Sun Java System Access Manager 7.1 Administration Guide

Chapter 1 The Access Manager Console

The Access Manager console is a web interface that allows administrators with different levels of access to, among other things, create realms and organizations, create or delete users to and from those realms and establish enforcement policies that protect and limit access to realms' resources. In addition, administrators can view and terminate current user sessions and manage their federation configurations (create, delete and modify authentication domains and providers). Users without administrative privileges, on the other hand, can manage personal information (name, e-mail address, telephone number, and so forth), change their password, subscribe and unsubscribe to groups, and view their roles. The Access Manager Console has two, basic views:

Administration View

When a user with an administrative role authenticates to Access Manager, the default view is the Administration view. In this view, the administrator can perform most administrative tasks related to Access Manager. Access Manager can be installed in two different modes; Realms mode and Legacy Mode. Each mode has its own console. For more information on Realm and Legacy Modes, see the Sun Java System Access Manager 7.1 Technical Overview.

Note –

If you install Access Manager 7.1 in Realm Mode, you cannot revert to Legacy Mode. If you install Access Manager in Legacy Mode, you can change to Realm Mode by using the amadmin command. See Changing from Legacy Mode to Realm Mode in the Access Manager Administration Reference for more information.

Realms Mode Console

The Administration console in realms mode enables administrators to manage realm-based access control, default service configuration, Web services and Federation. To access the administrator login screen, use the following address syntax in your browser:

protocol://servername/amserver/UI/Login

protocol is either http: or https, depending upon your deployment.

Figure 1–1 Realms Mode Administration View

Access Manager Console, Realms mode administration
view

Legacy Mode Console

Legacy Mode console is based on the Access Manager 6.3 architecture. This legacy Access Manager architecture uses the LDAP directory information tree (DIT) that comes with Sun Java System Directory Server. In Legacy Mode, both user information and access control information are stored in LDAP organizations. When you choose Legacy Mode, an LDAP organization is the equivalent of an access control realm. Realm information is integrated within LDAP organizations. In Legacy Mode, the Directory Management tab is available for Access Manager-based identity management.

To access the administrator login screen, use the following address syntax in your browser:

protocol://servername/amserver/console

protocol is either http: or https:, depending upon your deployment.

Figure 1–2 Legacy Mode Administration View

Access Manager console, Legacy mode administration
view

Legacy Mode 6.3 Console

Some features of Access Manager 6.3 are not available in the Access Manager 7.1 console. Because of this, administrators can log into the 6.3 console through a 7.1 Legacy deployment. This console is typically used where Access Manager is built upon Sun Java System Portal Server or other Sun Java System communication products that require the use of Sun Java System Directory Server as the central identity repository. Other features, such Delegated Administration and Class of Service, are accessed only through this console.

Note –

Do not interchange between using the 6.3 and 7.1 Legacy mode consoles.

To access the 6.3 console, use the following address syntax in your browser:

protocol://servername/amconsole

protocol is either http: or https:, depending upon your deployment.

Figure 1–3 Legacy 6.3–based Console

Access Manager Legacy mode 6.3–based Console

User Profile View

When a user who has not been assigned an administrative role authenticates to the Access Manager the default view is the user's own User Profile. The User Profile view can be accessed in either Realm or Legacy Mode. The user must enter the user's own username and password at the Login page in order to access this view.

In this view the user can modify the values of the attributes particular to the user's personal profile. This can include, but is not limited to, name, home address and password. The attributes displayed in the User Profile View can be extended.