Appendix D, Sun Java System Web Servers and Web Policy Agents
Appendix E, WebLogic Application Servers and J2EE Policy Agents
Component |
Description | |
---|---|---|
Host |
Computer system that hosts the Directory Server. |
|
Host Name |
DirectoryServer–1.example.com |
|
Directory Server Administration Instance |
Administration server that manages Directory Server and all its instances. |
|
Port Number |
1391 |
|
Service URL |
http://DirectoryServer–1.example.com:1391 |
|
Instance Directory |
/var/opt/mps/serverroot/admin-serv |
|
Directory Server Configuration Instance |
Instance that stores Directory Server configuration data. |
|
Instance name |
ds-config |
|
Port Number |
1390 |
|
Service URL |
http://DirectoryServer-1.example.com:1390 |
|
Base suffix |
dc=example,dc=com |
|
Super User |
cn=Directory Manager |
|
Super User password |
d1rm4n4ger |
|
Administrative User |
admin |
|
Administrative User Password |
d1r4dmin |
|
Instance Directory |
/var/opt/mps/serverroot/slapd-ds-config |
|
Access Manager Configuration Instance |
Stores Access Manager configuration data. |
|
Instance name |
am-config |
|
Port Number |
1389 |
|
Service URL | ||
Base Suffix |
o=example.com |
|
Replication Manager |
cn=replication manager,cn=replication,cn=config |
|
Replication Manager Password |
replm4n4ger |
|
Instance Directory |
/var/opt/mps/serverroot/slapd-am-config |
|
User Data Store |
Stores Access Manager user data. In this deployment example, the user data store is located on the same computer system as the Access Manager configuration data store. The user data store could also be installed on a different computer system. |
|
Instance Name |
am-users |
|
Port Number |
1489 |
|
Service URL |
http://DirectoryServer-1.example.com:1489 |
|
Base Suffix |
dc=company, dc=com |
|
Users Suffix |
ou=users,dc=company,dc=com |
|
Replication Manager |
cn=replication manager, cn=replication,cn=config |
|
Replication Manager Password |
replm4n4ger |
|
Instance Directory |
/var/opt/mps/serverroot/slapd-am-users |
Table A–2 Directory Server 2 Configuration
Component |
Description | |
---|---|---|
Host |
Computer system that hosts the Directory Server. |
|
Host Name |
DirectoryServer–2.example.com |
|
Directory Server Administration Instance |
Administration server that manages Directory Server and all its instances. |
|
Port Number |
1391 |
|
Service URL |
http://DirectoryServer–2.example.com:1391 |
|
Instance Directory |
/var/opt/mps/serverroot/admin-serv |
|
Directory Server Configuration Instance |
Instance that stores Directory Server configuration data. |
|
Instance name |
ds-config |
|
Port Number |
1390 |
|
Service URL |
http://DirectoryServer-2.example.com:1390 |
|
Base suffix |
dc=example,dc=com |
|
Super User |
cn=Directory Manager |
|
Super User password |
d1rm4n4ger |
|
Administrative User |
admin |
|
Administrative User Password |
d1r4dmin |
|
Instance Directory |
/var/opt/mps/serverroot/slapd-ds-config |
|
Access Manager Configuration Instance |
Stores Access Manager configuration data. |
|
Instance name |
am-config |
|
Port Number |
1389 |
|
Service URL | ||
Base Suffix |
o=example.com |
|
Replication Manager |
cn=replication manager,cn=replication,cn=config |
|
Replication Manager Password |
replm4n4ger |
|
Instance Directory |
/var/opt/mps/serverroot/slapd-am-config |
|
User Data Store |
Stores Access Manager user data. In this deployment example, the user data store is located on the same computer system as the Access Manager configuration data store. The user data store could also be installed on a different computer system. |
|
Instance Name |
am-users |
|
Port Number |
1489 |
|
Service URL |
http://DirectoryServer-2.example.com:1489 |
|
Base Suffix |
dc=company, dc=com |
|
Users Suffix |
ou=users,dc=company,dc=com |
|
Replication Manager |
cn=replication manager, cn=replication,cn=config |
|
Replication Manager Password |
replm4n4ger |
|
Instance Directory |
/var/opt/mps/serverroot/slapd-am-users |
Table A–3 User Data Store Accounts
UserID |
Description | |
---|---|---|
userdbadmin |
Used by the Access Manager servers to connect to the user data store for data management purposes. |
|
Password |
4serd84dmin |
|
DN |
uid=userdbadmin,ou=users,dc=company,dc=com |
|
userdbauthadmin |
Used by the Access Manager servers to authenticate users to the user data store. |
|
Password |
4serd84uth4dmin |
|
DN |
uid=userdbauthadmin,ou=users,dc=company,dc=com |
|
testuser1 |
Used to verify that the policy agents work properly. |
|
Password |
password |
|
DN |
uid=testuser1,ou=users,dc=company,dc=com |
|
testuser2 |
Used to verify that the policy agents work properly. |
|
Password |
password |
|
DN |
uid=testuser2,ou=users,dc=company,dc=com |
Component |
Description | |
---|---|---|
Host |
Computer system that hosts the Access Manager server. |
|
Host Name |
AccessManager-1.example.com |
|
Web Server Administration |
Manages the entire Web Server an all its instances. |
|
Instance name |
admserv |
|
Port Number |
8888 |
|
Service URL |
http://AccessManager–1.example.com:8888 |
|
Administrative User |
admin |
|
Administrative User Password |
web4dmin |
|
Instance Directory |
/opt/SUNWwbsvr/https-admserv |
|
Access Manager Web Server |
Contains the Access Manager applications |
|
Instance name |
AccessManager-1.example.com |
|
Port Number |
1080 |
|
Service URL |
http://AccessManager-1.example.com:1080 |
|
Administrative User |
amadmin |
|
Administrative User Password |
4m4dmin1 |
|
amLDAP user |
amldapuser |
|
amLDAP user Password |
4mld4puser |
|
Instance Directory |
/opt/SUNWwbsvr/https-AccessManager-1.example.com |
Table B–2 Access Manager 2 Configuration
Component |
Description | |
---|---|---|
Host |
Computer system that hosts the Access Manager server. |
|
Host Name |
AccessManager-2.example.com |
|
Web Server Administration |
Manages the entire Web Server an all its instances. |
|
Instance name |
admserv |
|
Port Number |
8888 |
|
Service URL |
http://AccessManager–2.example.com:8888 |
|
Administrative User |
admin |
|
Administrative User Password |
web4dmin |
|
Instance Directory |
/opt/SUNWwbsvr/https-admserv |
|
Access Manager Web Server |
Contains the Access Manager applications |
|
Instance name |
AccessManager-2.example.com |
|
Port Number |
1080 |
|
Service URL |
http://AccessManager-2.example.com:1080 |
|
Administrative User |
amadmin |
|
Administrative User Password |
4m4dmin1 |
|
amLDAP user |
amldapuser |
|
amLDAP user Password |
4mld4puser |
|
Instance Directory |
/opt/SUNWwbsvr/https-AccessManager-1.example.com |
Component |
Description | |
---|---|---|
Host |
Computer system that hosts the Access Manager server. |
|
Host Name |
AuthenticationUI-1.example.com |
|
Web Server Administration |
Manages the entire Web Server an all its instances. |
|
Instance name |
admserv |
|
Port Number |
8888 |
|
Service URL |
http://AuthenticationUI-1..example.com:8888 |
|
Administrative User |
admin |
|
Administrative User Password |
web4dmin |
|
Instance Directory |
/opt/SUNWwbsvr/https-admserv |
|
Distributed Authentication UI Server |
Contains the Distributed Authentication UI module. |
|
Instance name |
AuthenticationUI-1.example.com |
|
Port Number |
1080 |
|
Service URL |
http://AuthenticaitonUI-1.example.com:1080 |
|
Instance Directory |
/opt/SUNWwbsvr/https-AuthenticationUI-1.example.com |
|
User Profile |
Administrative User |
authuiadmin |
Administrative User Password |
4uthu14dmin |
Table C–2 Distributed Authentication UI 2 Configuration
Component |
Description | |
---|---|---|
Host |
Computer system that hosts the Access Manager server. |
|
Host Name |
AuthenticationUI-2.example.com |
|
Web Server Administration |
Manages the entire Web Server an all its instances. |
|
Instance name |
admserv |
|
Port Number |
8888 |
|
Service URL |
http://AuthenticationUI-2..example.com:8888 |
|
Administrative User |
admin |
|
Administrative User Password |
web4dmin |
|
Instance Directory |
/opt/SUNWwbsvr/https-admserv |
|
Distributed Authentication UI Server |
Contains the Distributed Authentication UI module. |
|
Instance name |
AuthenticationUI-2.example.com |
|
Port Number |
1080 |
|
Service URL |
http://AuthenticaitonUI-2.example.com:1080 |
|
Instance Directory |
/opt/SUNWwbsvr/https-AuthenticationUI-2.example.com |
|
User Profile |
Administrative User |
authuiadmin |
Administrative User Password |
4uthu14dmin |
Component |
Description | |
---|---|---|
Host |
Computer system that hosts Web Server 1 |
|
Host Name |
ProtectedResource-1.example.com |
|
Web Server Administration Server |
Manages the entire Web Server and all its instancces. |
|
Instance Name |
admserv |
|
Port Number |
8888 |
|
Administrative User |
admin |
|
Administrative User Password |
web4dmin |
|
Instance Directory |
/opt/SUNWwbsvr/https-admserv |
|
Web Policy Agent Instance |
Server instance that contains the web server and web policy agent. |
|
Instance Name |
ProtectedResource-1.example.com |
|
Port Number |
1080 |
|
Instance Directory |
/opt/SUNWwbsvr/https-ProtectedResource-1.example.com |
|
Web Agent Profile | ||
Administrative User |
webagent-1 |
|
Administrative User Password |
web4gent1 |
Table D–2 Protected Resource 2 Web Server and Web Policy Agent 2 Configurations
Component |
Description | |
---|---|---|
Host |
Computer system that hosts Web Server 2 |
|
Host Name |
ProtectedResource-2.example.com |
|
Web Server Administration Server |
Manages the entire Web Server and all its instances. |
|
Instance Name |
admserv |
|
Port Number |
8888 |
|
Administrative User |
admin |
|
Administrative User Password |
web4dmin |
|
Instance Directory |
/opt/SUNWwbsvr/https-admserv |
|
Web Policy Agent Instance |
Server instance which contains the web server and web policy agent. |
|
Instance Name |
ProtectedResource-2.example.com |
|
Port Number |
1080 |
|
Instance Directory |
/opt/SUNWwbsvr/https-ProtectedResource-2.example.com |
|
Web Agent Profile | ||
Administrative User |
admin |
|
Administrative User Password |
web4dmin |
Component |
Description | |
---|---|---|
Host |
Computer system that hosts Application Server 1 |
|
Host Name |
ProtectedResource-1.example.com |
|
WebLogic Administration Server |
Manages the entire Application Server and all its instances |
|
Instance Name |
AdminServer |
|
Port Number |
7001 |
|
Administrative User |
weblogic |
|
Administrative User Password |
w3bl0g1c |
|
Instance Directory |
/usr/local/bea/user_projects/domains/ProtectedResource-1/servers/AdminServer |
|
WebLogic Domain |
Stores configuration information for this Application Server instance. |
|
Instance Name |
ProtectedResource-1 |
|
Instance Directory |
/usr/local/bea/user_projects/domains/ProtectedResource-1 |
|
J2EE Policy Agent Instance |
Server instance which contains the Application Server and J2EE policy agent. |
|
Instance Name |
ApplicationServer-1 |
|
Port Number |
1081 |
|
Instance Directory |
/usr/local/bea/user_projects/domains/ProtectedResource-1/servers/ApplicationServer-1 |
|
J2EE Policy Agent Profile | ||
Administrative User |
j2eeagent-1 |
|
Administrative User Password |
j2ee4gent1 |
Table E–2 Protected Resource 2 Application Server and J2EE Policy Agent 2 Configurations
Component |
Description | |
---|---|---|
Host |
Computer system that hosts Application Server 2 |
|
Host Name |
ProtectedResource-2.example.com |
|
WebLogic Administration Server |
Manages the entire Application Server an all its instances. |
|
Instance Name |
AdminServer |
|
Port Number |
7001 |
|
Administrative User |
weblogic |
|
Administrative User Password |
w3bl0g1c |
|
Instance Directory |
/usr/local/bea/user_projects/domains/ProtectedResource-2/servers/AdminServer |
|
WebLogic Domain |
Stores configuration information for this Application Server instance. |
|
Instance Name |
ProtectedResource-2 |
|
Instance Directory |
/usr/local/bea/user_projects/domains/ProtectedResource-2 |
|
J2EE Policy Agent Instance |
Server instances which contains the Application Server and J2EE web policy agent. |
|
Instance Name |
ApplicationServer-2 |
|
Port Number |
1081 |
|
Instance Directory |
/usr/local/bea/user_projects/domains/ProtectedResource-2/servers/ApplicationServer-2 |
|
J2EE Policy Agent Profile | ||
Administrative User |
j2eeagent-2 |
|
Administrative User Password |
j2ee4gent2 |
Component |
Description | |
---|---|---|
Host |
Computer system that hosts all virtual servers in this deployment example. |
|
Host Name |
is-f5.example.com |
|
Load Balancer 1 Access Manager Configuration Stores |
Virtual Service Address for the Access Manager configuration store. Configured for cookie and IP-based stickiness and TCP (HTTP and LDAP) load balancing. |
|
Instance Name |
LoadBalancer-1 |
|
Port Number |
389 |
|
Pool Name |
AccessManager-Pool |
|
Virtual Server and Port Number |
LoadBalancer-1.example.com:389 |
|
Monitor |
ldap-tcp |
|
Load Balancer 2 Directory Server User Data Stores |
Virtual Service Address for the User Data store. |
|
Instance Name |
LoadBalancer-2 |
|
Port Number |
489 |
|
Pool Name |
DirectoryServer-UserData-Pool |
|
Virtual Server and Port Number |
LoadBalancer-2.example.com:489 |
|
Monitor |
ldap-tcp |
|
Load Balancer 3 Access Manager Servers |
Virtual Service Address for the Access Manager Web Server instances. SSL is terminated at this at this load balancer before the request is forwarded to the Access Manager Servers. This load-balancer is the single point-of-failure for Access Manager and can be considered a limitation of this deployment example. Configured for cookie and IP— based stickiness and TCP (HTTP and LDAP) load balancing. External users access port 9443, while internal users will access port 90. |
|
Instance Name |
LoadBalancer-3 |
|
Port Number |
90 and 9443 |
|
Pool Name |
AccessManager-Pool |
|
Virtual Server and Port Number |
LoadBalancer-3.example.com:90 |
|
Monitor |
AccessManager-http |
|
Load Balancer 4 Distributed Authentication UI Servers |
Virtual Service Address for the Distributed Authentication UI web server instances. SSL is terminated at this load balancer before the request is forwarded to the Distributed Authentication UI servers. Configured for cookie and IP-based stickiness and TCP (HTTP and LDAP) load balancing. |
|
Instance Name |
LoadBalancer-4 |
|
Port Number |
90 and 9443 |
|
Pool Name |
AuthenticationUI-Pool |
|
Virtual Server and Port Number |
LoadBalancer-4.example.com:90 |
|
Monitor |
http-monitor |
|
Load Balancer 5 Web Policy Agents |
Virtual Service Address for Web Policy Agents. Configured for cookie and IP— based stickiness and TCP (HTTP and LDAP) load balancing. |
|
Instance Name |
LoadBalancer-5 |
|
Port Number |
90 |
|
Pool Name |
WebAgent-Pool |
|
Virtual Server and Port Number |
LoadBalancer-5.example.com:90 |
|
Monitor |
WebAgent-http |
|
Load Balancer 6 J2EE Policy Agents |
Virtual Service Address for J2EE Policy Agents Configured for cookie and IP-based stickiness and TCP (HTTP and LDAP) load balancing. |
|
Instance Name |
LoadBalancer-6 |
|
Port Number |
91 |
|
Pool Name |
J2EEAgent-Pool |
|
Virtual Server and Port Number |
LoadBalancer-6.example.com:91 |
|
Monitor |
tcp |
Component |
Description | |
---|---|---|
Host |
Computer system that hosts the Message Queue server. |
|
Host Name |
MessageQueue-1.example.com |
|
Message Queue 1 |
Serves as a communications broker that enables Access Manager to communicate data with the session store. |
|
Instance Name |
msgqbroker |
|
Port Number |
7777 |
|
Administrative User |
msgquser |
|
Administrative User Password |
m5gqu5er |
|
Instance Directory |
/opt/SUNWam |
Table G–2 Message Queue 2 Configuration
Component |
Description | |
---|---|---|
Host |
Computer system that hosts the Message Queue server. |
|
Host Name |
MessageQueue-2.example.com |
|
Message Queue 2 |
Serves as a communications broker that enables Access Manager to communicate data with the session store. |
|
Instance Name |
msgqbroker |
|
Port Number |
7777 |
|
Administrative User |
msgquser |
|
Administrative User Password |
m5gqu5er |
|
Instance Directory |
/opt/SUNWam |
The information in this appendix will be updated as more information becomes available.
Table H–1 Known Issues and Limitations
Reference Number |
Description |
||
---|---|---|---|
6490164 |
Installing Access Manager with upper case results in “No Such Orrganization” error. If you install Access Manager with the server host name and domain name in mixed-case letters, you may not be able to access the Access Manager console. A “No Such Organization” or “No Such Domain” message is displayed. Workaround: Log in to the Access Manager console using the fully-qualified DN of the amadmin such asuid=amAdmin,ou=People,o=example.com, then add you fully-qualified server name in all-lowercase letters to the Realm/DNS Alias list of the top-level realm. Click the top-level realm to see the realm properties, and you will see the list of Realm/DNS Aliases. |
||
6477741 |
Exception is thrown when you run the agentadmin utility. The following exception is thrown when you run the agentadmin utility from the J2EE Policy Agent2.2 server (Hotpatch 3 for BEA Appserver 9.1).
|
||
6476271 |
BEA servers do not start up when startup script is not configured properly. The BEA administration server and managed server will not start up if the start up script is not configured properly. When using J2EE Policy Agent 2.2 (Hotpatch-3) on BEA Application Server 9.1, you must append the following to the end of the file setDomainEnv.sh file:
The setDomainEnv.sh file contains the call to commEnv.sh. |
||
6472662 |
When SSL terminates at the Access Manager load balancer, the console application changes protocol from HTTPS to HTTP. When you try to access the Access Manager load balancer with a URL such as https://loadbalancerURL:port/amserver/console, you cannot access log in page because the console application changes the protocol from HTTPS to HTTP. Workaround:When you access the Access Manager load balancer, manually modify the URL to the following: https://loadbalancerURL:port/amserver/UI/Login. |
||
6482952 |
J2EE policy agent redirects to the context root in the goto URL . The problem occurs when testing the sample application for the J2EE Policy Agent 2.2 for BEA Weblogic 9.1 Application Server. If you access a URL such as http://agentLoadBalancerURL:port/agentsample/protectedservlet, you are redirected to the Access Manager login page, but the goto part of the URL contains only this: =http%3A%2F%2FagentLoadBalancerURL%3Aport%2Fagentsample. The result is that after successful authentication, you are redirected to the index page of the application, and not the page that you had requested. Workaround: There is no workaround at this time. |
||
6363157 |
Performance is impacted due to unnecessary persistent searches. The problem can occur, for example, when Access Manager uses LDAP roles. Persistent search is not necessary in this case, and one should be able to disable persistent searches without introducing additional risks to the system. Workaround: There is no workaround at this time. |
||
6489403 |
Login to a sub-realm fails when using the Distributed Authentication UI. The problem occurs when you attempt to access a sub-realm using a URL such as the following: http://AuthenticationUIserver:1080/distAuth/UI/Login?realm=users&goto=http://hostName.domainName.com:1080 Instead of a login page, the following message is displayed: "No such Organization found.” Workaround: There is no workaround at this time. |
||
6467562 |
Filtered role name missing ou=service in the container JAAS Subject. When trying to use declarative security with J2EE agents, for any user in a sub-realm the role membership is not populated properly within the container JAAS Subject. It is missing ou=services in the jaas_subject role names. There is a mismatch between the role name returned from the Access Manager server and what is seen in the JAAS Subject. Workaround: In the AMAgent.properties file, remove the ou=services part in the mapping key com.sun.identity.agents.config.privileged.attribute.mapping . For example, change this:
to
|