Deployment Example 1: Access Manager 7.0 Load Balancing, Distributed Authentication UI, and Session Failover

ProcedureTo Configure the Realm Authentication

  1. Modify the User Profile.

    1. Click Realms.

    2. On the Access Control tab, under Realms, select the new realm users.

    3. Click the Authentication tab.

    4. In the General section, click Advanced Properties.

    5. In the Core page, in the Realm Attributes section, change the User Profile attribute to Ignored.

      Access Manager is configured to use only the existing Directory Server for authentication, and a full User Profile may not exist. That's why the attribute is set to Ignored in this example.

    6. Click Save.

      The changes are saved, and the Core > Realm Attributes page is displayed.

  2. Create a new authentication module.

    1. Click Edit Realm to return to the users — Authentication page.

    2. In the Module Instances section, click New.

    3. In the New Module Instance page set the following attributes:


      Enter usersLDAP.


      Choose LDAP.

    4. Click Create.

      The new module is created, and the users — Authentication page is displayed.

  3. Configure the new realm.

    1. In the users — Authentication page, in the New Module Instances section, click the New Instance named usersLDAP.

    2. In the LDAP > Realm Attributes page, set the following attributes:

      Primary LDAP Server
      1. In the Add field, enter the hostname and port number for the load balancer for the user data .

      2. In the server listbox, select the default server, then click Remove.

      DN to Start User Search
      1. In the Add field, enter dc=company,dc=com and then click Add.

      2. Select the default entry, and then click Remove.

      DN for Root User Bind


      Password for Root User Bind


      Password for Root User Bind (confirm)


      These values were imported into the user data store in a previous task. See To Import Users into the User Data Store.

    3. Click Save.

      The changes are saved, and the users — Authentication page is displayed.

  4. Configure the default ldapService chain to use the new authentication module.

    1. In the Authentication Chaining section, click on the default ldapService chain to configure it.

    2. On the ldapService - Edit Authentication Chain page, in the Instance column, choose usersLDAP.

    3. In the Criteria column, set the attribute to Required .

    4. Click Save.

  5. Remove the LDAP authentication module.

    This module is automatically inherited from the default realm and it authenticates against the Access Manager configuration directory. The module is no longer needed now that the usersLDAP module will be used for authentication.

    1. Click Edit Realm > users.

    2. Under Module Instances section, mark the checkbox for the existing realm named LDAP.

    3. Click Delete.

      The LDAP authentication module is deleted, and the users — Authentication page is displayed.

  6. On the users — Authentication page, click Save.

    Changes you made in the previous steps are saved.