In the Apache Tomcat 6.0 instance, add the appropriate users and roles to the administration web application's web.xml file as described in this task. This task is similar to the preceding task in that the two tasks both apply to Access Manager 6.3 Patch 1 or greater and Access Manager 7. Use the information in this task that applies to your site's deployment.
Change to the following directory:
$CATALINA_HOME/server/webapps/admin/WEB-INF
Open the web.xml file.
Retrieve user and role information for the Administrator role using the appropriate method according to the version of Access Manager you are configuring:
Use Universal ID for identification information.
Use DN for identification information.
Delete the Administrator security role.
This role is defined in the <role-name> element under the <security-role> element.
Create a new Administrator security role using the user and role information created previously in Access Manager as described in To Create and Assign Access Manager Roles.
The following examples demonstrate how to create a new Administrator security role for Access Manager 7 and Access Manager 6.3 Patch 1 or greater.
Security Role Element for Access Manager 7
For this example, the following values apply to the universal ID for the Administrator role in Access Manager 7, where realmName is a representation of organization name:
id=admin
ou=role
dc=subexample,dc=example,dc=com
The preceding values are used in the following example of a universal ID for the Administrator role in Access Manager 7:
id=admin,ou=role,dc=subexample,dc=example,dc=com
The following is an example of a security role element, given the preceding universal ID information for the Administrator role in Access Manager 7:
<security-role> <role-name>id=admin,ou=role,dc=subexample,dc=example,dc=com</role-name> </security-role>
Security Role Element for Access Manager 6.3 Patch 1 or Greater
The following is an example of a role DN for the Administrator role in Access Manager 6.3 where the organization is represented by dc=subexample,dc=example,dc=com:
cn=admin,ou=groups,dc=subexample,dc=example,dc=com
The following is an example of a security role element given the preceding DN information for the Administrator role in Access Manager 6.3:
<security-role> <role-name>cn=admin,ou=groups,dc=subexample,dc= example,dc=com</role-name></security-role>
Replace the Administrator role defined in the <role-name> element under the <auth-constraint> element.
This Administrator role should be replaced with the contents of the <role-name> element as described in the previous step and demonstrated as follows:
Administrator Role for Access Manager 7
After the Administrator role definition has been replaced, the <auth-constraint> element for the Administrator role in Access Manager 7 for the dc=subexample,dc=example,dc=com realm would appear as such:
<auth-constraint> <role-name>id=admin,ou=role,dc=subexample,dc=example,dc=com</role-name> </auth-constraint>
Administrator Role for Access Manager 6.3 Patch 1 or Greater
After the Administrator role definition has been replaced, the <auth-constraint> element for the Administrator role in Access Manager 6.3 for the dc=subexample,dc=example,dc=com organization would appear as such:
<auth-constraint> <role-name>cn=admin,ou=groups,dc=subexample,dc=example,dc=com</role-name> </auth-constraint>