Use the following as your checklist for installing the Access Manager servers:
Configure the Access Manager infrastructure to work with multiple instances.
Back up the Access Manager configuration in Directory Server.
You must have a CD image of the Sun Java Enterprise System product mounted on the host computer system where you are installing Access Manger. For information on obtaining and mounting the Sun Java Enterprise System, see 3.2 Downloading and Mounting the Java Enterprise System 2005Q4 Installer in this document.
As a root user, log into host AccessManager-1.
Unzip the two zip files that comprise the Java Enterprise System installer binaries.
Start the installer with the -nodisplay option.
# cd /mnt/Solaris_sparc # ./installer -nodisplay |
When prompted, provide the following information:
|
Press Enter. |
|
|
Press Enter. |
|
|
Enter n. |
|
|
Enter y. |
|
|
Enter 8 for “English only.” |
|
|
Press ENTER to continue. |
|
|
Enter 3,9,12 to select Web Server, Access Manager, and Message Queue. The Message Queue packages you install now will be used when you implement session failover later in the deployment. |
|
|
Enter -20 to deselect Directory Server. |
|
|
Press Enter. |
|
|
Enter D. |
|
|
Press Enter. |
|
|
Enter 2. |
|
|
Enter 1. |
|
|
Enter 1. |
|
|
Accept the default value. |
|
|
Accept the default value. |
|
|
Accept the default value. |
|
|
Enter 1 to configure now. |
|
|
Accept the default value. |
|
|
Accept the default value. |
|
|
Accept the default value. |
|
|
Accept the default value. |
|
|
For this example, enter web4dmin. |
|
|
Enter the same password again. |
|
|
Accept the default value. |
|
|
Accept the default value. |
|
|
Accept the default value. |
|
|
For this example, enter web4dmin. |
|
|
Enter the same password again. |
|
|
Accept the default value. |
|
|
Accept the default value. |
|
|
Accept the default value. |
|
|
Enter root. |
|
|
Enter root. |
|
|
Enter 1080. |
|
|
Accept the default value. |
|
|
Accept the default value. |
|
|
Accept the default value. |
|
|
For this example, enter 4m4dmin1. |
|
|
Enter the same password again. |
|
|
Accept the default value. |
|
|
For this example, enter 4mld4puser. Much later in the deployment, in a subsequent task, you use this password as the Web Policy Agent “shared secret.” |
|
|
Enter the same password again. |
|
|
Accept the default value and make note of this key string. You will need it when you install Access Manager 2. |
|
|
Enter Realm. |
|
|
Enter 2. |
|
|
Accept the default value. |
|
|
Accept the default value. |
|
|
Accept the default value. |
|
|
Accept the default value. |
|
|
Accept the default value. |
|
|
Accept the default value. |
|
|
Accept the default value. |
|
|
Accept the default value. |
|
|
Accept the default value. |
|
|
Accept the default value. |
|
|
Enter DirectoryServer-1.example.com. |
|
|
Enter 1389. This is the port number you entered for the data instance of Directory Server. |
|
|
Enter o=example.com |
|
|
Accept the default value. |
|
|
For this example, enter d1rm4n4ger. |
|
|
Accept the default value No. |
|
|
First, see the next numbered (Optional) step. When you're ready to install, enter 1 to start the installation. |
(Optional) During installation, you can monitor the log to watch for installation errors. Example:
# cd /var/sadm/install/logs
# tail —f Java_Enterprise_System_install.B xxxxxx
Upon successful installation, enter ! to exit.
Start the Access Manager Web Server.
# cd /opt/SUNWwbsvr/https-AccessManager-1.example.com
# ./stop; # ./start
Verify that Access Manager has been installed successfully.
Go to the Access Manager login URL:
http://AccessManager-1.example.com:1080/amserver/console
Log in to the Access Manager console using the following information:
amadmin
4m4dmin1
You should be able to log in successfully and to navigate to various areas of the console with no error messages.
If you have configured everything so far according to these instructions, and the following error message is displayed “No such Organization found,” it is probably due to the mixed— case Access Manager host names used in this deployment example. For example, the host name AccessManager-1.example.com includes both upper and lower case letters. For more detailed information, see Appendix H, Known Issues and Limitations.
You must have a CD image of the Sun Java Enterprise System product mounted on the host computer system where you are installing Access Manger. For information on obtaining and mounting the Sun Java Enterprise System, see 3.2 Downloading and Mounting the Java Enterprise System 2005Q4 Installer in this document.
As a root user, log in to host AccessManager-2.
Unzip the two zip files that comprise the Java Enterprise System installer binaries.
Start the installer with the -nodisplay option.
# cd /mnt/Solaris_sparc # ./installer -nodisplay |
When prompted, provide the following information:
|
Press Enter. |
||
|
Press Enter. |
||
|
Enter n. |
||
|
Enter yes. |
||
|
Enter 8 for “English only.” |
||
|
Press ENTER to continue. |
||
|
Enter 3,9, 12 to select Web Server, and Access Manager, and Message Queue. The Message Queue packages you install now will be used when you implement session failover later in the deployment. |
||
|
Enter -20 to deselect Directory Server. |
||
|
Press Enter. |
||
|
Enter D. |
||
|
Press Enter. |
||
|
Enter 2. |
||
|
Enter 1. |
||
|
Enter 1. |
||
|
Accept the default value. |
||
|
Accept the default value. |
||
|
Accept the default value. |
||
|
Enter 1 to configure now. |
||
|
Accept the default value. |
||
|
Accept the default value. |
||
|
Accept the default value. |
||
|
Accept the default value. |
||
|
For this example, enter web4dmin. |
||
|
Enter the same password again. |
||
|
Accept the default value. |
||
|
Accept the default value. |
||
|
Accept the default value. |
||
|
For this example, enter web4dmin. |
||
|
Enter the same password again. |
||
|
Accept the default value. |
||
|
Accept the default value. |
||
|
Accept the default value. |
||
|
Enter root. |
||
|
Enter root. |
||
|
Enter 1080. |
||
|
Accept the default value. |
||
|
Accept the default value. |
||
|
Accept the default value. |
||
|
For this example, enter 4m4dmin1. |
||
|
Enter the same password again. |
||
|
Accept the default value. |
||
|
For this example, enter 4mld4puser. Much later in the deployment, in a subsequent task, you use this password as the Web Policy Agent “shared secret.” |
||
|
Enter the same password again. |
||
|
This password encryption key must be identical to the key that was generated and entered when you installed Access Manager 1. In this deployment example, the string is
|
||
|
Enter Realm. |
||
|
Enter 2. |
||
|
Accept the default value. |
||
|
Accept the default value. |
||
|
Accept the default value. |
||
|
Accept the default value. |
||
|
Accept the default value. |
||
|
Accept the default value. |
||
|
Accept the default value. |
||
|
Accept the default value. |
||
|
Accept the default value. |
||
|
Accept the default value. |
||
|
Enter DirectoryServer-2.example.com. |
||
|
Enter 1389. This is the port number you entered for the data instance of Directory Server. |
||
|
Enter o=example.com |
||
|
Accept the default value. |
||
|
For this example, enter d1rm4n4ger. |
||
|
Accept the default value No. |
||
|
First, see the next numbered (Optional) step. When you're ready to install, enter 1 to start the installation. |
(Optional) During installation, you can monitor the log to watch for installation errors. Example:
# cd /var/sadm/install/logs
# tail —f Java_Enterprise_System_install.Bxxxxxx
Upon successful installation, enter ! to exit.
Start the Access Manager Web Server.
# cd /opt/SUNWwbsvr/https-AccessManager-2.example.com
# ./stop
# ./start
Add the lowercase host name accessmanager-2.example.com to the Realm alias list.
This eliminates the need to enter the full path to the user's organization each time you want to log in to Access Manager.
Go to the following URL:
http://AccessManager-1.example.com:1080/amserver/UI/Login?org=example.com
Log in to the Access Manager console using the following information:
amadmin
4m4dmin1
On the Access Control tab, under Realms, click the example.com realm name.
On the General tab, under Realm Attributes, in the Add field enter the name accessmanager-2.example.com (all lowercase).
Click Add, and then click Save.
Click “Log Out.”
Verify that Access Manager has been installed successfully.
Go to the Access Manager login URL:
http://AccessManager-2.example.com:1080/amserver/console
Log in to the Access Manager console using the following information:
amadmin
4m4dmin1
You should be able to log in successfully and to navigate to various areas of the console with no error messages.
Do not try to log in to the second Access Manager server because the instance is not fully configured to be used yet. Access Manager 2 is enabled in the following procedure.
In this procedure, you configure both Access Manager 1 and Access Manager 2 to operate as two instances of a single server. All configuration takes place on the Access Manager 1 host. There is no need to repeat the steps on the Access Manager 2 host.
On AccessManager-1, start a new browser, and go to the URL for the Access Manager console.
Example: http://AccessManager-1.example.com:1080/amserver/console
Log in to the Access Manager console using the following information:
amadmin
4m4dmin1
On the Access Control tab, under Realm Name, click the top-level realm.
In this example, the top-level realm is example.
On the General tab, under Realm Attributes, add AccessManager—2.example.com to the Realms/DNS Aliases list.
Go to Realms > Configuration.
On the Configuration tab, click System Properties > Platform.
On the Platform page, add a new instance name.
Click the Log Out button to log out of the console.
Verify that both Access Manager servers are configured properly.
As a root user, log in to host AccessManager-1.
Restart the Access Manager server by restarting the Web Server.
# cd /opt/SUNWwbsvr/https-AccessManager-1.example.com # ./stop; ./start |
Check for errors on the start-up screen and in the Web Server error log as the server restarts.
As a root user, log in to host AccessManager-2.
Restart the Access Manager server by restarting the Web Server.
# cd /opt/SUNWwbsvr/https-AccessManager-2.example.com # ./stop; ./start |
Check for errors on the start-up screen and in the Web Server error log as the server restarts.
Start a new browser and to go the URL for the other Access Manager server.
Example: http://AccessManager-2.example.com:1080/amserver/console
Log in as to the Access Manager console using the following information:
amadmin
4m4dmin1
If you can log in successfully, close the browser.
If you cannot log in successfully, restart Access Manager 2. Be sure that the Access Manager 2 host can access the Directory Server 1 host.
Log out of the Access Manager console.
When you cannot log in successfully, one way to troubleshoot is to log in using the fully qualified name for the user amadmin . If you can authenticate using the fully qualified name, you can focus on issues other than authentication and log in. In the file /etc/opt/SUNWam/config/AMConfig.properties, look for the following entry:
com.sun.identity.authentication.super.user=uid=amAdmin,ou=People,o=example.com
Use the fully qualified User Name uid=amAdmin,ou=People,o=example.com to log in.
Backing up your Access Manager configuration ensures that if you run into problems later in the deployment, you can revert to this configuration without having to re-install Access Manager.
On Directory Server 1, in the slapd-am-config directory, run the db2ldif script.
# cd /var/opt/mps/serverroot/slapd-am-config/ # ./stop # ./db2ldif -n userroot ldiffile: /var/opt/mps/serverroot/slapd-am-config/ldif/2006_03_14_111537.ldif [14/Mar/2006:11:15:40 -0800] - export userRoot: Processed 112 entries (31%). [14/Mar/2006:11:15:41 -0800] - export userRoot: Processed 224 entries (62%). [14/Mar/2006:11:15:42 -0800] - export userRoot: Processed 338 entries (94%). [14/Mar/2006:11:15:42 -0800] - export userRoot: Processed 360 entries (100%). |
(Optional) You can create a readme file that describes the contents of the new ldif file.
# cd /var/opt/mps/serverroot/slapd-am-config/ldif # ls 2006_03_14_111537.ldif Example-Plugin.ldif Example.ldif European.ldif Example-roles.ldif # cat > README 2006_03_14_111537.ldif: backup after post-am install, pre-patch application ^D # ls -l 2006_03_14_111537.ldif Example-Plugin.ldif Example.ldif European.ldif Example-roles.ldif README |