test

Technical Note: Deploying Access Manager With Application Server 9.1

Deploying Access Manager 7.1 With Application Server 9.1

Deploy Access Manager 7.1 server using either of these methods, depending on your site requirements:

Use the following table to determine the method you should use.

Site Requirement 

Method 

Access Manager Legacy Mode, including the Legacy Mode Console 

Run the Java ES 5 Update 1 installer either, using the Configure Now or Configure Later option 

Access Manager Realm Mode 

Run the Java ES 5 Update 1 installer 

or 

Deploy the Access Manager 7.1 WAR file 

ampassword application, which is used to reset user passwords

Run the Java ES 5 Update 1 installer 

Installing Access Manager 7.1 Using the Java ES 5 Update 1 Installer

Installing Access Manager 7.1 server with the Java ES 5 Update 1 installer on Application Server 9.1 involves these general steps:

  1. Get the Java ES 5 Update 1 installer. The installer is available in a media kit containing CDs or a DVD, as web download, on a pre-installed system, or from a file server on your network.

  2. Determine the installation mode:

    • Graphical mode: An interactive wizard guides you through a series of choices on installation pages on a graphical workstation.

    • Text-based mode: An interactive command-line installer prompts you for responses in a terminal window.

    • Silent mode: The installer reads input from a state file, which is a text file containing name-value pairs of configuration information. You create a state file by running the installer with the -no and -saveState options. Then, you edit the state file for the specific host server where you plan to install the various Java ES components.

  3. Determine the installer configuration option you plan to use. You can use either of these options to install Access Manager 7.1 when you run the Java ES 5 Update 1 installer.

    • Configure Now: During installation, fully configure Access Manager 7.1 by either choosing configuration values or accepting the default values.

    • Configure Later: During installation, specify only minimal configuration values. Then, configure Access Manager 7.1 by running the amconfig script using configuration values in the amsamplesilent input file (or a copy of the file).

      On Windows systems, the corresponding files are amconfig.bat and AMConfigurator.properties. These files are installed in the javaes-install-dir\identity\setup directory, where javaes-install-dir is the Java ES 5 installation directory. The default value is C:\Program Files\Sun\JavaES5.

      Note: When you run the amconfig script or amconfig.bat to configure Access Manager 7.1 (either the full server or SDK), the Application Server 9.1 web container variables begin with AS81.

  4. Run the installer. For more information, including the detailed steps, see the following documents, depending on your platform:

  5. If you ran the installer with the Configure Later option, run the configuration script (amconfig or amconfig.bat) to configure Access manager 7.1.

    For more information about running these scripts, see Chapter 2, Running the Access Manager amconfig Script, in Sun Java System Access Manager 7.1 Postinstallation Guide.

Deploying an Access Manager 7.1 WAR File With Application Server 9.1

Deploying an Access Manager 7.1 WAR file on Application Server 9.1 involves these steps:

Downloading the Access Manager 7.1 WAR File

The Access Manager 7.1 WAR file (amserver.war) is available as part of the Access Manager 7.1 ZIP file under Identity Management > Access Manager on the following web site:

http://www.sun.com/download/index.jsp

The ZIP file name is AccessManager7_1release.zip, where release specifies the Access Manager release. For example, AccessManager7_1RTM.zip is the initial release of Access Manager 7.1.

The following table describes the files in the Access Manager 7.1 ZIP file. The directory where you unzip the file is represented by zip_root.

Directory 

Description 

zip_root

README describes the contents of the ZIP file.

Software_License_Agt_SLA.txt is the Software License Agreement.

zip_root/applications

README is a brief explanation of the web applications.

amDistAuth.zip contains the files to deploy and configure a Distributed Authentication UI server WAR file (amauthdistui.war).

zip_root/applications/jdk14

Contains the Access Manager 7.1 WAR file (amserver.war) for web containers running under JDK 1.4.x.

zip_root/applications/jdk14/jarFix

Contains the following JAR files required for specific deployments: commons-logging.jar, dom.jar, jaxrpc-api.jar, jaxrpc-ri.jar, xalan.jar, and xercesImpl.jar.

zip_root/applications/jdk15

Contains the Access Manager 7.1 WAR file (amserver.war) for web containers running under JDK 1.5.x.

Use this file to deploy Access Manager 7.1 on Application Server 9.1. 

zip_root/samples

README provides instructions about the Access Manager samples.

zip_root/tools

README describes the contents of the tools ZIP files.

amAdminTools.zip contains:

  • Files to run the Access Manager CLI utilities and scripts such as amadmin, ampassword, amtune and amsfoconfig.

  • Properties files for various locales, including English, French, German, Spanish, Japanese, Korean, Simplified Chinese, and Traditional Chinese.

amSessionTools.zip contains the files to install Sun Java System Message Queue and the Berkeley DB, which then allows you to configure Access Manager session failover.

zip_root/legal

Contains locale specific legal files 

Deploying an Access Manager 7.1 WAR File With Application Server 9.1

ProcedureTo Deploy the Access Manager 7.1 WAR File With Application Server 9.1

Before You Begin

  1. If necessary, create a staging directory for the WAR file. For example:

    # mkdir opt/AccessManagerWAR

    Create a staging directory for these situations:

    • You downloaded and unzipped the Access Manager 7.1 ZIP file on a server other than the server where you plan to deploy Access Manager 7.1

    • You want to customize Access Manager 7.1

  2. If you created a staging directory in Step 1, copy the amserver.war file to that directory.

    Important: For Application Server 9.1. copy the amserver.war file from the zip_root/applications/jdk15 directory.

  3. If you want to customize Access Manager:

    1. Explode the amserver.war file in the staging area. For example:

      # cd opt/AccessManagerWAR
# jar -xvf amserver.war

    2. Modify the exploded files as required for your deployment.

      For example, the files that you can customize include web.xml and related XML files, Java Server Pages (.jsp files), images (.gif files), and style sheets (.css files).

      For more information, see Chapter 10, Updating and Redeploying Access Manager WAR Files, in Sun Java System Access Manager 7.1 Developer’s Guide.

    3. Recreate a new amserver.war file. For example: 

      # cd opt/AccessManagerWAR
# jar -cvf amserver.war *

  4. Deploy the amserver.war file using either the Application Server 9.1 Administration Console or the asadmin deploy command.

    For example, the following asadmin deploy command deploys the amserver.war file on a Solaris system:

    # cd opt/SUNWappserver/appserver/bin
# ./asadmin deploy --user admin --port 4848 
--passwordfile /tmp/pwdfile /opt/AccessManagerWAR/amserver.war

    where:

    /opt/AccessManagerWAR is the directory where the amserver.war file exists.

    /tmp/pwdfile is a password file that contains the administrator password in ASCII text format:

    AS_ADMIN_PASSWORD=password

    For more information, see the deploy command in the Sun Java System Application Server 9.1 Reference Manual. For example, to deploy the WAR file to a different server instance or to a cluster, also include the --target option in the command.

    For information about the Application Server 9.1 Administration Console, see Chapter 3, Deploying an Application, in the Sun Java System Application Server 9.1 Quick Start Guide.

Next Steps

Continue with the Access Manager 7.1 configuration in the following sections.

Configuring Access Manager 7.1 Using the Configurator

The Configurator (configurator.jsp) allows you to configure Access Manager 7.1 after you deploy the amserver.war file.

ProcedureTo Configure Access Manager 7.1 Using the Configurator

Before You Begin

Important: Before you run the Configurator, make sure that the code set in the LANG environment variable is set to ISO8859-1. For example, to set the code set for U.S. English when you are using the sh or ksh shell:


# LANG=en_US.ISO8859-1

  1. Launch the Configurator by specifying the following URL in your browser:

    protocol://host.domain:port/amserver

    For example:

    http://amhost1.example.com:8080/amserver

    Note: If the Access Manager 7.1 instance is already configured successfully, you will be directed to the Access Manager Console login page.

  2. Enter the following values for the Access Manager Settings (or accept the default values).

    The Server Settings are independent of the datastore that you select (File System or Directory Server) to store the Access Manager configuration data.

    Server Settings

    Server URL 

    Host server where you plan to deploy Access Manager. Can be one of the following: 

    • Host name. For example: amhost1

    • Fully qualified domain name (FQDN). For example: http://amhost1.example.com

      If you plan to use the Access Manager client SDK or a policy agent, you must specify the FQDN.

    • localhost

    Default: Host where you are deploying Access Manager. 

    Cookie Domain 

    Name of the trusted DNS domain that Access Manager returns to a browser when it grants a SSO token to a user. Specify a value only if the FQDN is used as the Server URL. For example, if the FQDN for Server URL is http://amhost1.example.com, the default value is .example.com.

    If you selected only the host name or localhost for the Server URL, Cookie Domain is set to blank, and any value you enter is ignored.

    Administrator

    Name 

    amAdmin (read-only)

    Password 

    Access Manager administrator (amAdmin) password. Enter and then retype to confirm the password. The password must be at least 8 characters long.

    General Settings

    Configuration Directory 

    Base directory where the Access Manager configuration data is stored. The base directory applies to either File System or Directory Server, which you select under Configuration Store Settings.

    For example: /am_configuration_data

    Access Manager creates the following files and directories under the Configuration Directory: 

    • AMConfig.properties file

    • serverconfig.xml file

    • LDIF files (if you select Directory Server to store the service configuration data)

    • deploy-uri directory

    • deploy-uri/log directory

    • deploy-uri/stats directory

    • deploy-uri/debug directory

    • deploy-uri/idRepo directory: All users are created under this directory, even if you select Directory Server to store the service configuration data, since it is the default data store.

    • deploy-uri/sms/ directory: Directories for the service configuration schema XML files

    deploy-uri is the Access Manager server deployment URI. The default is /amserver.

    The Access Manager 7.1 instance determines the location of the Configuration Directory using a Bootstrap File.

    Platform Locale 

    Default language subtype for Access Manager. Default: en_US (US English)

    Encryption Key 

    Random number that is used to encrypt passwords. Either accept the default encryption key value or specify a new value. The encryption key should be at least 12 characters long. 

    Access Manager SDK: Use the same password encryption key value for the AM_ENC_PWD variable when you run the amconfig script to configure the Access Manager SDK.

    Multiple server deployment: If you are using the same WAR file to deploy multiple Access Manager instances in a multiple server deployment, you must use the same password encryption key value for each instance.

  3. Select either of the following options to store the Access Manager configuration data:

    Configuration Store Settings

    File System 

    Access Manager stores the service configuration data in directories under the ConfigurationDirectory/amserver/sms directory.

    For example: /am_configuration_data/amserver/sms

    Default is File System. 

    Note: If you use an Access Manager server deployment URI other than amserver, that value is used instead of amserver for the directory name.

    Directory Server 

    Access Manager stores the service configuration data in Sun Java System Directory Server. 

    Directory Server must be installed and running before you deploy the Access Manager 7.1 WAR file. 

    Note: All administrator users are created under the idRepo directory, even if you select Directory Server to store the service configuration data.

  4. If you selected Directory Server in the previous step, provide values for the following settings:

    Server Settings

    Name 

    Fully qualified host name of Directory Server. For example: ds.example.com

    Port 

    Port at which Directory Server is running. Default: 389

    Suffix to store configuration data 

    Initial or root suffix in the directory where Access Manager configuration data will be stored. This value must exist in the Directory Server you are using. For example: dc=ds,dc=example,dc=com

    Directory Server Administrator

    Directory Administrator DN 

    Distinguished Name (DN) of the Directory Server Administrator. Default: cn=Directory Manager

    Password 

    Directory Server administrator password. Enter and then retype to confirm the password. The password must be at least eight characters long. 

    Load User Management Schema 

    Load Access Manager SDK Schema 

    If checked, the Configurator loads the Access Manager SDK schema object classes and attributes from sunone_schema2.ldif, ds_remote_schema.ldif, plugin.ldif, index.ldif and install.ldif into Directory Server.

    Otherwise, the Configurator loads only the Access Manager service management services (SMS) object classes and attributes from the am_sm_ds_schema.ldif file into Directory Server.

  5. Click Configure.

    (To reset all values, click Reset.)

Next Steps

The Configurator configures Access Manager 7.1 and then displays the configuration status:

Note –

If configuration was successful, you cannot reconfigure Access Manager using the Configurator. If you subsequently invoke the Configurator, Access Manager displays either the login page or the Console. If you are already logged in and have a valid session, you are redirected to the console. If you do not have a valid session, Access Manager displays the login page.

Bootstrap File

The bootstrap file is an ASCII text file containing a single entry that specifies the location of the configuration directory for the specific Access Manager 7.1 instance. Each configured Access Manager 7.1 instance on a host server has a unique bootstrap file. When you run the Configurator, a bootstrap file is created with the following name for the specific Access Manager 7.1 instance: 

user-home-directory/AccessManager/AMConfig_deployed-instance-server-path_deploy-uri

Where:

Each time the Access Manager web container is restarted, the Access Manager instance accesses the single WAR bootstrap file to determine the location of its configuration data. If the single WAR bootstrap file is deleted, Access Manager displays the Configurator page instead of the login page, which allows you to reconfigure the Access Manager instance. The value in the bootstrap file is determined from the value you enter in the Configurator Configuration Directory field.