Access Manager 7.1 Patch 1 Single WAR Deployment

Sun provides patch functionality for Access Manager 7.1 WAR deployments on all platforms in patch 140504, which is available on http://sunsolve.sun.com/. See the patch README file for more information. (For consistency with other Access Manager 7.1 patches, “02” is the first release of this patch.)

This section describes new features, installation instructions and known problems for Access Manager 7.1 patch 1 single WAR deployment.

New Container Versions Supported

The Access Manager 7.1 patch 1 now supports the following containers:

• IBM WebSphere Application Server 6.1

• BEA WebLogic Server 9.2

The version of Access Manager single web-application (WAR) supported on these containers is located in zip_install_directory/applications/jdk14. zip_install_directory is the directory to which you downloaded the .ZIP file for the WAR.

Even though WebLogic 9.2 is compatible with Sun's JDK version 1.5_04, not all of the classes required by Access Manager are present. Access Manager single web-application, when deployed from zip_install_directory/applications/jdk15, will result in exceptions thrown of missing classes. The deployment succeeds and the console is accessible, but this causes issues with the clients. In general, zip_install_directory/applications/jdk14 should be used for non-Sun or third party containers, even if their run time environment is JDK 1.5.x.

Considerations for Single WAR Deployment with WebSphere 6.1

After you obtain the Access Manager 7.1 patch 1 single WAR, see Adding Access Manager Permissions to the Server Policy File in Sun Java System Access Manager 7.1 Postinstallation Guide for information on configuring the permissions to the server policy file for the web container on which Access Manager will be deployed.

In addition to the policy changes, follow the steps described in Deploying an Access Manager 7.1 WAR File in IBM WebSphere Application Server in Sun Java System Access Manager 7.1 Postinstallation Guide.

Considerations for Single WAR Deployment with Weblogic 9.2

For BEA WebLogic Server 9.2, the following JVM property needs to be added in the BEA WebLogic Server instance start script, startWebLogic.sh:

JAVA_OPTIONS= "-Djavax.xml.soap.MessageFactory=com.sun.xml.

messaging.saaj.soap.ver1_1.SOAPMessageFactory1_1Impl"

After you obtain the Access Manager 7.1 patch 1 single WAR, see Adding Access Manager Permissions to the Server Policy File in Sun Java System Access Manager 7.1 Postinstallation Guide for information on configuring the permissions to the server policy file for the web container on which Access Manager will be deployed.

Applying Patch 1 for Single WAR Deployment

The application of patch 1 is required if you already have an RTM version of the Access Manager single web-application deployed and wish to redeploy the Access Manager patch 1 web application. If there is no prior deployment of Access Manager, then Access Manager single web-application (WAR) provided under the zip_install_dir/applications directory can be used.

The patch is provided in a separate directory, zip_install_dir/patch. In this directory, there is a README provided with instructions on running the patch utility.

The patch utility and related files provided in the ZIP file are only for applying the patch to Access Manager single web-application downloaded from the SUN's download site. This patch will not operate with the Access Manager single WAR web-application generated by using the Java Enterprise Systems 5 “Configure Later” option with DEPLOY_LEVEL=10.

After you have successfully applied the patch, copy the following property in the configured instance's AMConfig.properties file and then restart the container:

com.sun.identity.url.readTimeout=30000

This patch does not support the patch application to the JavaEE SDK Access Manager WAR file.

Known Issues with Patch 1 WAR Deployment

This section lists the known issues with the Access Manager 7.1 patch 1 WAR deployment.

Modifying SAML source ID in WAR deployment for Access Manager 7.1 Patch 1 (CR 6582972)

This issue will only occur when you already have a RTM version of Access Manager single web-application deployed and would now want to redeploy Access Manager patch 1 web-application. After you have successfully un-deployed the RTM version of Access Manager and redeployed the patch 1 version of Access Manager, follow the steps outlined under the "Workaround" section. If you are deploying Access Manager patch 1 web-application without any prior installation of Access Manager in your environment, then the outlined workaround is not required. Additionally, this workaround is applicable only when using SAML v.1.

Workaround

1. Extract the Access Manager 7.1 patch 1 ZIP file into a directory, for example am71_patch1_dir.

2. Run the following command to generate the SAML source ID:

   java --classpath am71_patch1_dir/sdk/amclientsdk.jar com.sun.identity.saml.common.SAMLSiteID/server_protocol://server_host:server_port/server_deploy_uri

   A Base64 encoded SAML source ID is displayed. Keep this display open.

3. Log into the Access Manager console as the top-level administrator.

4. Go to Federation > SAML > Site Identifiers and click the Instance ID link for the server

5. In the Site ID field, replace the old value (SAML_SITEID) with the source ID generated in the previous step and click Save when finished.

6. Click Save again.

amAdmin from amAdminTools.zip Single WAR does not work with IBM JDK WebSphere 6.1 (CR 6618861)

Currently there is no support to run Access Manager's CLI tools with a non-Sun JDK.