The Access Manager Client SDK allows you to implement standalone applications that can access an Access Manager server to use services such as authentication, SSO, authorization, auditing, logging, and SAML. This chapter describes these topics:
Requirements for an Access Manager Client SDK deployment include:
An Access Manager server must be running on a remote server. To configure the Client SDK, you will need the following information from this remote installation:
Protocol (http or https) used by web container instance on which the Access Manager server is deployed.
Fully qualified domain name (FQDN) of the host on which the Access Manager server is deployed.
Port on which the Access Manager server is running.
Deployment URI for the services web application (default is amserver).
Password encryption key used by the Access Manager server. The Access Manager Client SDK must use the same password encryption key as the Access Manager server.
The Access Manager Client SDK can be used with a standalone application or installed in one of these web containers:
Sun Java System Application Server
Sun Java System Web Server
BEA WebLogic Server
IBM WebSphere Application Server
For the specific versions supported of each web container, see the Sun Java System Access Manager 7.1 Release Notes.
Installing and configuring (or reconfiguring) the Access Manager Client SDK involves running the Java ES installer and the amconfig script. One or more Access Manager server instances must be installed and running in the deployment.
Log in as or become superuser (root) on the server where you want to deploy the Access Manager Client SDK.
Get the Java ES installer. For information, see Getting the Java ES Installer.
If not already installed, install the web container that you plan to use for the Client SDK:
Web Server or Application Server: Install the web container using the Java ES installer.
BEA WebLogic Server or IBM WebSphere Application Server: Follow the BEA or IBM documentation. See also Chapter 7, Installing and Configuring Third-Party Web Containers.
If you are not using a web container, skip this step.
Install the Access Manager Client SDK by running the Java ES installer with either the Configure Now or Configure Later option. On the installer Component Selection page, check Client SDK.
If you are using the Configure Now option, see Access Manager Client SDK Configuration Variables for the values that you must specify during installation.
If you are using BEA WebLogic Server or IBM WebSphere Application Server as the web container, you must use the Configure Later option.
If you specified the Configure Later option during the previous step, or if you need to reconfigure the Client SDK, run the amconfig script as follows:
Copy the amsamplesilent file and set the configuration variables in the new file. For example, you might name the new file as ClientSDK_config.
On Windows systems, copy the AMConfigurator.properties file to AMConfigurator-clientsdk.properties.
For the variables that you need to set, see Access Manager Client SDK Configuration Variables.
Run the amconfig script using the new configuration file.
For example, on a Solaris system with Access Manager installed in the default directory:
# cd /opt/SUNWam/bin # ./amconfig -s ./ClientSDK_config
On Windows systems, in the amconfig.bat file, change AMConfigurator.properties to AMConfigurator-clientsdk.properties, and then run the edited amconfig.bat file.
Restart the web container for the Access Manager Client SDK.
Variable |
Description |
---|---|
DEPLOY_LEVEL |
DEPLOY_LEVEL=9 - Configure (or reconfigure) the Access Manager Client SDK. DEPLOY_LEVEL=19 - Uninstall the Access Manager Client SDK. |
SERVER_NAME,SERVER_HOST, SERVER_PORT, SERVER_DEPLOY_URI, CONSOLE_DEPLOY_URI ADMINPASSWD, AMLDAPUSERPASSWD, COOKIE_DOMAIN, AM_ENC_PWD |
Corresponding values that used for the full Access Manager server installation. Important You must set the password encryption key (AM_ENC_PWD) to the same value used by the Access Manager server instance. |
ADMIN_PORT |
Same value as the administration port of the web container on the host where the Client SDK is to be deployed. |
DS_HOST, DS_DIRMGRPASSWD, and ROOT_SUFFIX |
Corresponding Directory Server values that were used for the full Access Manager server installation. |
NEW_OWNER and NEW_GROUP |
Runtime user and group that will own the web container processes on which the Access Manager Client SDK will be deployed. |
PAM_SERVICE_NAME |
If the Access Manager Client SDK host is running the Linux OS, set to "password". |
WEB_CONTAINER Web container configuration variables |
Web container on which the Access Manager Client SDK is or will be deployed. For example, if the web container is Sun Java System Web Server 7, set WEB_CONTAINER=WS. Set the configuration variables for the web container specified by WEB_CONTAINER. For more information, see Web Container Configuration Variables. If you are not using a web container or if you don not want to configure the web container, set WEB_CONTAINER to one that is not installed. |
APPLICATION_USER |
User name for the application. Default: anonymous |
APPLICATION_PASSWD |
Password of the user for the application. Default: anonymous |
DEBUG_LEVEL |
Level for the debug service. Values can be: error, warning, or message. Default: error |
DEBUG_DIR |
Directory where the debug files will be created. Default: Solaris systems: /var/opt/SUNWam/logs Linux and HP-UX systems: /var/opt/sun/identity/logs Windows systems: AccessManager-base/identity/debug |
BASEDIR |
Base directory where the Access Manager Client SDK is installed. The default values for BASEDIR are: Solaris systems: /opt Linux and HP-UX systems: /opt/sun Windows systems: AccessManager-base |
CONSOLE_HOST, CONSOLE_PORT, and CONSOLE_PROTOCOL |
Corresponding values for the host on which the Access Manager console has been deployed. |
CONSOLE_REMOTE |
Specifies whether the Access Manager Console is on a different web container than the Access Manager server. The default value is false. |
CLIENT_DEPLOY_URI |
Deployment URI that will be used on the local host by the Access Manager Client SDK. The default value is /amclient. |
To access the Client SDK, use the following URL in your browser:
client_sdk_protocol://client_sdk_server: client_sdk_port/client_sdk_deploy_URI/UI/Login
Where:
client_sdk_protocol |
Protocol (http or https) used by the web container instance on which the Client SDK is deployed. |
client_sdk_server_host |
Fully qualified host name of the Client SDK server. |
client_sdk_server_port |
Port for the host name of the Client SDK. |
client_sdk_deploy_URI |
Deployment URI prefix for the Client SDK. The default value is /amclient. |
For example:
https://clientserver.example.com:80/amclient
After you deploy the Client SDK using either the Java ES installer or the amconfig script with DEPLOY_LEVEL=9, the Client SDK samples are available in the following directory:
Solaris systems: AccessManager-base/SUNWam/war/clientsdk-samples
Linux and HP-UX systems: AccessManager-base/identity/war/clientsdk-samples
Windows systems: AccessManager-base\identity\war\clientsdk-samples
To run the Client SDK command-line samples and standalone applications, follow the instructions in the README.clientsdk file in the following directory:
Solaris systems: AccessManager-base/SUNWam/war
Linux systems: AccessManager-base/identity/war
AccessManager-base represents the Access Manager base installation directory. The default base installation directory depends on your platform:
Solaris systems: /opt
Linux systems: /opt/sun