test

Technical Note: Using Access Manager Distributed Authentication

Initializing the Distributed Authentication Web Application

In order for the Access Manager Client SDK to communicate with Access Manager Server, you must initialize several properties. These properties can be set in one of the following methods:

  1. Through the properties file – Set the properties in a file and provide a path to it at runtime using the —Damconfig=filename command. The properties files should be in the CLASSPATH. The default properties file name is AMConfig.properties and is always read at start-up. A sample AMConfig.properties can be generated using the make -f Makefile.distAuthUI properties command. The AMConfig.properties will be present in the /temp directory.

  2. Through the Java API — 

    com.iplanet.am.util.SystemProperties.initializeProperties

    (where the java.util.Properties file contains the properties).

  3. Individual properties can be set at runtime using the —D flag. For example, -D propertyName=propertyValue.

The properties expected by Distributed Authentication web application are:

Naming URL property

com.iplanet.am.naming.url and com.iplanet.am.naming.failover.url. This is a mandatory property and it specifies the Access Manager Server's Naming URL. For example: 

com.iplanet.am.naming.url=
http://is.example.com/amserver/namingservice
Debug Level and Directory

The com.iplanet.services.debug.level and com.iplanet.services.debug.directoryproperties specify the debug level and directory. The possible values for debug levels are off, error, warning, and message.

Notification URL property:

The web application can register for changes to server attributes. The com.iplanet.am.notification.url property must be set to receive such notifications.

Security Properties

Some of the Access Manager components such as Service Management, User Management, and so forth, require an identity for the client (application) to read configuration data and to identify the client. The identity for the client can be set up by providing either a username and password that can be authenticated, or by providing an implementation for the interface com.sun.identity.security.AppSSOTokenProvider that returns a single-sign-on (SSO) token.

  1. The properties to set the username, password and shared secret are:

    com.sun.identity.agents.app.username

    com.iplanet.am.service.password

    com.iplanet.am.service.secret

  2. The property to set the SSO Token provider:

    com.sun.identity.security.AdminToken

  3. Some of the configuration attributes (such as password) are encrypted and stored in the data store. If such attributes have to be decrypted by the client, the following property must be set, and must be the same as that of the Access Manager Server:

    am.encryption.pwd