To Configure Access Manager 2

The encryption key used in this procedure must be identical to the encryption key used in the procedure To Configure Access Manager 1. If you did not save the encryption key, it can be found as the value of the am.encryption.pwd property in the /export/am71adm/config/AMConfig.properties file on the Access Manager 1 host machine.

This constraint is particular to this deployment example only.

1. Access http://AccessManager-2.example.com:1080/amserver from a web browser.

   The Access Manager Configurator page is displayed for first time access.

2. Provide the following information on the Configurator page.

   Administrator: Password

   4m4dmin1

   Administrator: Retype Password:

   4m4dmin1

   General Settings: Configuration Directory:

   /export/am71adm/config

   General Settings: Encryption Key:

   PXXdT8Sf+ubQwxUhB+/R37LVBrJFYNnhR

   ---

   Caution –

   Be sure this value is copied from Access Manager 1. See To Configure Access Manager 1.

   ---

   Configuration Store Settings: Type:

   Choose Directory Server.

   ---

   Caution –

   It is a common mistake to accept the default value here. Be sure to choose Directory Server.

   ---

   Server Settings: Name:

   LoadBalancer-1.example.com

   Server Settings: Port:

   389

   Server Settings: Suffix to store configuration data:

   dc=example,dc=com

   Directory Server Administrator: Directory Administrator DN:

   cn=Directory Manager

   Directory Server Administrator: Password:

   d1rm4n4ger

   Directory Server Administrator: Retype Password:

   d1rm4n4ger

   Load User Management Schema:

   ---

   Caution –

   Do not mark the box with a check. The user management schema was loaded into Directory Server when you configured Access Manager 1.

   ---

3. Click Configure.

   When configuration is complete, you are redirected to the Access Manager login page.

4. Log in to the Access Manager console as the administrator.

   User Name:

   amadmin

   Password:

   4m4dmin1

   If authentication succeeds, Access Manager has successfully accessed the Directory Server load balancer. You should see the example realm in the Realm page.

5. Click the example realm name.

   You should see three values in the Realms/DNS Aliases List.

   • accessmanager-1.example.com

   • accessmanager-2.example.com

   • example

6. Log out of the Access Manager console.

7. (Optional) To verify that the config directory and the supporting bootstrap directory have been created with the proper permissions, do the following.

   1. As a root user, log in to the AccessManager–2 host machine.

   2. Examine the file system.

      # cd /export/am71adm # ls -al total 62262 drwxr-xr-x 6 am71adm staff 512 Jul 19 11:46 . drwxr-xr-x 5 root sys 512 Jul 19 10:30 .. -rw-r--r-- 1 am71adm staff 144 Jul 19 10:30 .profile drwx------ 3 am71adm staff 512 Jul 19 10:40 .sunw -rw-r--r-- 1 am71adm staff 566 Jul 19 11:06 .wadmtruststore -rw-r--r-- 1 am71adm staff 31834862 Jul 19 10:56 amserver.war drwxr-xr-x 3 am71adm staff 512 Jul 19 11:46 bootstrap drwxr-xr-x 3 am71adm staff 512 Jul 19 11:46 config -rw-r--r-- 1 am71adm staff 136 Jul 19 10:30 local.cshrc -rw-r--r-- 1 am71adm staff 157 Jul 19 10:30 local.login -rw-r--r-- 1 am71adm staff 174 Jul 19 10:30 local.profile

      amserver.war and the bootstrap and config files are all in this directory, and owned by non-root user am71adm.

   3. Log out of the AccessManager–2 host machine.

Troubleshooting

If you cannot login successfully, try the fully qualified name for the user amadmin. If you can authenticate using the fully qualified name, you can focus on issues other than authentication and login. In the /export/am71adm/config/AMConfig.properties file, the value of com.sun.identity.authentication.super.user is the fully qualified name for amadmin; in this example, uid=amAdmin,ou=People,dc=example,dc=com.