To Configure Access Manager Using the amconfig Script (Sun Java System Access Manager 7.1 Postinstallation Guide)

Sun Java System Access Manager 7.1 Postinstallation Guide

To Configure Access Manager Using the `amconfig` Script

Copy and edit the amsamplesilent file.
1. Copy the amsamplesilent file to a writable directory and make that directory your current directory.
  
  For example, you might create a directory named /newinstances.
2. Rename the copy of the amsamplesilent file to describe the new instance you want to configure.
  
  For example, if you plan to create a new Access Manager instance for Web Server 7, you might rename the file to amwebsvr7.
3. Set the variables in the amwebsvr7 file to configure or reconfigure the new instance.
  
  For example, to configure Access Manager in Realm Mode:
```
AM_REALM=enabled
DEPLOY_LEVEL=1
NEW_INSTANCE=false
WEB_CONTAINER=WS # Web Server 7 is the web container
DIRECTORY_MODE=4  # Directory Server is provisioned with user data
AM_ENC_PW=password-encryption-key-value-from-the-first-Access-Manager-instance
...
```
Considerations for setting variables in the amsamplesilent file:
- If you are using non-default naming attributes and object classes, specify the custom values as appropriate for the user naming and organization naming attributes and object classes. Also, all deploy URIs (SERVER_DEPLOY_URI, CONSOLE_DEPLOY_URI, PASSWORD_DEPLOY_URI, and COMMON_DEPLOY_URI) for the web applications must match the previous installation.
- Use the same password encryption key as the first instance, as described in following Caution.
  
  Caution –
  In a multiple server deployment that shares the same Directory Server, all Access Manager instances must use the same value for the password encryption key.
  
  If you run the Java ES installer to install Access Manager on subsequent (second, third, and so on) servers in a multiple server deployment, the installer generates a new random password encryption key for each server. Therefore, when you run the installer on a subsequent server, use the encryption key value from the first Access Manager instance, which you can copy from the am.encryption.pwd attribute in the AMConfig.properties file and set as follows:
  - Configure Now option. Replace the new random encryption key generated by the installer with the encryption key value from the first instance.
  - Configure Later option. Set the AM_ENC_PWD variable in the copy of the amsamplesilent file with the encryption key value from the first instance before you run the amconfig script.
  However, if you need to change the password encryption key for an Access Manager instance, see Chapter 13, Changing the Password Encryption Key.

Run the amconfig script.

For example, on Solaris systems with Access Manager installed in the default directory, run amconfig using the new amwebsvr7 file as the configuration input file:
```
# cd /opt/SUNWam/bin/
# ./amconfig -s ./newinstances/amwebsvr7
```
Specify the full path to the amsamplesilent file (or copy of the file).

The amconfigscript reads the variables in the amwebsvr7 file and then runs in silent mode (-s option) to configure Access manager for the web container.

For more information about the amsamplesilent file and running the amconfig script, see Chapter 2, Running the Access Manager amconfig Script.

In case you might need to reconfigure or uninstall this instance later, save the new amwebsvr7 file.