test

Deployment Example 1: Access Manager 7.1 Load Balancing, Distributed Authentication UI, and Session Failover

Part III Reference: Summaries of Server and Component Configurations

This section contains component descriptions and configurations for the software and hardware used in this deployment example.

Appendix A Directory Servers

This appendix collects the information regarding the Directory Server instances. It contains the following tables:

Table A–1 DirectoryServer–1 Host Machine Configuration

Components 

Description 

 

Host Name 

DirectoryServer–1.example.com 

Installation Directory 

/var/opt/mps/serverroot/ 

Administrator User 

cn=Directory Manager 

Administrator Password 

d1rm4n4ger 

Access Manager Configuration Data Instance 

Directory Server instance that stores Access Manager configuration data. 
 

Instance Name 

am-config 
 

Instance Directory 

/var/opt/mps/am-config 
 

Port Number 

1389 
 

Base Suffix 

dc=example,dc=com 
 

Administrative User 

cn=Directory Manager 
 

Administrative User Password 

d1rm4n4ger 
 

Replication Manager 

cn=replication manager,cn=replication,cn=config 
 

Replication Manager Password 

replm4n4ger 

User Data Instance 

Directory Server instance that stores user data. 

Note –

In this deployment, user data is stored on the same host machine as the Access Manager configuration data. User data can also be stored on a different host machine.
 

Instance Name 

am-users 
 

Instance Directory 

/var/opt/mps/am-users 
 

Port Number 

1489 
 

Base Suffix 

dc=company,dc=com 
 

Users Suffix 

ou=users,dc=company,dc=com 
 

Administrative User 

cn=Directory Manager 
 

Administrative User Password 

d1rm4n4ger 
 

Replication Manager 

cn=replication manager,cn=replication,cn=config 
 

Replication Manager Password 

replm4n4ger 

Table A–2 DirectoryServer–2 Host Machine Configuration

Component  

Description 

 

Host Name 

DirectoryServer–2.example.com 

Installation Directory 

/var/opt/mps/serverroot/ 

Administrator User 

cn=Directory Manager 

Administrator Password 

d1rm4n4ger 

Access Manager Configuration Data Instance 

Directory Server instance that stores Access Manager configuration data. 
 

Instance Name 

am-config 
 

Instance Directory 

/var/opt/mps/am-config 
 

Port Number 

1389 
 

Base suffix 

dc=example,dc=com 
 

Administrative User 

cn=Directory Manager 
 

Administrative User Password 

d1rm4n4ger 
 

Replication Manager 

cn=replication manager,cn=replication,cn=config 
 

Replication Manager Password 

replm4n4ger 

User Data Instance 

Directory Server instance that stores user data. 

Note –

In this deployment, user data is stored on the same host machine as the Access Manager configuration data. User data can also be stored on a different host machine.
 

Instance Name 

am-users 
 

Instance Directory 

/var/opt/mps/am-users 
 

Port Number 

1489 
 

Base Suffix 

dc=company,dc=com 
 

Users Suffix 

ou=users,dc=company,dc=com 
 

Administrative User 

cn=Directory Manager 
 

Administrative User Password 

d1rm4n4ger 
 

Replication Manager 

cn=replication manager,cn=replication,cn=config 
 

Replication Manager Password 

replm4n4ger 

Table A–3 User Entries

UserID 

Description 

 

testuser1 

Used to verify that the policy agents work properly. 
 

Password 

password 
 

DN 

uid=testuser1,ou=users,dc=company,dc=com 

testuser2 

Used to verify that the policy agents work properly. 
 

Password 

password 
 

DN 

uid=testuser2,ou=users,dc=company,dc=com 

Appendix B Access Manager Servers

This appendix collects the information regarding the Access Manager servers. It contains the following tables:

Table B–1 AccessManager–1 Host Machine Configuration

Component  

Description 

 

Host Name 

AccessManager-1.example.com 

Non-Root User 

am71adm 

Non-Root User Password 

am71a6m 

Web Server Administration Server 

Manages the Web Server application and all instances. 
 

Instance Name 

admin-server 
 

Instance Directory 

/opt/SUNWwbsvr/admin-server 
 

SSL Port 

8989 
 

SSL Service URL 

https://AccessManager–1.example.com:8989 
 

Administrative User 

admin 
 

Administrative User Password 

web4dmin 

Web Server Instance 

Contains the deployed Access Manager applications 
 

Instance name 

AccessManager-1.example.com 
 

Instance Directory 

/opt/SUNWwbsvr/https-AccessManager-1.example.com 
 

Port 

1080 
 

Service URL 

http://AccessManager-1.example.com:1080 
 

Administrative User 

amadmin 
 

Administrative User Password 

4m4dmin1 
 

Deployment URI 

amserver 

Table B–2 AccessManager–2 Host Machine Configuration

Component 

Description 

 

Host Name 

AccessManager-2.example.com 

Non-Root User 

am71adm 

Non-Root User Password 

am71a6m 

Web Server Administration Server 

Manages the Web Server application and all instances. 
 

Instance Name 

admin-server 
 

Instance Directory 

/opt/SUNWwbsvr/admin-server 
 

SSL Port 

8989 
 

SSL Service URL 

https://AccessManager–2.example.com:8989 
 

Administrative User 

admin 
 

Administrative User Password 

web4dmin 

Web Server Instance 

Contains the Access Manager applications 
 

Instance Name 

AccessManager-2.example.com 
 

Instance Directory 

/opt/SUNWwbsvr/https-AccessManager-2.example.com 
 

Port 

1080 
 

Service URL 

http://AccessManager-2.example.com:1080 
 

Administrative User 

amadmin 
 

Administrative User Password 

4m4dmin1 
 

Deployment URI 

amserver 

Appendix C Distributed Authentication User Interfaces

This appendix collects the information regarding the Distributed Authentication User Interfaces. It contains the following tables:

Table C–1 AuthenticationUI–1 Host Machine Configuration

Component  

Description 

 

Host Name 

AuthenticationUI-1.example.com 

Non-Root User 

da71adm 

Non-Root User Password 

6a714dm 

Web Server Administration Server 

Manages the Web Server application and all instances. 
 

Instance Name 

admin-server 
 

Instance Directory 

/opt/SUNWwbsvr/admin-server 
 

SSL Port 

8989 
 

SSL Service URL 

https://AuthenticationUI-1.example.com:8989 
 

Agent Profile 

admin 
 

Agent Profile Password 

web4dmin 

Web Server Instance 

Contains the Distributed Authentication User Interface module. 
 

Instance Name 

AuthenticationUI-1.example.com 
 

Instance Directory 

/opt/SUNWwbsvr/https-AuthenticationUI-1.example.com 
 

Port 

1080 
 

Service URL 

http://AuthenticationUI-1.example.com:1080 
 

Application User 

authuiadmin 
 

Application User Password 

4uthu14dmin 
 

Deployment URI 

distAuth 

Table C–2 AuthenticationUI–2 Host Machine Configuration

Component  

Description 

 

Host Name 

AuthenticationUI-2.example.com 

Non-Root User 

da71adm 

Non-Root User Password 

6a714dm 

Web Server Administration 

Manages the Web Server and all its instances. 
 

Instance Name 

admin-server 
 

Instance Directory 

/opt/SUNWwbsvr/admin-server 
 

Port Number 

8989 
 

Service URL 

https://AuthenticationUI-2.example.com:8989 
 

Administrative User 

admin 
 

Administrative User Password 

web4dmin 

Web Server Instance 

Contains the Distributed Authentication User Interface module. 
 

Instance Name 

AuthenticationUI-2.example.com 
 

Instance Directory 

/opt/SUNWwbsvr/https-AuthenticationUI-2.example.com  
 

Port 

1080 
 

Service URL 

http://AuthenticaitonUI-2.example.com:1080 
 

Agent Profile 

authuiadmin 
 

Agent Profile Password 

4uthu14dmin 
 

Deployment URI 

distAuth 

Appendix D Protected Resources

This appendix collects the information regarding the Protected Resource host machines. It contains the following tables:

Table D–1 Protected Resource 1 Web Server and Web Policy Agent Host Machine Configurations

Component 

Description 

 

Host Name 

ProtectedResource-1.example.com 

Web Server Administration Server 

Manages the Web Server application and all instances. 
 

Instance Name 

admin-server 
 

Instance Directory 

/opt/SUNWwbsvr/admin-server 
 

SSL Port 

8989 
 

SSL Service URL 

https://ProtectedResource-1.example.com:8989 
 

Administrative User 

admin 
 

Administrative User Password 

web4dmin 

Web Server Instance 

Contains the web policy agent. 
 

Instance Name 

ProtectedResource-1.example.com 
 

Instance Directory 

/opt/SUNWwbsvr/https-ProtectedResource-1.example.com 
 

Port 

1080 
 

Protected Resource URL 

http://ProtectedResource–1.example.com:1080 
 

Web Agent Profile 

webagent-1 
 

Web Agent Profile Password 

web4gent1 

Table D–2 Protected Resource 1 Application Server and J2EE Policy Agent Host Machine Configurations

Component 

Description 

 

Host Name 

ProtectedResource-1.example.com 

BEA WebLogic Application Server Home 

/usr/local/bea/ 

BEA WebLogic Application Server Domain 

/usr/local/bea/user_projects/domains/ProtectedResource-1 

WebLogic Administration Server 

Manages the domain and all managed servers 
 

Server Name 

AdminServer 
 

Server Directory 

/usr/local/bea/user_projects/domains/ProtectedResource-1/servers/AdminServer 
 

Port 

7001 
 

Console URL 

http://protectedresource–1.example.com:7001/console 
 

Administrative User 

weblogic 
 

Administrative User Password 

w3bl0g1c 

WebLogic Managed Server 

Contains configuration information for this managed server and the J2EE Policy Agent. 
 

Server Name 

ApplicationServer-1 
 

Server Directory 

/usr/local/bea/user_projects/domains/ProtectedResource-1/servers/ApplicationServer-1 
 

Port 

1081 
 

J2EE Policy Agent Profile 

j2eeagent-1 
 

J2EE Policy Agent Profile Password 

j2ee4gent1 

Table D–3 Protected Resource 2 Web Server and Web Policy Agent Host Machine Configurations

Component 

Description 

 

Host Name 

ProtectedResource-2.example.com 

Web Server Administration Server 

Manages the Web Server application and all instances. 
 

Instance Name 

admin-server 
 

Instance Directory 

/opt/SUNWwbsvr/admin-server 
 

SSL Port 

8989 
 

SSL Service URL 

https://ProtectedResource-2.example.com:8989 
 

Administrative User 

admin 
 

Administrative User Password 

web4dmin 

Web Server Instance 

Contains the web policy agent. 
 

Instance Name 

ProtectedResource-2.example.com 
 

Instance Directory 

/opt/SUNWwbsvr/https-ProtectedResource-2.example.com 
 

Port 

1080 
 

Protected Resource URL 

http://ProtectedResource–2.example.com:1080 
 

Web Agent Profile 

webagent-2 
 

Web Agent Profile Password 

web4gent2 

Table D–4 Protected Resource 2 Application Server and J2EE Policy Agent Host Machine Configurations

Component 

Description 

 

Host Name 

ProtectedResource-2.example.com 

BEA WebLogic Application Server Home 

/usr/local/bea/ 

BEA WebLogic Application Server Domain 

/usr/local/bea/user_projects/domains/ProtectedResource-2 

WebLogic Administration Server 

Manages the domain and all managed servers 
 

Server Name 

AdminServer 
 

Server Directory 

/usr/local/bea/user_projects/domains/ProtectedResource-2/servers/AdminServer 
 

Port 

7001 
 

Console URL 

http://protectedresource–2.example.com:7001/console 
 

Administrative User 

weblogic 
 

Administrative User Password 

w3bl0g1c 

WebLogic Managed Server 

Contains configuration information for this managed server and the J2EE Policy Agent. 
 

Server Name 

ApplicationServer-2 
 

Server Directory 

/usr/local/bea/user_projects/domains/ProtectedResource-2/servers/ApplicationServer-2 
 

Port 

1081 
 

J2EE Policy Agent Profile 

j2eeagent-2 
 

J2EE Policy Agent Profile Password 

j2ee4gent2 

Appendix E Load Balancers

This appendix collects the information regarding the load balancers. It contains the following table:

The BIG-IP load balancer login page and configuration console for all load balancers in this deployment example is accessed from the URL, is-f5.example.com.

Login

username

Password

password

Table E–1 Load Balancer Configurations

Load Balancer 

Description 

 

Load Balancer 1 

Distribution for the two Directory Server instances that contain Access Manager configuration data instance. 
 

Virtual Server 

LoadBalancer-1.example.com 
 

Port 

389 
 

Pool Name 

DirectoryServer-ConfigData-Pool 
 

Access URL 

LoadBalancer-1.example.com:389 
 

Monitor 

ldap-tcp 

Load Balancer 2 

Distribution for the two Directory Server instances that contains user data. 
 

Virtual Server 

LoadBalancer-2.example.com 
 

Port 

489 
 

Pool Name 

DirectoryServer-UserData-Pool 
 

Access URL 

LoadBalancer-2.example.com:489 
 

Monitor 

ldap-tcp 

Load Balancer 3 

Distribution for the two Web Server applications installed on the Access Manager host machines. 

Note –

SSL is terminated at this load balancer before the request is forwarded to Access Manager. This load-balancer is the single point-of-failure for Access Manager and can be considered a limitation of this deployment example.
 

Virtual Server 

LoadBalancer-3.example.com 
 

Port (external access) 

9443 
 

Port (internal access) 

7070 
 

Pool Name 

AccessManager-Pool 
 

External Access URL 

LoadBalancer-3.example.com:9443 
 

Internal Access URL 

LoadBalancer-3.example.com:7070 
 

Monitor 

AccessManager-http 

Load Balancer 4 

Distribution for the two Web Server applications installed on the Distributed Authentication UI host machines. 

Note –

SSL is terminated at this load balancer before the request is forwarded to the Distributed Authentication User Interface.
 

Virtual Server 

LoadBalancer-4.example.com 
 

Port (external access) 

9443 
 

Port (internal access) 

90 
 

Pool Name 

AuthenticationUI-Pool 
 

External Access URL 

LoadBalancer-4.example.com:9443 
 

Internal Access URL 

LoadBalancer-4.example.com:90 
 

Monitor 

HTTP 

Load Balancer 5 

Distribution for Web Policy Agents. 
 

Virtual Server 

LoadBalancer-5 
 

Port 

90 
 

Pool Name 

WebAgent-Pool 
 

Access URL 

LoadBalancer-5.example.com:90 
 

Monitor 

WebAgent-http 

Load Balancer 6 

Distribution for J2EE Policy Agents 
 

Virtual Server 

LoadBalancer-6 
 

Port 

91 
 

Pool Name 

J2EEAgent-Pool 
 

Access URL 

LoadBalancer-6.example.com:91 
 

Monitor 

tcp 

Appendix F Message Queue Servers

Message Queue serves as a communications broker that enables Access Manager to communicate data with the session store. This appendix collects the information regarding the Message Queue servers. It contains the following tables:

Table F–1 Message Queue 1 Host Machine Configuration

Component  

Description 

 

Host Name 

MessageQueue-1.example.com 

Session Tools Scripts Directory 

/export/AMSFO/amSessionTools/amserver 

Message Queue Directory 

/export/AMSFO/amSessionTools/jmq 

Berkeley Database Directory 

/export/AMSFO/amSessionTools/bdb 

Instance Name 

msgqbroker 

Port Number 

7777 

Administrative User 

msgquser 

Administrative User Password 

m5gqu5er 

Table F–2 Message Queue 2 Host Machine Configuration

Component  

Description 

 

Host Name 

MessageQueue-2.example.com 

Session Tools Scripts Directory 

/export/AMSFO/amSessionTools/amserver 

Message Queue Directory 

/export/AMSFO/amSessionTools/jmq 

Berkeley Database Directory 

/export/AMSFO/amSessionTools/bdb 

Instance Name 

msgqbroker 

Port Number 

7777 

Administrative User 

msgquser 

Administrative User Password 

m5gqu5er 

Appendix G Known Issues and Limitations

The issues in this appendix will be updated as more information becomes available.

Table G–1 Known Issues and Limitations

Reference Number 

Description 

6462076 

Single WAR Configurator fails against Directory Server

Access Manager, when deployed as a single WAR, will not configure Directory Server 6 with a single component root suffix (as in dc=example) although it works as expected with multi-component root suffixes (as in dc=example,dc=com).

Workaround: Use multi-component root suffixes.

6472662 

When SSL terminates at the Access Manager load balancer, the console application changes protocol from HTTPS to HTTP.

When you try to access the Access Manager load balancer with a URL such as https://loadbalancer:port/amserver/console or https://loadbalancer:port/amserver/UI/Login, you cannot access the login page because the console application changes the protocol from HTTPS to HTTP.

Workaround: Add <property name="relativeRedirectAllowed" value="true"/> to the sun-web.xml file for the individual instances of Access Manager and restart them.

Caution – Caution –

After applying the workaround, the only supported URL is https://loadbalancer:port/amserver/UI/Login. It is highly recommended that you access the Access Manager instances directly to perform any administrative tasks rather than accessing them through a load balancer. This workaround was tested on Sun Java Systems Web Server 7.

6476271 

BEA servers do not start up when startup script is not configured properly.

The BEA administration server and managed server instances will not start up if the start up script is not configured properly. When using J2EE Policy Agent 2.2 on BEA Application Server 9.2, you must append the following to the end of the setDomainEnv.sh file:

  • . /usr/local/bea/user_projects/domains/ProtectedResource-1/bin/setAgentEnv_ApplicationServer-1.sh for Protected Resource 1.

  • . /usr/local/bea/user_projects/domains/ProtectedResource-2/bin/setAgentEnv_ApplicationServer-2.sh for Protected Resource 1.

The setDomainEnv.sh file contains the call to commEnv.sh.

6477741 

Exception is thrown when you run the agentadmin utility..

The following exception is thrown when you run the agentadmin utility from the J2EE Policy Agent 2.2 server (BEA Appserver 9.2).


# ./agentadmin --getUuid amadmin user example

Failed to create debug directory 
Failed to create debug directory 
Failed to create debug directory 
Failed to create debug directory 
Failed to create debug directory