The encryption key used in this procedure must be identical to the encryption key used in the procedure To Configure Access Manager 1. If you did not save the encryption key, it can be found as the value of the am.encryption.pwd property in the /export/am71adm/config/AMConfig.properties file on the Access Manager 1 host machine.
This constraint is particular to this deployment example only.
Access http://AccessManager-2.example.com:1080/amserver from a web browser.
The Access Manager Configurator page is displayed for first time access.
Provide the following information on the Configurator page.
4m4dmin1
4m4dmin1
/export/am71adm/config
PXXdT8Sf+ubQwxUhB+/R37LVBrJFYNnhR
Be sure this value is copied from Access Manager 1. See To Configure Access Manager 1.
Choose Directory Server.
It is a common mistake to accept the default value here. Be sure to choose Directory Server.
LoadBalancer-1.example.com
389
dc=example,dc=com
cn=Directory Manager
d1rm4n4ger
d1rm4n4ger
Do not mark the box with a check. The user management schema was loaded into Directory Server when you configured Access Manager 1.
Click Configure.
When configuration is complete, you are redirected to the Access Manager login page.
Log in to the Access Manager console as the administrator.
amadmin
4m4dmin1
If authentication succeeds, Access Manager has successfully accessed the Directory Server load balancer. You should see the example realm in the Realm page.
Click the example realm name.
You should see three values in the Realms/DNS Aliases List.
accessmanager-1.example.com
accessmanager-2.example.com
example
Log out of the Access Manager console.
(Optional) To verify that the config directory and the supporting bootstrap directory have been created with the proper permissions, do the following.
As a root user, log in to the AccessManager–2 host machine.
Examine the file system.
# cd /export/am71adm # ls -al total 62262 drwxr-xr-x 6 am71adm staff 512 Jul 19 11:46 . drwxr-xr-x 5 root sys 512 Jul 19 10:30 .. -rw-r--r-- 1 am71adm staff 144 Jul 19 10:30 .profile drwx------ 3 am71adm staff 512 Jul 19 10:40 .sunw -rw-r--r-- 1 am71adm staff 566 Jul 19 11:06 .wadmtruststore -rw-r--r-- 1 am71adm staff 31834862 Jul 19 10:56 amserver.war drwxr-xr-x 3 am71adm staff 512 Jul 19 11:46 bootstrap drwxr-xr-x 3 am71adm staff 512 Jul 19 11:46 config -rw-r--r-- 1 am71adm staff 136 Jul 19 10:30 local.cshrc -rw-r--r-- 1 am71adm staff 157 Jul 19 10:30 local.login -rw-r--r-- 1 am71adm staff 174 Jul 19 10:30 local.profile |
amserver.war and the bootstrap and config files are all in this directory, and owned by non-root user am71adm.
Log out of the AccessManager–2 host machine.
If you cannot login successfully, try the fully qualified name for the user amadmin. If you can authenticate using the fully qualified name, you can focus on issues other than authentication and login. In the /export/am71adm/config/AMConfig.properties file, the value of com.sun.identity.authentication.super.user is the fully qualified name for amadmin; in this example, uid=amAdmin,ou=People,dc=example,dc=com.