Documentation Home
> Sun Java System Access Manager 7.1 Postinstallation Guide
Sun Java System Access Manager 7.1 Postinstallation Guide
Book Information
Index
A
B
C
D
F
G
I
J
L
M
N
O
P
R
S
T
U
V
W
Preface
Chapter 1 Getting Started
Overview of the Installation Process
Getting the Java ES Installer
Installation Modes
Installer Configuration Options
Access Manager Single WAR File Deployment
Access Manager amconfig Script and amsamplesilent file
Access Manager Tuning Scripts
Chapter 2 Running the Access Manager amconfig Script
Overview of the amconfig Script and amsamplesilent File
Access Manager amconfig Script
Access Manager amsamplesilent File Configuration Variables
Deployment Mode Variable
Access Manager Configuration Variables
Web Container Configuration Variables
Sun Java System Web Server 7
Sun Java System Web Server 6.1 SP5
Sun Java System Application Server 8.1
BEA WebLogic Server 8.1
IBM WebSphere Application Server 5.1
Directory Server Configuration Variables
Access Manager Deployment Scenarios
Configuring and Reconfiguring an Instance of Access Manager on UNIX and Linux Systems
To Configure or Reconfigure an Instance of Access Manager on UNIX and Linux Systems
Configuring and Reconfiguring an Instance of Access Manager on Windows Systems
To Configure or Reconfigure an Instance of Access Manager on Windows Systems
Uninstalling Access Manager on UNIX and Linux Systems
To Uninstall an Instance of Access Manager on UNIX and Linux Systems
Uninstalling Access Manager on Windows Systems
To Uninstall an Instance of Access Manager on UNIX and Linux Systems
Uninstalling All Access Manager Instances
To Completely Remove Access Manager From a System
Chapter 3 Deploying Multiple Access Manager Instances
Running the Java Enterprise System (Java ES) Installer
Running the Java ES Installer on UNIX and Linux Systems
Running the Java ES Installer on Windows Systems
Configuring Access Manager Using the amconfig Script
To Configure Access Manager Using the amconfig Script
Adding Additional Instances to the Platform Server List and Realm/DNS Aliases
To Add Additional Instances to the Platform Server List and Realm/DNS Aliases in Realm Mode
Adding Additional Instances to the Platform Server List and DNS Alias List in Legacy Mode
To Add Additional Instances to the Platform Server List and DNS Alias List in Legacy Mode
Chapter 4 Configuring Access Manager With a Load Balancer
Configuring an Access Manager Deployment as a Site
Requirements for an Access Manager Site
Access Manager Site Configuration
To Configure Access Manager as a Site in Realm Mode
To Configure Access Manager as a Site in Legacy Mode
Configuring Cookie-Based Sticky Request Routing
To Configure Cookie-Based Sticky Request Routing
Configuring SSL Termination for a Load Balancer
Generating a CSR with the SubjectAltName Extension
To Generate a CSR with the SubjectAltName Extension
Configuring a Load Balancer with SAML
To Configure a Load Balancer with SAML
Setting the fqdnMap Property
Accessing an Access Manager Instance Through a Load Balancer
Chapter 5 Configuring Access Manager Sessions
Setting Session Quota Constraints
Deployment Scenarios for Session Quota Constraints
Multiple Settings For Session Quotas
Configuring Session Quota Constraints
To Configure Session Quota Constraints
Configuring Session Property Change Notifications
To Configure Session Property Change Notifications
Chapter 6 Implementing Session Failover
Access Manager Session Failover Scenario
Installing the Session Failover Components
Configuring Access Manager for Session Failover
1–Disabling Cookie Encoding
2–Modifying the Web Container Server classpath
3–Adding a New User in the Message Queue Server
4–Editing the amsessiondb Script (if Needed)
5–Running the amsfoconfig Script
Requirements to Run the amsfoconfig Script
Functions of the amsfoconfig Script
Running the amsfoconfig Script
To Run the amsfoconfig Script
Variables in the amsfo.conf File
amsfoconfig Script Sample Run
Starting and Stopping the Session Failover Components
Running the amsfo Script
To Run the amsfo Script
Variables in the amsfo.conf Configuration File
Running the amsfopassword Script
To Run the amsfopassword Script
Configuring Session Failover Manually
1–Install the Required Components in the Deployment
2–Configure the Access Manager Deployment as a Site
3–Create a New Secondary Configuration Instance for the Load Balancer
4–Perform Session Failover Miscellaneous Configuration Tasks
5–Start the Session Failover Components
amsessiondb Script
Removing the Session Failover Configuration
To Remove a Session Failover Configuration
Chapter 7 Installing and Configuring Third-Party Web Containers
Requirements For Using a Third-Party Web Container
General Steps For Using a Third-Party Web Container
Installing and Configuring BEA WebLogic Server 8.1 SP4
To Install and Configure BEA WebLogic Application Server 8.1 SP4
WebLogic Application Server 8.1 SP4 Configuration Variables
Installing and Configuring IBM WebSphere Application Server 5.1.1.6
To Install and Configure IBM WebSphere Application Server
IBM WebSphere Application Server Configuration Variables
Installing Access Manager and Other Java ES Components
Configuring Access Manager Using the amconfig Script
To Configure Access Manager Using the amconfig Script
Chapter 8 Configuring Access Manager in SSL Mode
Configuring Access Manager With a Secure Sun Java System Web Server
To Configure a Secure Web Server
Configuring Access Manager with a Secure Sun Java System Application Server
Setting Up Application Server 8.2 With SSL
To Secure the Application Server Instance
Configuring Application Server 8.1 With SSL
Configuring Access Manager in SSL Mode
To Configure Access Manager in SSL Mode
Configuring AMSDK with a Secure BEA WebLogic Server
To Configure a Secure WebLogic Instance
Configuring AMSDK with a Secure IBM WebSphere Application Server
To Configure a Secure WebSphere Instance
Configuring Access Manager With Directory Server in SSL Mode
Configuring Directory Server in SSL Mode
Configuring Access Manager to Connect to an SSL-Enabled Directory Server
To Configure Access Manager to Connect to an SSL-Enabled Directory Server
Chapter 9 Configuring Access Manager to Run as a Non-root User
Creating Non-root Users
Using Port Numbers Lower Than 1024 on Solaris 10 Systems
Installing Sun Java System Directory Server 6.0
To Install Directory Server Enterprise Edition 6.0
Installing Access Manager to Run as a Non-root User With Web Server 7.0
To Install and Configure Access Manager with Web Server 7.0 as the Web Container
Installing Access Manager to Run as a Non-root User With Application Server
To Install and Configure Access Manager with Application Server as the Web Container
Chapter 10 Deploying the Client SDK
Requirements for an Access Manager Client SDK Deployment
Installing and Configuring the Access Manager Client SDK
To Install and Configure the Access Manager Client SDK
Access Manager Client SDK Configuration Variables
Accessing the Client SDK
Running the Client SDK Samples
Chapter 11 Deploying a Distributed Authentication UI Server
Distributed Authentication UI Server Overview
Requirements for a Distributed Authentication UI Server Deployment
Distributed Authentication UI Server Deployment Scenario
Flow for a Distributed Authentication End-User Request
Installing and Configuring a Distributed Authentication UI Server Using the Java ES Installer
To Install and Configure a Distributed Authentication UI Server
Distributed Authentication UI Server Configuration Variables
Deploying a Distributed Authentication UI Server WAR File
Getting the amauthdistui.war File
To Get the amauthdistui.war File:
Copying and Unzipping the amDistAuth.zip File
To Copy and Unzip the amDistAuth.zip File:
Layout of the amDistAuth.zip File
Building the amauthdistui.war File
To Build the amauthdistui.war File:
Deploying the Distributed Authentication UI Server WAR File
To Deploy the Distributed Authentication UI Server WAR File:
Tuning the Web Container
To Tune a Web Container for a Distributed Authentication UI Server
Accessing the Distributed Authentication User Interface Web Application
Chapter 12 Deploying Access Manager as a Single WAR File
Getting an Access Manager 7.1 War File
Requirements for an Access Manager Single WAR File Deployment
Where to Find More Information
Downloading an Access Manager 7.1 WAR File
Sun Download Site
Java EE 5 SDK Web Site
Generating an Access Manager 7.1 WAR File Using the Java ES Installer
To Generate an Access Manager WAR File Using the Java ES Installer
Deploying an Access Manager 7.1 WAR File
Deploying an Access Manager 7.1 WAR File in Sun Java System Web Server 7
To Deploy the Access Manager WAR File in Web Server 7
Deploying an Access Manager 7.1 WAR File in Sun Java System Application Server Enterprise Edition 8.2
To Deploy the Access Manager 7.1 WAR File in Application Server 8.2
Deploying the Access Manager WAR File in BEA WebLogic Server
To Deploy an Access Manager 7.1 WAR File in WebLogic Server
Deploying an Access Manager 7.1 WAR File in IBM WebSphere Application Server
To Deploy an Access Manager 7.1 WAR File in WebSphere Application Server
Adding Access Manager Permissions to the Server Policy File
Modifying the Server Policy File For Specific Applications
Configuring Access Manager 7.1 Using the Configurator
To Configure Access Manager 7.1 Using the Configurator
Access Manager 7.1 Single WAR Bootstrap File
Specifying a Bootstrap File in a Different Directory
To Specify a Bootstrap File in a Different Directory:
Considerations for an Access Manager WAR File Deployment
Using the Access Manager Utilities and Scripts with an Access Manager WAR File Deployment
Using the Utilities and Scripts in the amAdminTools.zip File
To Use the Utilities and Scripts in the amAdminTools.zip File
Using the amSessionTools.zip File For Access Manager Session Failover
To Use the Scripts and Related Files in the amSessionTools.zip File
Managing an Access Manager 7.1 WAR File Deployment
Redeploying an Access Manager Instance
To Redeploy an Access Manager Instance
Removing an Access Manager Instance
To Completely Remove an Access Manager Instance
Migrating From File System Configuration to Directory Server Configuration
To Migrate From File System to Directory Server to Store Configuration Data
Uninstalling Access Manager Using the Java ES Uninstaller
Chapter 13 Changing the Password Encryption Key
Installation Considerations
Changing the Encryption Key Value
To change the password encryption key value
Chapter 14 Removing Access to the Access Manager Console
Removing Access to the Console
To Remove Access to the Console
Appendix A Directory Server Considerations
Configuring a Directory Server That is Not Provisioned With User Data
Configuring a Directory Server That is Provisioned With User Data
To Configure the Directory Server Schema For Access Manager
Indexing Access Manager Attributes in Directory Server
To Add Indexes to Directory Server
Enabling the Directory Server Referential Integrity Plug-in
To Enable the Referential Integrity Plug-in
Disabling Persistent Searches in Directory Server
To Disable Persistent Searches
Configuring a User Directory on a Directory Server Instance Different From the Access Manager Information Tree Node
Configuring Different Root Suffixes for the Access Manager Information Tree and User Directory Nodes
To Configure Different Root Suffixes for the Access Manager Information Tree and User Directory Nodes
Configuring Access Manager With Directory Server in MMR Mode
To Configure Each Access Manager Instance in Realm Mode
To Configure Each Access Manager Instance in Legacy Mode
Specifying a User Naming Attribute Other Than the User ID (uid)
Changing the Naming Attribute Before Running the amconfig Script
To Specify a User Naming Attribute Other Than the User ID (uid)
Changing the Naming Attribute After Installation
To Change the Naming Attribute After Installation
Appendix B Access Manager User LDAP Entries
Object Classes
iplanet-am-session-service Object Class
iplanet-am-user-service Object Class
iplanet-am-managed-person Object Class
sunAMAuthAccountLockout Object Class
inetUser Object Class
iplanet-am-saml-service Object Class
sunIdentityServerDiscoveryService Object Class
sunIdentityServerLibertyPPService Object Class
Attributes
iplanet-am-session-service Object Class Attributes
iplanet-am-session-max-session-time
iplanet-am-session-max-idle-time
iplanet-am-session-max-caching-time
iplanet-am-session-quota-limit
iplanet-am-session-service-status
iplanet-am-session-get-valid-sessions
iplanet-am-session-destroy-sessions
iplanet-am-session-add-session-listener-on-all-sessions
iplanet-am-user-service Object Class Attributes
iplanet-am-user-admin-start-dn
iplanet-am-user-alias-list
iplanet-am-user-auth-config
sunIdentityMSISDNNumber
iplanet-am-user-failure-url
iplanet-am-user-success-url
iplanet-am-user-login-status
iplanet-am-user-password-reset-force-reset
iplanet-am-user-password-reset-options
iplanet-am-user-password-reset-question-answer
iplanet-am-user-service-status
iplanet-am-user-federation-info-key
iplanet-am-user-federation-info
iplanet-am-managed-person Object Class Attributes
iplanet-am-modifiable-by
iplanet-am-role-aci-description
iplanet-am-static-group-dn
iplanet-am-user-account-life
sunAMAuthAccountLockout Object Class Attributes
sunAMAuthInvalidAttemptsData
inetUser Object Class Attributes
inetUserStatus
iplanet-am-saml-service Object Class Attributes
iplanet-am-saml-user
iplanet-am-saml-password
sunIdentityServerDiscoveryService Object Class Attributes
sunIdentityServerDynamicDiscoEntries
sunIdentityServerLibertyPPService Object Class Attributes
sunIdentityServerPPCommonNameCN
sunIdentityServerPPCommonNameAltCN
sunIdentityServerPPCommonNameFN
sunIdentityServerPPCommonNameSN
sunIdentityServerPPCommonNamePT
sunIdentityServerPPCommonNameMN
sunIdentityServerPPInformalName
sunIdentityServerPPLegalIdentityLegalName
sunIdentityServerPPLegalIdentityDOB
sunIdentityServerPPLegalIdentityMaritalStatus
sunIdentityServerPPLegalIdentityGender
sunIdentityServerPPLegalIdentityAltIDType
sunIdentityServerPPLegalIdentityAltIDValue
sunIdentityServerPPLegalIdentityVATIDType
sunIdentityServerPPLegalIdentityVATIDValue
sunIdentityServerPPEmploymentIdentityJobTitle
sunIdentityServerPPEmploymentIdentityOrg
sunIdentityServerPPEmploymentIdentityAltO
sunIdentityServerPPAddressCard
sunIdentityServerPPMsgContact
sunIdentityServerPPFacadeMugShot
sunIdentityServerPPFacadeWebSite
sunIdentityServerPPFacadeNamePronounced
sunIdentityServerPPFacadeGreetSound
sunIdentityServerPPFacadeGreetMeSound
sunIdentityServerPPDemographicsDisplayLanguage
sunIdentityServerPPDemographicsLanguage
sunIdentityServerPPDemographicsBirthday
sunIdentityServerPPDemographicsAge
sunIdentityServerPPDemographicsTimeZone
sunIdentityServerPPSignKey
sunIdentityServerPPEncryptKey
sunIdentityServerPPEmergencyContact
Appendix C Using Active Directory as the User Data Store
Overview of Using Active Directory as the User Data Store
Requirements to Use Active Directory as the User Data Store
Configuring Active Directory With Access Manager Schema Files
To Configure Active Directory with Access Manager Schema Files
Configuring an Access Manager Identity Repository LDAPv3 Data Store For Active Directory
Configuration Example
Operational Notes
Configuring an Authentication Module to Login Through Active Directory
To Configure an Authentication Module to Login Through Active Directory
© 2010, Oracle Corporation and/or its affiliates