The encryption key used in this procedure must be identical to the encryption key used in the procedure To Configure Access Manager 2. You should therefore save the encryption key from this procedure for easy access when you are configuring Access Manager 2.
This constraint is particular to this deployment example only.
Access http://AccessManager-1.example.com:1080/amserver from a web browser.
The Access Manager Configurator page is displayed for first time access.
Provide the following information on the Configurator page.
4m4dmin1
4m4dmin1
/export/am71adm/config
The value is PXXdT8Sf+ubQwxUhB+/R37LVBrJFYNnhR.
Copy the value from this field, and save it for use in To Configure Access Manager 2.
Choose Directory Server.
It is a common mistake to accept the default value here. Be sure to choose Directory Server.
LoadBalancer-1.example.com
389
dc=example,dc=com
cn=Directory Manager
d1rm4n4ger
d1rm4n4ger
Click the box to mark it.
Click Configure.
When configuration is complete, you are redirected to the Access Manager login page.
Log in to the Access Manager console as the administrator.
amadmin
4m4dmin1
If authentication succeeds, Access Manager has successfully accessed the Directory Server load balancer. You should see the example realm in the Realm page.
Log out of the Access Manager console.
(Optional) To verify that the Access Manager schema was successfully loaded into the configuration data instance on the DirectoryServer–1 host machine do the following.
As a root user, log in to the DirectoryServer–1 host machine.
Run ldapsearch.
# ldapsearch -p 1389 -b "dc=example,dc=com" -D "cn=Directory Manager" -w d1rm4n4ger "(objectclass=*)" |
You should see a number of entries for Access Manager administrators and special users.
Log out of the DirectoryServer–1 host machine.
(Optional) To verify that the config directory and the supporting bootstrap directory have been created with the proper permissions, do the following.
As a root user, log in to the AccessManager–1 host machine.
Examine the file system.
# cd /export/am71adm # ls -al total 62262 drwxr-xr-x 6 am71adm staff 512 Jul 19 11:46 . drwxr-xr-x 5 root sys 512 Jul 19 10:30 .. -rw-r--r-- 1 am71adm staff 144 Jul 19 10:30 .profile drwx------ 3 am71adm staff 512 Jul 19 10:40 .sunw -rw-r--r-- 1 am71adm staff 566 Jul 19 11:06 .wadmtruststore drwxr-xr-x 16 am71adm staff 512 Jul 19 10:47 am-staging -rw-r--r-- 1 am71adm staff 31834862 Jul 19 10:56 amserver.war drwxr-xr-x 3 am71adm staff 512 Jul 19 11:46 bootstrap drwxr-xr-x 3 am71adm staff 512 Jul 19 11:46 config -rw-r--r-- 1 am71adm staff 136 Jul 19 10:30 local.cshrc -rw-r--r-- 1 am71adm staff 157 Jul 19 10:30 local.login -rw-r--r-- 1 am71adm staff 174 Jul 19 10:30 local.profile |
The config directory and the bootstrap directory were created, and are owned by non-root user am71adm.
Log out of the AccessManager–1 host machine.
If you cannot login successfully, try the fully qualified name for the user amadmin. If you can authenticate using the fully qualified name, you can focus on issues other than authentication and login. In the /export/am71adm/config/AMConfig.properties file, the value of com.sun.identity.authentication.super.user is the fully qualified name for amadmin; in this example, uid=amAdmin,ou=People,dc=example,dc=com.