The Java ES installer supports the installation of these subcomponents of Access Manager:
Access Manager SDK is automatically installed as part of Identity Management and Policy Services Core, but the SDK can also be installed separately on a remote host. For information about separate installation of Access Manager SDK, refer to Access Manager SDK Configuration Information
The Identity Management and Policy Services Core subcomponent of Access Manager runs in a web container, usually Web Server or Application Server.
Access Manager can also run in a third-party web container, specifically IBM WebSphere Application Server or BEA WebLogic Server. After installing Access Manager with the Configure Later option, you then run the amconfig script to do postinstallation configuration. You must follow the IBM or BEA documentation to install and configure the third-party web container.
The information that the installer needs is different for each web container:
This section describes the information that the installer needs when Application Server is the web container for the Identity Management and Policy Services Core subcomponent of Access Manager.
Table 3–4 Access Manager With Application Server as Web Container
Label and State File Parameter |
Description |
---|---|
Secure Server Instance Port |
Port on which Application Server listens for connections to the instance. The default value is 8080. If you make a selection that does not correspond to the protocol set earlier for Application Server, an error is displayed. You must resolve the situation before continuing. |
Secure Administrator Server Port |
Port on which the administration server for Application Server listens for connections. The default value is 4849. |
Administrator User ID IS_IAS81_ADMIN |
User ID of the Application Server administrator. The default value is the administrator user ID you provided under Common Server settings. Note: If you chose to use a single administrator account, this field is not present. |
Administrator Password IS_IAS81_ADMINPASSWORD |
The default value is the administrator password you provided under Common Server settings. Note: If you chose to use a single administrator account, this field is not present. Note: In the Java ES installer, white space cannot be used in admin passwords, nor can the following symbols: ; & ( ) ! | < > ' “ $ ^ \ # / , @ % |
This section describes the information that the installer needs when Web Server is the web container for the Identity Management and Policy Services Core subcomponent of Access Manager.
Table 3–5 Access Manager With Web Server as Web Container
Label and State File Parameter |
Description |
---|---|
Host Name |
The fully qualified domain name for the host. For example, if this host is siroe.example.com, this value is siroe.example.com. The default value is the fully qualified domain name for the current host. |
IS_WS_ADMIN_ID |
User ID of the Web Server administrator. The default value is the administrator user ID you provided under Common Server settings. Note: If you chose to use a single administrator account, this field is not present. |
IS_WS_ADMIN_PASSWORD |
Password of the Web Server master administrator. The default value is the administrator password you provided under Common Server settings. Note: If you chose to use a single administrator account, this field is not present. Note: In the Java ES installer, white space cannot be used in admin passwords, nor can the following symbols: ; & ( ) ! | < > ' “ $ ^ \ # / , @ % |
IS_WS_DOC_DIR |
Directory where Web Server stores content documents. Solaris OS: /var/opt/SUNWwbsvr7/https-hostname.domain/docs Linux and HP-UX: /var/opt/sun/webserver7/https-hostname.domain/docs |
Web Server Port |
Port on which Web Server administration instance listens for HTTPS connections. If this port is in use, you are presented with a choice of available ports. Default value is 80. |
Web Server Instance Directory |
Path to the directory where an instance of Web Server is installed, using the following syntax: WebServer-base/https-webserver-instancename If you are installing Web Server in this session, the default value for WebServer-base is the Web Server instance directory: Solaris OS: /var/opt/SUNWwbsvr7 Linux and HP-UX: /var/opt/sun/webserver7 |
IS_WS_PROTOCOL |
Protocol specified for Web Server to listen on the Web Server port. A secure port uses the HTTPS protocol. A non-secure port uses HTTP. The default value is HTTP. |
The installer needs different information about Access Manager services for the following Access Manager subcomponents.
This section describes the services information that the installer needs when you are specifying web container details.
Table 3–6 Access Manager Services Information for Specifying Web Container
Label and State File Parameter |
Description |
---|---|
Host Name |
Fully qualified domain name of the host on which you are installing Java ES. The default value is the fully qualified domain name of the local host. |
Services Deployment URI |
Uniform Resource Identifier (URI) prefix for accessing the HTML pages, classes, and JAR files associated with the Identity Management and Policy Services Core subcomponent. This URI is used to access the realm (Access Manager 7.x compatible) console. The default value is amserver. Do not enter a leading slash. |
Common Domain Deployment URI |
URI prefix for accessing the common domain services on the web container. The default value is amcommon. Do not enter a leading slash. |
Cookie Domain |
The names of the trusted DNS domains that Access Manager returns to a browser when Access Manager grants a session ID to a user. You can scope this value to a single top-level domain, such as example.com . The session ID will provide authentication for all subdomains of example.com. Alternatively, you can scope the value to a comma-separated list of subdomains, such as .corp.example.com,.sales.example.com. The session ID will provide authentication for all subdomains in the list. A leading dot (.) is required for each domain in the list. The default value is the current domain, prefixed by a dot (.). |
Password Deployment URI |
URI that determines the mapping that the web container running Access Manager will use between a string you specify and a corresponding deployed application. This is the URI for the Access Manager password reset service. The default value is ampassword. Do not enter a leading slash. |
CONSOLE_PROTOCOL |
Protocol specified for Web Server to listen on the Web Server port. A secure port uses the HTTPS protocol. A non-secure port uses HTTP. The default value is HTTP. |
This section describes the services information the installer needs for the Access Manager console.
Table 3–7 Access Manager Services Information for Access Manager Console
This section describes the services information the installer needs when the following are both true:
You are installing only the Access Manager Administration Console subcomponent.
The Identity Management and Policy Services Core subcomponent is already installed on the same host.
You can only install AM Console by itself in Realm mode (Access Manager 7.x compatible). This cannot be done in Legacy mode (6.x compatible).
Label and State File Parameter |
Description |
---|---|
Console Deployment URI |
URI prefix for accessing the HTML pages, classes and JAR files associated with the Access Manager Legacy mode (Access Manager 6.x compatible) console. Only applies to Legacy mode. The default value is amconsole. If AM_REALM is enabled (setting Realm mode 7.x), then CONSOLE_DEPLOY_URI is ignored. |
Password Services Deployment URI |
URI that determines the mapping that the web container running Access Manager will use between a string you specify and a corresponding deployed application. This is the URI for the Access Manager password reset service. The default value is ampassword. Do not enter a leading slash. |
This section describes the services information the installer needs when the following are both true:
You are installing only the Access Manager Administration Console subcomponent.
The Identity Management and Policy Services Core subcomponent is not installed on the same host.
Label and State File Parameter |
Description |
---|---|
Web Container for Access Manager Administration Console |
|
Console Host Name |
Fully qualified domain name for the host on which you are installing. |
Console Deployment URI |
URI prefix for accessing the HTML pages, classes and JAR files associated with the Access Manager Legacy mode (Access Manager 6.x compatible) Console. Only applies to Legacy mode. The default value is amconsole. If AM_REALM is enabled (setting Realm mode 7.x), then CONSOLE_DEPLOY_URI is ignored. |
Password Services Deployment URI |
Deployment URI for the password service. The default value is ampassword. Do not enter a leading slash. |
Web Container for Access Manager Services |
|
Services Host Name |
Fully qualified domain name of the host where the Identity Management and Policy Services Core subcomponent is installed. The default value is the fully qualified domain name of this host. Use the default value as an example of format only, and edit the value to supply the correct remote host name. In a state file, supply the fully qualified domain name of a remote host. |
Port |
Port on which the Identity Management and Policy Services Core subcomponent listens for connections. This port is the HTTP or HTTPS port used by the web container. |
Services Deployment URI |
URI prefix for accessing the HTML pages, classes, and JAR files associated with the Identity Management and Policy Services Core subcomponent. This URI is used to access the realm (Access Manager 7.x compatible) console. The default value is amserver. Do not enter a leading slash. |
Cookie Domain |
The names of the trusted DNS domains that Access Manager returns to a browser when Access Manager grants a session ID to a user. You can scope this value to a single top-level domain, such as example.co m. The session ID will provide authentication for all subdomains of example.com. Alternatively, you can scope the value to a comma-separated list of subdomains, such as .corp.example.com. The session ID will provide authentication for all subdomains in the list. A leading dot (.) is required for each domain. The default value is the current domain, prefixed by a dot (.). |
This section describes the services information the installer needs when you are installing only the Common Domain Services for Federation Management subcomponent.
Table 3–10 Access Manager Services Information for Installing Federation Management (Core Already Installed)
Label and State File Parameter |
Description |
---|---|
Common Domain Deployment URI |
URI prefix for accessing the common domain services on the web container. The default value is amcommon. Do not enter a leading slash. |
The installer needs the following information if you are installing Identity Management and Policy Services Core.
Table 3–11 Directory Server Information for Access Manager
Label and State File Parameter |
Description |
---|---|
Directory Server Host |
A host name or value that resolves to the host on which Directory Server resides. The default value is the fully qualified domain name of the local host. For example, if the local host is siroe.example.com, the default value is siroe.example.com. |
Directory Server Port |
Port on which Directory Server listens for client connections. The default value is 389. |
Access Manager Directory Root Suffix |
Distinguished name (DN) to set as the Access Manager root suffix. The default value is based on the fully qualified domain name for this host, minus the host name. For example, if this host is siroe.subdomain.example.com, the value is dc=subdomain,dc=example,dc=com. |
Directory Manager DN IS_DIRMGRDN |
DN of the user who has unrestricted access to Directory Server. The default value is cn=Directory Manager. |
Directory Manager Password |
Password for the Directory Manager. |
The information needed to configure a provisioned directory depends on whether the installer detects an existing provisioned directory on your host. When the installer is generating a state file, IS_EXISTING_DIT_SCHEMA=y is written to the state file if the installer finds an existing provisioned directory. The installer writes IS_EXISTING_DIT_SCHEMA=n to the state file if the installer does not find an existing provisioned directory.
If the installer finds an existing provisioned directory, you provide the following information.
Table 3–12 Existing Provisioned Directory Information for Access Manager
Label and State File Parameter |
Description |
---|---|
User Naming Attribute IS_USER_NAMING_ATTR |
Naming attribute used for users in the provisioned directory. The default value is uid. |
If the installer does not find an existing provisioned directory, you can choose whether to use an existing provisioned directory. If you answer yes to the first question in this table, you must answer the remaining questions in the table.
Table 3–13 No Existing Provisioned Directory Information for Access Manager
Label and State File Parameter |
Description |
---|---|
Is Directory Server provisioned with user data? |
Specifies whether you want to use an existing provisioned directory. Permitted values are y or n. The default value is n. |
Organization Marker Object Class |
Object class defined for the organization in the existing provisioned directory. This value is used only if the value for the first item in this table is y. The default value is SunISManagedOrganization. |
Organization Naming Attribute |
Naming attribute used to define organizations in the existing provisioned directory. This value is used only if the value for the first item in this table is y. The default value is o. |
User Marker Object Class |
Object class defined for users in the existing provisioned directory. This value is used only if the value for the first item in this table is y. The default value is inetorgperson. |
User Naming Attribute |
Naming attribute used for users in the existing provisioned directory. This value is used only if the value for the first item in this table is y. The default value is uid. |