Set up a custom user.
Open a browser and go to the Access Manager login URL.
https://LoadBalancer-3.example.com:9443/amserver/UI/Login
Log in to the Access Manager console using the following information:
amadmin
4m4dmin1
On the Access Control tab, click the top-level realm example.com.
Click the Subjects tab.
Click the Agents tab.
On the Agents tab, click the New button.
In the New Agent page, provide the following information, and then click Create.
authuiadmin
4uthu14dmin
On the Agent tab, in the list of Agent names, click on authuiadmin.
Log out of the console.
Define authuiadmin as a special user in Access Manager 1.
As a root user, log in to host AccessManager–1.
Locate the /etc/opt/SUNWam/config/AMConfig.properties file.
Make a backup of this file before you modify it.
In the file, locate the following property:
com.sun.identity.authentication.special.users
At end of the list of values, add the UniversalID that you obtained and saved from the Agents list:
|uid=authuiadmin,ou=agents,o=example.com
This step authorizes the user to authenticate remote applications to the Access Manager server using the Access Manager Client SDK.
Define authuiadmin as a special user in Access Manager 2.
As a root user, log into host AccessManager–2.
Locate the /etc/opt/SUNWam/config/AMConfig.properties file.
Make a backup of this file before you modify it.
In the file, locate the following property:
com.sun.identity.authentication.special.users
At end of the list of values, add the UniversalID that you obtained and saved from the Agents list:
|uid=authuiadmin,ou=agents,o=example.com
This step authorizes the user to authenticate remote applications to the Access Manager server using the Access Manager Client SDK.
Restart both Access Manager 1 server and Access Manager 2 server.
Log out of Access Manager 1 and log out of Access Manager 2.
Define the custom user as a special user on the Authentication UI 1 server.
As a root user log into host AuthenticationUI— 1.
Locate the following file:
opt/SUNWwbsvr/https-AuthenticationUI-1.example.com/ webapps/distAuth/WEB-INF/classes/AMConfig.properties |
Make a backup of this file before you modify it.
In the file, set the following properties:
com.sun.identity.agents.app.username=authuiadmin
com.iplanet.am.service.password=4uthu14dmin
Define the custom user as a special user on the Authentication UI 2 server.
As a root user, log into host AuthenticationUI–2.
Locate the following file:
opt/SUNWwbsvr/https-AuthenticationUI-2.example.com/ webapps/distAuth/WEB-INF/classes |
Make a backup of this file before you modify it.
In the file, set the following properies:
com.sun.identity.agents.app.username=authuiadmin
com.iplanet.am.service.password=4uthu14dmin
Restart Authentication UI 1 server and Authentication UI 2 server.
# cd /opt/SUNWwbsvr/https-AuthenticationUI-1.example.com
# ./stop ; ./start
# cd /opt/SUNWwbsvr/https-AuthenticationUI-2.example.com
# ./stop ; ./start
Log out of Authentication UI 1 server and log out of Authentication UI 2 server.
Verify that everything works.
On Directory Server 1 and Directory Server 2, go to logs directory and run the tail command.
# cd /var/opt/mps/serverroot/slapd-am-config/logs
# tail -f access | grep authuiadmin
In a browser, go to following URL to open the Access Manager login page.
https://LoadBalancer-4.example.com:9443/distAuth/UI/Login?goto=https://LoadBalancer-3.example.com:9443/amserver/UI/Login
Using this URL, you will be able to view entries for the Authentication UI server binding to the Directory Server as the special user authuiadmin.
In the logs, look for entries similar to this:
[12/Jul/2006:21:08:33 -0700] conn=43430 op=0 msgId=1059 - BIND dn="uid=authuiadmin,ou=agents,o=example.com" method=128 version=3 [12/Jul/2006:21:08:33 -0700] conn=43430 op=0 msgId=1059 - RESULT err=0 tag=97 nentries=0 etime=0 dn="uid=authuiadmin,ou=agents,o=example.com"
When you see err=0 in either log, you know that the Authentication UI server successfully logged into the Access Manager server. If the err value is anything other an 0, you must troubleshoot the configuration.
Log in to the Access Manager console using the following information:
amadmin
4m4dmin1
If you can successfully log in, you know that authentication worked successfully
Log out of the console.