, if you install on `siroe.sub1.example.com` , the default value is `dc=sub1,dc=example,dc=com`.

Directory Server Instance Usage Choice

Table 3–24 Directory Server: Instance Usage Choice


Label and State File Parameter	Description
Choice of Directory Server instance `CREATE_INSTANCE`	Allows you to choose to use the directory server instance you created during installation, or use an existing directory server instance. If you choose to use an existing instance instead of the default, the alternate instance must already be configured. Default value is `yes.`

HADB Configuration Information

The installer needs the following information for HADB.

Table 3–25 Port Selection Information for HADB


Label and State File Parameter	Description
HADB Management Port `HADB_DEFAULT_ADMINPORT`	Port on which the HADB management listens. The default value is `1862`.
HADB Resource Directory `HADB_DEFAULT_RESDIR`	Location where HADB stores resource contents. The default value is `/var/opt`.
HADB Administrator Group `HADB_DEFAULT_GROUP`	The UNIX group (GID) in which the default instance of HADB runs as a user. The default value is `other`.
HADB Automatic Startup `HADB_AUTO_START`	Choose this option to direct the installer to configure HADB to start automatically when the system restarts. The default value is `yes.`
HADB Group Management `HADB_ALLOW_GROUPMANAGE`	Choose this option when you want HADB to be managed by the HADB Administration Group. If this parameter is set to yes, all members belonging to the group (`HADB_DEFAULT_GROUP`) can run and manage HADB. The default value is no.

Portal Server Configuration Information

Portal Server requires a web container. Depending on what web container you choose, the configuration information in the following sections is required by the installer during installation:

Portal Server Web Container Choice

Table 3–26 Web Container Choice for Portal Server


Label and State File Parameter	Description
Web container choice for Portal Server `PS_DEPLOY_TYPE`	Allows you to choose the web container for Portal Server from the following: Java ES Application Server Java ES Web Server BEA WebLogic Server IBM WebSphere Application Server Default value is Web Server. Note: If you are using a third-party web container, that web container must be running at the time of this installation.

Portal Server Java ES Application Server as Web Container

This section describes the information that the installer needs when Application Server is the web container for Portal Server.

Table 3–27 Web Container Information for Portal Server with Application Server


Label and State File Parameter	Description
Installation Directory `PS_DEPLOY_DIR`	Directory in which Application Server is installed. The default value is: Solaris OS: `/opt/SUNWappserver/appserver` Linux : `/opt/sun/appserver`
Domain Name `PS_DEPLOY_DOMAIN`	The Application Server domain to which the Portal Server is deployed. The default value is `domain1`.
Server Instance Directory `PS_DEPLOY_INSTANCE_DIR`	Path to the Application Server directory for the domain to which you want to deploy this Portal Server instance. The default value is: Solaris OS: `/var/opt/SUNWappserver/domains/domain1` Linux : `/var/opt/sun/appserver/domains/domain1`
Server Instance Port `PS_DEPLOY_PORT`	Port on which Application Server listens for connections to the instance. The default value is `8080`.
Document Root Directory `PS_DEPLOY_DOCROOT`	Name of the directory where static pages are kept. The default value is: Solaris OS: `/var/opt/SUNWappserver/domains/domain1/docroot` Linux : `/var/opt/sun/appserver/domains/domain1/docroot`
Administration Port `PS_DEPLOY_ADMIN_PORT`	Port on which the Application Server administration instance is running, for the domain in which Portal Server is being installed. The default value is `4849.`
Administrator User ID `PS_DEPLOY_ADMIN`	User ID that Portal Server uses to access the Application Server as administrator. This is the Access Manager user ID and password. The default value is `admin`.
Administrator Password `PS_DEPLOY_ADMIN_PASSWORD`	Password that the Portal Server uses to access the Application Server as administrator.
Secure Server Instance Protocol `PS_DEPLOY_PROTOCOL`	This protocol specifies whether the value for Server Instance port refers to a secure port. A secure port uses the HTTPS protocol. A non-secure port uses HTTP. In a state file, specify `https` for a secure port or `http` for a non-secure port. The default value is `http`.
Secure Administration Server Port `PS_DEPLOY_ADMIN_PROTOCOL`	This protocol specifies whether the value for Administration port is a secure port. A secure port uses the HTTPS protocol. A non-secure port uses HTTP. In a state file, specify `https` for a secure port or `http` for a non-secure port. The default value is `https`.

Portal Server Java ES Web Server as Web Container

This section describes the information that the installer needs when Web Server is the web container for Portal Server.

Table 3–28 Web Container Information for Portal Server With Web Server


Label and State File Parameter	Description
Installation Directory `PS_DEPLOY_DIR`	Directory in which the Web Server is installed. The default value is: Solaris OS: `/opt/SUNWwbsvr7` Linux: `/opt/sun/webserver7`
Administration Domain `PS_DEPLOY_DOMAIN`	The Web Server domain to which the Portal Server is deployed. The default value is `domain1`.
Instance Directory `PS_INSTANCE_DIR`	Directory in which the Web Server instance is installed. The default value is: Solaris OS: `/var/opt/SUNWwbsvr7-hostname.domainname` Linux : `/var/opt/sun/webserver7-hostname.domainname`
Server Instance Port `PS_DEPLOY_PORT`	Port on which Web Server listens for HTTP connections. The default value is `8800`. If you are installing Web Server in this installer session, the default value is the Web Server HTTP Port (`WS_HTTP_PORT`) value.
Administration Host `PS_DEPLOY_ADMIN_HOST`	Administration Server host name.
Administration Port `PS_DEPLOY_ADMIN_PORT`	Port on which the Web Server administration instance is running, for the domain in which Portal Server is being installed. The default value is `8989.`
Secure Server Admin Protocol `PS_DEPLOY_ADMIN_PROTOCOL`	This protocol specifies whether the port for the Web Server instance is a secure port. A secure port uses the HTTPS protocol. A non-secure port uses HTTP. In a state file, specify `https` for a secure port or `http` for a non-secure port. The default value is selected (`https`).

Portal Server BEA WebLogic as Web Container

This section describes the information the installer needs when BEA WebLogic is the web container for Portal Server.

Table 3–29 Web Container Information for Portal Server With BEA WebLogic


Label and State File Parameter	Description
Installation Directory `PS_DEPLOY_PRODUCT_DIR`	Path to the directory where BEA WebLogic is installed. The default value is `/usr/local/bea/weblogic81`.
Instance Directory `PS_DEPLOY_INSTANCE_DIR`	Path to the directory where BEA WebLogic stores user projects. The default value is `/usr/local/bea/user_projects/domains`.
JDK Home Directory `PS_DEPLOY_JDK_DIR`	Path to the directory where the copy of JDK that BEA WebLogic uses is installed. The default value is `/usr/local/bea/jdk142_05`.
Server / Cluster Port `PS_DEPLOY_PORT`	Number of the port where BEA WebLogic is deployed. The default value is `7001.`
Server / Cluster Protocol `PS_DEPLOY_PROTOCOL`	Specify whether the value for Server / Cluster Port is a secure port. A secure port uses the HTTPS protocol. A non-secure port uses HTTP. The default value is `http`.
Administrator User ID `PS_DEPLOY_ADMIN`	User name of the BEA WebLogic administrator (system user). The default value is `weblogic`.
Administrator Password `PS_DEPLOY_ADMIN_PASSWORD`	Password of the BEA WebLogic administrator (system user).
Administrator Host `PS_DEPLOY_ADMIN_HOST`	Administrator server host name. Fully qualified domain name. For example, `mycomputer.example.com`.
Administrator Port `PS_DEPLOY_ADMIN_PORT`	Default value is `7001.`
Administrator Protocol `PS_DEPLOY_ADMIN_PROTOCOL`	Specify whether the Administrator Port is a secure port. A secure port uses the HTTPS protocol. A non-secure port uses HTTP. The default value is `http`.
Managed Server `PS_DEPLOY_NOW`	Indicates if the BEA WebLogic Server is a managed server. In a state file, specify n for a managed server and y for a non-managed server. The default value is n.

Portal Server IBM WebSphere as Web Container

This section describes the information that the installer needs when IBM WebSphere Application Server is the web container for Portal Server.

Table 3–30 Web Container Information for Portal Server with IBM WebSphere


Label and State File Parameter	Description
Installation Directory `PS_DEPLOY_DIR`	Path to the directory where IBM WebSphere Application Server is installed. The default value is `/opt/IBM/WebSphere/Express51/AppServer`.
Cell Name `PS_DEPLOY_CELL`	Name of the IBM WebSphere Application Server cell. The default value is `DefaultNode`.
Node Name `PS_DEPLOY_NODE`	Name of the IBM WebSphere Application Server node. The default value is `DefaultNode`
Server Instance `PS_DEPLOY_INSTANCE`	Name of the IBM WebSphere Application Server instance. The default value is `server1`.
Server Instance Port `PS_DEPLOY_PORT`	Port on which the IBM WebSphere application instance listens for HTTP connections. Typically, these are configured to come from a front end web server. The default value is `7080.`
Server Instance Protocol `PS_DEPLOY_PROTOCOL`	Specify whether the Server Instance Port is a secure port. A secure port uses the HTTPS protocol. A non-secure port uses HTTP. In a state file, specify `https` for a secure port or `http` for a non-secure port. The default value is `http`.
Document Root Directory `PS_DEPLOY_DOCROOT`	Directory where IBM WebSphere Application Server stores content documents. The default value is `/opt/IBM/WebsSphere/Express51/Appserver/web/docs` If you are using a language other than English, change the final part of the path name.
JDK Home Directory `PS_DEPLOY_JDK_DIR`	Path to the JDK installation that IBM WebSphere Application Server uses. The default value is `/opt/IBM/WebsSphere/Express51/Appserver/java`.
Administrator User ID `PS_DEPLOY_ADMIN`	User name of the WebSphere administrator (system user). The default value is `weblogic`.
Administrator Password `PS_DEPLOY_ADMIN_PASSWORD`	Password of the WebSphere administrator (system user).
Administrator Host `PS_DEPLOY_ADMIN_HOST`	Administrator server host name. Fully qualified domain name. For example, `mycomputer.example.com`.
Administrator Port `PS_DEPLOY_ADMIN_PORT`	The default value is `7090.`
Administrator Protocol `PS_DEPLOY_ADMIN_PROTOCOL`	Specify whether the Administrator Port is a secure port. A secure port uses the HTTPS protocol. A non-secure port uses HTTP. The default value is `http`.

Portal Server Web Container Deployment Information

This section describes web container deployment information that the installer needs for Portal Server.

Table 3–31 Portal Server Web Container Deployment


Label and State File Parameter	Description
Portal Access `PS_PORTALACCESS_URL`	Primary portal instance access URL, using the format `http://hostname.domain:port/portal/dt.`For example, `http://mycomputer.example.com:8080/portal.` Can be set to the load balancer URL except for Gateway/Rewriter/Netlet Proxy-only nodes, in which case, the portal access URL should be the primary portal instance URL and not the load balancer URL.
Portal ID `PS_PORTAL_ID`	Unique identifier for the portal. The default value is `portal1.`
Search ID `PS_SEARCH_ID`	Unique identifier for the search instance within a portal. The default value is `search1.`
Deployment URI `PS_DEPLOY_URI`	Uniform Resource Identifier (URI) prefix for accessing the HTML pages, classes, and JAR files associated with Portal Server. The value must have a leading slash and must contain only one slash. Must be the same as the Portal Access URL, using the format `http://hostname.domain:port/portal`. The default value is `/portal`.
Portal Instance ID `PS_INSTANCE_ID`	Unique identifier for a portal instance within a portal, using format `hostname`-`port`. For example, `mycomputer-8080`.
Enable Secure Remote Access `SRA_SWITCH_CORE`	If you set this parameter to `Enabled,` the installer prompts you for the Portal Server Secure Remote Access gateway information. The default value is `Disabled.`
Developer Sample `PS_DEVELOPER_PORTAL`	Select whether to configure this sample that contains features of interest to developers. The default value is selected.
Enterprise Sample `PS_ENTERPRISE_PORTAL`	Select whether to configure this sample that contains features within a business portal. The default value is selected.
Community Sample `PS_COMMUNITY_PORTAL`	Select whether to configure this sample that contains features for collaboration and community. The default value is selected.

Portal Server Secure Remote Access Configuration Information

This section first describes the configuration information needed for installing the subcomponents of Portal Server Secure Remote Access.

Portal Server Secure Remote Access Gateway Access

When you install Portal Server, Portal Server Secure Remote Access Core is installed. If you have enabled the Enable Secure Remote Access (default value is Disabled), installer prompts you for the information in the following table.

Table 3–32 Portal Server Secure Remote Access Information


Label and State File Parameter	Description
Protocol `SRA_GATEWAY_PROTOCOL`	Protocol that the gateway uses to communicate with Portal Server. A secure port uses the HTTPS protocol. A non-secure port uses HTTP. In a state file, specify `https` for a secure port or `http` for a non-secure port. The default value is `https`.
Portal Server Domain `SRA_SERVER_DOMAIN`	Name of the domain where Portal Server is installed. The default value is the domain name of the host. For example, if the fully qualified domain name is `siroe.subdomain1.example.com`, enter `subdomain1.example.com`.
Gateway Domain `SRA_GATEWAY_DOMAIN`	Name of domain where gateway is installed. The default value is the default domain of the host. For example, if the fully qualified domain name of the gateway host is `siroe.subdomain1.example.com`, enter `subdomain1.example.com` .
Gateway Port `SRA_GATEWAY_PORT`	Port on which the gateway host listens. The default value is `443`.
Gateway Profile Name `SRA_GATEWAY_PROFILE`	Profile that contains gateway configuration information, such as listener port, SSL options, and proxy options. The default value is `default`.
Log User Password `SRA_LOG_USER_PASSWORD`	Password that allows administrators with non-root access to access gateway log files.

Portal Server Secure Remote Access Gateway Configuration

This section describes the gateway information that the installer needs when you are installing the Gateway subcomponent.

Table 3–33 Gateway Information for Portal Server Secure Remote Access Gateway


Label and State File Parameter	Description
Protocol `SRA_GW_PROTOCOL`	Protocol (`HTTP` or `HTTPS`) the gateway uses to communicate. A secure port uses the HTTPS protocol. A non-secure port uses HTTP. In most cases the gateway should use HTTPS. In a state file, specify `https` for a secure port or `http` for a non-secure port. The default value is `https`.
Host Name `SRA_GW_HOSTNAME`	Name of the host on which the gateway subcomponent is installed. For example, if the fully qualified domain name is `siroe.subdomain1.example.com` , the host name is `siroe`. The default value is the name of the local host.
Subdomain `SRA_GW_SUBDOMAIN`	Subdomain name of the gateway host. There is no default value.
Domain `SRA_GW_DOMAIN`	Domain name of the gateway host. For example, if the fully qualified domain name is `siroe.example.com` , this value is `example.com`. The default value is the domain of the local host.
Host IP Address `SRA_GW_IPADDRESS`	IP address of the Access Manager host. Specify the IP address of the host on which Access Manager was installed for Portal Server. The default value is the IP address of the local host.
Access Port `SRA_GW_PORT`	Port on which the gateway host listens. The default value is `443`.
Gateway Profile Name `SRA_GW_PROFILE`	Gateway profile that contains the information related to gateway configuration, such the port on which gateway listens, SSL options, and proxy options. The default value is `default`.

Portal Server Secure Remote Access Netlet Proxy Configuration

This section describes the Netlet Proxy information that the installer needs when you are installing Netlet Proxy.

Table 3–34 Netlet Proxy Information for Portal Server Secure Remote Access Netlet Proxy


Label and State File Parameter	Description
Host Name `SRA_NLP_HOSTNAME`	Name of the host on which the Netlet Proxy subcomponent is installed. For example, if the fully qualified domain name is `siroe.subdomain1.example.com` , the host name is `siroe`. The default value is the name of the local host.
Subdomain `SRA_NLP_SUBDOMAIN`	Name of the subdomain where Netlet Proxy is installed There is no default value.
Domain `SRA_NLP_DOMAIN`	Name of the domain where Netlet Proxy is installed. The default value is the domain of the local host.
Host IP Address `SRA_NLP_IPADDRESS`	IP address of the host where Netlet Proxy is installed. The default value is the IP address of the local host.
Access Port `SRA_NLP_PORT`	Port on which Netlet Proxy listens. The default value is `10555`.
Gateway Profile Name `SRA_NLP_GATEWAY_PROFILE`	Profile that contains gateway configuration information, such as listener port, SSL options, and proxy options. The default value is `default`.

Portal Server Secure Remote Access Rewriter Proxy Configuration

This section describes the Rewriter Proxy information that the installer needs when you are installing Rewriter Proxy.

Table 3–35 Rewriter Proxy Information for Portal Server Secure Remote Access Rewriter Proxy


Label and State File Parameter	Description
Host Name `SRA_RWP_HOSTNAME`	Name of the host on which the Rewriter Proxy subcomponent is installed. For example, if the fully qualified domain name is `siroe.subdomain1.example.com`, the host name is `siroe`. The default value is the name of the local host.
Subdomain `SRA_RWP_SUBDOMAIN`	Name of the subdomain name where Rewriter Proxy is being installed. There is no default value.
Domain `SRA_RWP_DOMAIN`	Name of the domain where Rewriter Proxy is being installed. The default value is the domain name of the local host.
Host IP Address `SRA_RWP_IPADDRESS`	IP address of the host on which you are installing Rewriter Proxy. The default value is the IP address of the local host.
Access Port `SRA_RWP_PORT`	Port on which the Rewriter proxy listens. The default value is `10443`.
Gateway Profile Name `SRA_RWP_GATEWAY_PROFILE`	Profile that contains gateway configuration information, such as listener port, SSL options, and proxy options. The default value is `default`.

Portal Server Secure Remote Access Certificate Information

When you are installing Gateway, Netlet Proxy, or Rewriter Proxy, you can provide information to create a self-signed certificate for use with Portal Server, Secure Remote Access. The installer needs the following information to configure a certificate.

Note –

Do not use multibyte characters when providing certificate information.

Table 3–36 Certificate Information for Portal Server Secure Remote Access Rewriter Proxy


Label and State File Parameter	Description
Organization `SRA_CERT_ORGANIZATION`	Name of your organization or company.
Division `SRA_CERT_DIVISION`	Name of your division.
City/Locality `SRA_CERT_CITY`	Name of your city or locality.
State/Province `SRA_CERT_STATE`	Name of your state or province.
Country Code `SRA_CERT_COUNTRY`	Two-letter country code.
Certificate Database Password `SRA_CERT_PASSWORD`	Password (and confirmation) that applies only to self-signed certificates.

Web Proxy Server Configuration Information

Table 3–37 Administration Information for Web Proxy Server


Label and State File Parameter	Description
Administrator User ID `WPS_ADMIN_USER`	User ID of the Web Proxy Server administrator. The default value is `admin` or the value you provided under Common Server Settings. Note: If you chose to use a single administrator account, this field is not present.
Administrator Password `WPS_ADMIN_PASSWORD`	The password of the Web Proxy Server administrator. The default value is the password you provided under Common Server Settings. Note: If you chose to use a single administrator account, this field is not present. Note: In the Java ES installer, white space cannot be used in admin passwords, nor can the following symbols: `; & ( ) ! \| < > ' “ $ ^ \ # / , @ %`
Proxy Server Domain Name `WPS_PROXY_DOMAIN`	A fully-qualified domain name for the Proxy Server host. For example: `hostname.domain`
Administration Port `WPS_ADMIN_PORT`	Port on which the Web Proxy Server administration server listens for connections. The default value is `8888.`
Admin Server Runtime User ID `WPS_ADMIN_RUNTIME_USER`	The Web Proxy Server administration server runs on the system as this user (UID). Use the name rather than the user ID number. The default value is the value you provided for System Users under Common Server Settings.
Instance Runtime UNIX User ID `WPS_INSTANCE_RUNTIME_USER`	An existing non–root user. The default value is `nobody.`
Proxy Instance Port `WPS_INSTANCE_PORT`	Port on which Web Proxy Server listens for connections. The default value is `8080.`
Instance Auto Start Value `WPS_INSTANCE_AUTO_START`	Used to automatically start the Web Proxy Server instance. Choose this parameter when Web Proxy Server needs to be started at a reboot. Values can be `y` or `n.` The default value is `n.`

Web Server Configuration Information

The installer needs the following information for Web Server:

Web Server Choice of Configuration Type

Table 3–38 Choose Configuration Type for Web Server


Label and State File Parameter	Description
Configure Administration Instance as Server `WS_ADMIN_IS_SERVER_MODE`	The Administration Server is a specially configured Web Server instance used only for administration purposes. In a server farm situation, this is the master administration instance that sends instance-management orders to nodes. Administration applications are deployed on this server. In a standalone installation of Web Server, always select Configure Administration Instance as Server. Configuration information for this setting will be requested on a subsequent page. The default value is selected.
Configure Administration Instance as Node `WS_ADMIN_IS_NODE_MODE`	An administration node is a specially configured Web Server instance that receives commands from the registered Administration Server and performs limited actions on that particular node, such as creating, deleting, starting, and stopping Web Server instances. information for this setting will be requested on a subsequent page. The default value is unselected.
Automatically start server when system starts `WS_START_ON_BOOT`	Configures Web Server so that Web Server starts automatically when the system restarts. If you deploy Access Manager on Web Server, this value is ignored, because the Access Manager startup scripts will start Web Server at system restart. In a state file, the permitted values are `T` or `F`, True or False. The default value is `F`.

Web Server Administration Server Settings

The Web Server Admin Server runs on two ports: SSL (default 8989) and non-SSL (default 8800). If you choose HTTP, then the PS_DEPLOY_ADMIN_PORT parameter must be changed to refer to a non-SSL admin port. Default non-SSL admin port is 8800.

Table 3–39 Administration Server Settings for Web Server


Label and State File Parameter	Description
Administrator User ID `WS_LOGIN_USER`	User ID of the Web Server administrator. The default value is `admin` or the value you provided under Common Server Settings. Note: If you chose to use a single administrator account, this field is not present.
Administrator Password `WS_LOGIN_PASSWORD`	The password of the Web Server administrator. The default value is the value you provided under Common Server Settings. Note: If you chose to use a single administrator account, this field is not present. Note: In the Java ES installer, white space cannot be used in admin passwords, nor can the following symbols: `; & ( ) ! \| < > ' “ $ ^ \ # / , @ %`
Server Host `WS_ADMIN_HOST`	A host and domain value that resolves to the local host. This value is used to create a directory under server root for the first Web Server instance. The default value is automatically created by joining the values that you provided for Host Name and DNS Domain Name under Common Server Settings. The value has the format `hostname`.`domainname`.
SSL Port `WS_ADMIN_SSL_PORT`	Port that is used to run the Administration Server in secure mode. Must be a valid SSL port. if this port is selected, you must specify HTTPS when invoking a URL. The default value is `8989.`
HTTP Port `WS_ADMIN_HTTP_PORT`	Port on which Web Server listens for HTTP connections. The default value is `8800.`
Runtime User ID `WS_ADMIN_SERVER_USER`	The default value is `root` or the value you provided under Common Server Settings. Note: If you chose to use a single administrator account, this field is not present.

Web Server Administration Node Settings

Table 3–40 Administration Node Settings for Web Server


Label and State File Parameter	Description
Node Host `WS_NODE_HOST`	Fully qualified name of host, including domain name.
SSL Port `WS_NODE_SSL_PORT`	Port on which Web Server as agent listens for HTTPS connections. Must be a valid SSL port. The default value is `8989.`
Runtime User ID `WS_INSTANCE_USER`	User ID that the default instance of Web Server uses to run on the system. If you are installing Access Manager or Portal Server, set this value to `root` and set the Runtime Group to `other`. You can change these values after installation. For other servers, the Runtime User ID should be a non-root user. The default value is `root`.
Register Node with Remote Administration Server `WS_REGISTER_NODE`	The default value is selected. If you choose to register node with remote administration server, the following four fields must be filled.
Remote Server Host `WS_ADMIN_HOST`	Fully qualified domain name of the remote host on which the Administration Server is installed.
Remote Server SSL Port `WS_ADMIN_SSL_PORT`	The SSL port on which the remote Administration Server is listening. The default value is `8989.`
Remote Server User Name `WS_ADMIN_LOGIN_USER`	Administrator user name used to log in to the remote Administration Server.
Remote Server Password `WS_ADMIN_LOGIN_PASSWORD`	Password used to log in to the remote Administration Server.

Web Server Instance Settings

Table 3–41 Instance Settings for Web Server


Label and State File Parameter	Description
Server Name `WS_SERVER_NAME`	A host and domain value that resolves to the local host. This value is used to create a directory under server root for the first Web Server instance. The default value is automatically created by joining the values that you provided for Host Name and DNS Domain Name under Common Server Settings. The value has the format `hostname`.`domainname`.
HTTP Port `WS_HTTP_PORT`	Port on which Web Server instance listens for HTTP connections. The default value is `80`.
Runtime UNIX User ID `WS_SERVER_USER`	An existing non–root user. If you are installing Access Manager or Portal Server, set this value to `root` and set the Runtime Group to `other` . You can change these values after installation. For other servers, the Runtime User ID should be a non-root user. Note: If you are using Web Server as the web container, the Web Server runtime instance value must be set to `root.` The default value is `webservd`
Document Root Directory `WS_DOCROOT`	Location where Web Server stores content documents. To use a non-default value, ensure that the directory that you specify is already present in the file system. The installer does not create the directory for you. The default value is: Solaris OS: `/var/opt/SUNWwbsvr7/https-hostname.domain/docs` Linux : `/var/opt/sun/webserver7/https-hostname.domain/docs`

Parameters Used Only in State Files

The following table contains information on state file parameters that are not associated with product component configuration. Parameter names are listed alphabetically.

Table 3–42 State File Parameters


Parameter Name	Description
`CCCP_UPGRADE_EXTERNAL_ \` `INCOMPATIBLE_JDK`	Specifies whether to upgrade the JDK if it is found on the host and is incompatible with the JDK distributed by Java ES. The value can be `yes` or `no`. This parameter is case sensitive. The default value is `no`.
`CONFIG_TYPE`	Defines the configuration type. Permitted values are `Custom`, meaning configure during installation (Configure Now), and `Skip` (meaning configure after installation (Configure Later). The default value is `Custom`. Important: Do not set this value in the state file. Specify this value only when you are running the installer to generate a state file. Configuration type affects the installer processing logic in many ways, and errors could result if you change the value after the state file is generated.
`DeploymentServer`	Specifies the web container type for Access Manager. Permitted values are `WebServer` and `AppServer`. The default value is `AppServer` (Application Server).
`PSDEPLOYTYPE`	Specifies the web container type for Portal Server. Permitted values are `IWS`, `SUNONE8`, `WEBLOGIC`, `WEBSPHERE`.
`LOCALE`	Specifies whether or not language packages are to be installed in addition to English. Values are `True` or `False.` This option is presented with component selection. If `True` is indicated, multilingual packages for all selected components will be installed. If `False,` no locale packages will be installed. The default value is `False.`
`LICENSE_TYPE`	The permitted values are Evaluation and Deployment, but this field is not used.
`PSP_EXIT_ON_DEPENDENCY_WARNING`	Instructs the installer to exit if dependencies of the selected product components are not met. Warnings generally identify dependencies that could be met with remote components that can be specified during configuration. Specify `Yes` to exit the installation on a dependency warning or specify `No` to proceed despite the warning. The default value is `No`. This parameter is not case sensitive.
`PSP_LOG_CURRENTLY_INSTALLED`	Causes the installer to write a list of currently installed products to the log file. This option is the equivalent of the View Currently Installed button on the Component Selection page of the graphical installer. Permitted values are `Yes` and `No`. This parameter is not case sensitive. The default value is `Yes`.
`PSP_SELECTED_COMPONENTS`	A comma-separated list of product components and subcomponents you want to install. The default value is `All`.