test

Deployment Example 1: Access Manager 7.0 Load Balancing, Distributed Authentication UI, and Session Failover

ProcedureTo Import the Root CA Certificate into the Web Server 1 Key Store

The Web Policy Agent on Protected Resource 1 connects to Access Manager servers through Load Balancer 3. The load balancer is SSL-enabled, so the agent must be able to trust the load balancer SSL certificate in order to establish the SSL connection. To do this, import the root CA certificate that issued the Load Balancer 3 SSL server certificate into the Web Policy Agent certificate store.

Before You Begin

Obtain the root CA certificate, and copy it to ProtectedResource-1.

  1. Copy the root CA certificate to Protected Resource 1.

  2. Open a browser, and go to the Web Server 1 administration console.

    http://ProtectedResource-1.example.com:8888

  3. Log in to the Web Server 2 console using the following information:

    User Name:

    admin

    Password:

    web4dmin

  4. In the Select a Server field, select ProtectedResource-1.example.com, and then click Manage.

    Tip –

    If a “Configuration files have not been loaded” message is displayed, it may be that the administration server has never been accessed, and so the configuration files have never been loaded. First click Apply, and then click Apply Changes. The configuration files are read, and the server is stopped and restarted.

  5. Click the Security tab.

  6. On the Initialize Trust Database page, enter a Database Password.

    Enter the password again to confirm it, and then click OK.

  7. In the left frame, click Install Certificate and provide the following information, and then click OK:

    Certificate For:

    Choose Trusted Certificate Authority (CA).

    Key Pair File Password:

    password

    Certificate Name:

    OpenSSL_CA_Cert

    Message in this File:

    /export/software/ca.cert

  8. Click Add Server Certificate.

  9. Click Manage Certificates.

    The root CA Certificate name OpenSSL_CA_Cert is included in the list of certificates.

  10. Click the Preferences tab.

  11. Restart Web Server 2.

    On the Server On/Off page, click Server Off. When the server indicates that the administration server is off, click Server On.

  12. Configure the Web Policy Agent 1 to point to the Access Manager SSL port.

    1. Edit the AMAgent.properties file.

      # cd /opt/SUNWam/agents/es5/config/
_optSUNWwbsvr_https=ProtectedResource-1.example.com

      Make a backup of the AMAgent.properties file before setting the following property:

      # com.sun.am.naming.url = 
https://LoadBalancer-3.example.com:9443/amserver/namingservice

    2. Save the file.

  13. Restart Web Server 1.

    # cd /opt/SUNWwbsvr/https-ProtectedResource-1.example.com
# ./stop; ./start