Before you can install the Access Manager Client SDK, the Access Manager server must be running on a remote server. You will also need to have ready the following information about the remote installation:
Protocol used by the web contain instance on which the Access Manager server is deployed.
Fully qualified domain name of the host on which Access Manager server is deployed.
Port on which the Access Manager server is running.
Deployment URI for the services web application (by default amserver).
Password encryption key used by the Access Manager server.
Two methods exist for installing the Client SDK. You can automatically install the Client SDK using the Java Enterprise System 5 installer, or you can manually deploy the Client SDK WAR file.
If you install the Access Manager Client SDK by running the Java Enterprise System 5 installer, you must choose the Access Manager Client SDK install option. For detailed information, see Chapter 10, Deploying the Client SDK, in Sun Java System Access Manager 7.1 Postinstallation Guide.
On the Windows platform, you must use the “Configure Manually After Installation” option in the Java Enterprise System 5 installer. For detailed information, see To Install and Configure the Access Manager Client SDK in Sun Java System Access Manager 7.1 Postinstallation Guide. The following is an overview of the steps you must follow
Invoke the Java Enterprise System 5 installer.
Configure and start the Web container.
Edit the file AccessManager-base\identity\setup\AMConfigurator.properties.
See To Install and Configure the Access Manager Client SDK in Sun Java System Access Manager 7.1 Postinstallation Guidefor detailed information.
Run the amconfig.bat command:
# AccessManager-base\identity\setup\amconfig.bat
The following is an overview of the steps you must follow. For detailed information, see Chapter 10, Deploying the Client SDK, in Sun Java System Access Manager 7.1 Postinstallation Guide.
Invoke the JES installer.
Select the web container (Web Server or Application Server) and Access Manager client SDK.
Choose "Configure Now.”
Answer the questions provided by the installer.
After the installation is complete, restart the web container.
The third party web container should already be installed and started.
The following is an overview of the steps you must follow. For detailed information, see Chapter 10, Deploying the Client SDK, in Sun Java System Access Manager 7.1 Postinstallation Guide.
Invoke the JES installer.
Select Access Manager client SDK.
Choose "Configure Later."
After the installation, edit the amsamplesilent file.
Run amconfig with the edited amsamplesilent file.
After the configuration is complete, restart the web container.
The Access Manager server which will be used by the client SDK must be up and running, and you must know the URL for accessing this server.
The machine where the client SDK will be installed must have an Access Manager supported web container installed. Examples of Access Manager supported web containers are Sun Java System Web Server 6.1 sp5, Sun Java System Application Server 8.1, BEA WebLogic Server 8.1 sp4, and IBM Websphere Application Server 5.1.1.5.
The web container instance on which the client SDK will be deployed must be up and running.
The client SDK machine must have access to the Access Manager client SDK package SUNWamclnt through the Java Enterprise System 5 bits or through some other means.
Create a package administration file.
Using a text editor, add the following contents to this file.
mail= instance=unique partial=nocheck runlevel=nocheck idepend=nocheck rdepend=nocheck space=nocheck setuid=nocheck conflict=nocheck action=nocheck basedir=ClientSDK-base-directory
In this example, the package administration file is named /usr/tmp/pkgadmin.
The value for basediris the directory in which you want to install the Access Manager client SDK.
Create a package response file named /usr/tmp/pkgresp.
Using a text editor, place the following three lines (a single y on each line) in this file.
y y y
In the Access Manager package directory, use the pkgadd utility to install the SUNWamclnt package:
cd JES5-Image-root/OperatingSystem-Architecture/Product/identity_svr/Packages
pkgadd -n -a /usr/tmp/pkgadmin -d . -r /usr/tmp/pkgresp -R / SUNWamclnt
In the directory in which you installed the Access Manager client SDK package, make a copy of the file Makefile.clientsdk.
The directory in which you installed the Access Manager client SDK package should be the same as the value you used for basedir in the package administration file in step 1a.
cd ClientSDK-base-directory/SUNWam
cp Makefile.clientsdk Makefile.clientsdk.orig
cd ClientSDK-base-directory/identity
cp Makefile.clientsdk Makefile.clientsdk.orig
In Makefile.clientsdk, edit the following parameters:
Use the following path: /usr/jdk/entsys-j2se
The fully-qualified domain name of the Access Manager server.
If the Access Manager server is SSL-enabled, change this value to HTTPS.
The port number on which the Access Manager server is running.
This value must be the same value used for the Access Manager server. You can obtain the value by running one of the following commands on the Access Manager server:
grep pwd /etc/opt/SUNWam/config/AMConfig.properties
grep pwd /etc/opt/sun/identity/config/AMConfig.properties
(Optional) If you don't want the debug logs stored in the tmp directory, then change this value to the directory where you want debug logs to be created.
Run the make or gmake command:
make -f Makefile.clientsdk
This step generates a sample properties file in the directory temp, standalone samples in the directory clientsdk-samples and a deployable war file, amclientwebapps.war.The following table summarizes the items included in the WAR file.
File |
Description |
---|---|
index.html |
Instructions for installing and using the Client SDK packages |
WEB-INF/web.xml |
Client SDK for stand-alone applications |
WEB-INF/classes/AMClient.properties |
Archive of Access Manager samples, web applications, and Javadoc |
WEB-INF/classes/*.classes |
File for building stand-alone samples and web applications |
WEB-INF/docs |
Javadoc (Public Client SDK APIs) |
WEB-INF/samples |
Sample stand-alone programs |
WEB-INF/webapps |
Sample web applications |
Create a deployment directory for amclientwebapps.war.
mkdir -p ClientSDK-base-directory/SUNWam/web-src/clientsdk
mkdir -p ClientSDK-base-directory/identity/web-src/clientsdK
On the web container instance where you want to use the Access Manager client SDK, deploy the amclientwebapps.war file. See the following examples:
Use the wdeploy command to deploy amclientwebapps.war with a URI of /amcilentwebapps on the Web Server instance https-clientSDKinstance. Example:
WebServer-base-directory/bin/https/httpadmin/bin/wdeploy deploy -u /amclientwebapps -i https-clientSDKinstance -v https-clientsdkinstance -d ClientSDK-base-directory/SUNWam/web-src/clientsdk clientSDK-base-directory/SUNWam/amclientwebapps.war
Using the asadmin command to deploy amclientwebapps.war with a URI of /amclientwebapps on the application server instance clientsSDKinstance. Example:
ApplicationServer-base-directory/appserver/bin/asadmin deploy -user Admin-User-ID --host ApplicationServer-instanceHost --port ApplicationServer-Admin-Port --contextroot amclientwebapps -name amcilentwebapps -target clientSDKinstance ClientSDK-base-directory/SUNWam/amclientwebapps.war
Be sure to use the fully qualified host name for ApplicationServer-instanceHost.
Enter the Application Server administration password when prompted.
Using the asadmin command to deploy amclientwebapps.war with a URI of /amclientwebapps on the application server instance clientsSDKinstance. Example:
ApplicationServer-base-directory/bin/asadmin deploy -user Admin-User-ID --host ApplicationServer-instanceHost --port ApplicationServer-Admin-Port --contextroot amclientwebapps -name amcilentwebapps -target clientSDKinstance ClientSDK-base-directory/SUNWam/amclientwebapps.war
Be sure to use the fully qualified host name for ApplicationServer-instanceHost.
Enter the Application Server administration password when prompted.
If you are deploying the client SDK on a third-party web container such as BEA WebLogic Server or IBM WebSphere Application Server, then see the documentation that comes with that product.
Restart the web container instance on which the Access Manager client SDK was deployed.
If the full server instance being accessed by the client SDK is SSL-enabled, then you must install the root CA certificate of the server's certificate in the web container's JVM-wide cacerts keystore. Alternatively, you can create a keystore on the client SDK machine to contain the server's root CA certificate. Then add the necessary JVM options to the client SDK's web container instance to locate the newly created keystore.