The Servers and Sites configuration attributes allow for centralized configuration management of sites and servers for the entire deployment.
Multiple (two or more) OpenSSO Enterprise instances can be deployed on at least two different host servers. For example, you might deploy two instances on one server and a third instance on another server. Or you might deploy all instances on different servers. You can also configure the OpenSSO Enterprise instances in session failover mode, if required for your deployment.
One or more load balancers route client requests to the various OpenSSO Enterprise instances. You configure each load balancer according to your deployment requirements (for example, to use round-robin or load average) to distribute the load between the OpenSSO Enterprise instances. A load balancer simplifies the deployment, as well as resolves issues such as a firewall between the client and the back-end OpenSSO Enterprise servers. You can use a hardware or software load balancer with your OpenSSO Enterprise deployment. All OpenSSO Enterprise instances access the same Directory Server.
If you make any changes to the configuration attributes for Servers and Sites, either through the console or the command line interface, you must restart the web container on which OpenSSO Enterprise is deployed for the changes to take effect.
An entry for each server is automatically created in the server list when the OpenSSO Enterprise Configurator is run for server configuration. Under normal circumstances, these steps should not be required.
Log into the OpenSSO Enterprise console as the top-level administrator.
Click the Configuration tab and then click Sites and Servers.
Click New in the Servers list.
Enter the FQDN of the server that you wish to add and click OK.
The FQDN should be in the format of http(s)://host.domain:port/uri.
The newly created server instance appears in the list.
To edit the server, click on the name of the server. The configuration attributes for the server are available for you to customize.
The Default Server Settings are the set of default values for server instances. Each server instance needs to have a minimum set of properties values and most of the properties values, depending on your deployment, can be the same for all server instance. This setting allows you to enter the basic properties in one place, without having to change hem for each additional server instance.
These default values can be overwritten. This done by clicking on the Inheritance Settings button, located at the top of the server instance profile page. After this button is clicked, the console displays a page where you can select and deselect which values to inherit or overwrite.
The Inheritance Settings allow you to select which default values can be overwritten for each server instance. Make sure that the attributes that you wish to define for the server instance are unchecked, and then click Save.
The General attributes configure basic configuration data for your centralized server management.
The site attribute is:
This attribute maps the load balancer Site Name (site ID) to the OpenSSO Enterprise server. Note that the site must be created before you can add the site.
The system attributes list location information for the server instance:
Specifies the base directory where product's data resides.
The locale value is the default language subtype that OpenSSO Enterprise was installed with. The default is en_us.
The location of notification service end point. This value is set during installation.
Default value is no. Determines if validation is required when parsing XML documents using the OpenSSO Enterprise XMLUtils class. This property is in effect only when value for the Debug Level attribute is set to warning or message. Allowable values are yes and no. The XML document validation is turned on only if the value for this property yes, and if value for Debug Level attribute is set to warning or message.
The Debugging attributes list basic error checking information:
Specifies debug level. Default value is error. Possible values are:
off — No debug file is created.
error — Only error messages are logged.
warning — Only warning messages are logged.
message — Error, warning, and informational messages are logged.
If set to on, the server directs all debug data to a single file (debug.out). If set to OFF, the server creates separate per-component debug files.
Specifies the output directory where debug files will be created. Value is set during installation. Example: OpenSSO-deploy-base/uri/debug.
The Mail Server attributes list the host name and port for the mail server:
Default value is localhost. Specifies the mail server host.
Default value is 25. Specifies the mail server port.
The Security attributes define encryption, validation and cookie information to control the level of security for the server instance.
The encryption attributes are:
Specifies the key used to encrypt and decrypt passwords and is stored in the Service Management System configuration. Value is set during installation. Example: dSB9LkwPCSoXfIKHVMhIt3bKgibtsggd
The shared secret for application authentication module. Value is set during installation. Example: AQICPX9e1cxSxB2RSy1WG1+O4msWpt/6djZl
Default value is com.iplanet.services.util.JCEEncryption. Specifies the encrypting class implementation. Available classes are: com.iplanet.services.util.JCEEncryption and com.iplanet.services.util.JSSEncryption.
Default value is com.iplanet.am.util.JSSSecureRandomFactoryImpl. Specifies the factory class name for SecureRandomFactory. Available implementation classes are: com.iplanet.am.util.JSSSecureRandomFactoryImpl which uses JSS, and com.iplanet.am.util.SecureRandomFactoryImpl which uses pure Java.
The validation attributes are:
Default value is 16384 or 16k. Specifies the maximum content-length for an HttpRequest that OpenSSO Enterprise will accept.
Default value is NO. Specifies whether or not the IP address of the client is checked in all SSOToken creations or validations.
The cookie attributes are:
Default value is iPlanetDirectoryPro. Cookie name used by Authentication Service to set the valid session handler ID. The value of this cookie name is used to retrieve the valid session information.
Allows the OpenSSO Enterprise cookie to be set in a secure mode in which the browser will only return the cookie when a secure protocol such as HTTP(s) is used. Default value is false.
This property allows OpenSSO Enterprise to URLencode the cookie value which converts characters to ones that are understandable by HTTP.
The following attributes allow you to configure keystore information for additional sites and servers that you create:
Value is set during installation. Example: OpenSSO-deploy-base/URI/keystore.jks. Specifies the path to the SAML XML keystore password file.
Value is set during installation. Example: OpenSSO-deply-base/URI/.storepass. Specifies the path to the SAML XML key storepass file.
Value is set during installation. Example: OpenSSO-deploy-base/URI/.keypass Specifies the path to the SAML XML key password file.
Default value is test.
These attributes define the local Certificate Revocation List (CRL) caching repository that is used for keeping the CRL from certificate authorities. Any service that needs to obtain a CRL for certificate validation will receive the CRL based on this information.
Specifies the name of the LDAP server where the certificates are stored. The default value is the host name specified when OpenSSO Enterprise was installed. The host name of any LDAP Server where the certificates are stored can be used.
Specifies the port number of the LDAP server where the certificates are stored. The default value is the port specified when OpenSSO Enterprise was installed. The port of any LDAP Server where the certificates are stored can be used.
Specifies whether to use SSL to access the LDAP server. The default is that the Certificate Authentication service does not use SSL for LDAP access.
Specifies the bind DN in the LDAP server.
Defines the password to be used for binding to the LDAP server. By default, the amldapuser password that was entered during installation is used as the bind user.
This attribute specifies the base DN used by the LDAP Users subject in the LDAP server from which to begin the search. By default, it is the top-level realm of the OpenSSO Enterprise installation base.
Any DN component of issuer's subjectDN can be used to retrieve a CRL from a local LDAP server. It is a single value string, like, "cn". All Root CAs need to use the same search attribute.
The Online Certificate Status Protocol (OCSP) enables OpenSSO Enterprise services to determine the (revocation) state of a specified certificate. OCSP may be used to satisfy some of the operational requirements of providing more timely revocation information than is possible with CRLs and may also be used to obtain additional status information. An OCSP client issues a status request to an OCSP responder and suspends acceptance of the certificate in question until the responder provides a response.
This attribute enables OCSP checking. It is enabled by default.
This attribute defines is a URL that identifies the location of the OCSP responder. For example, http://ocsp.example.net:80.
By default, the location of the OCSP responder is determined implicitly from the certificate being validated. The property is used when the Authority Information Access extension (defined in RFC 3280) is absent from the certificate or when it requires overriding.
The OCSP responder nickname is the CA certificate nick name for that responder, for example Certificate Manager - sun. If set, the CA certificate must be presented in the web server's certificate database. If the OCSP URL is set, the OCSP responder nickname must be set also. Otherwise, both will be ignored. If they are not set, the OCSP responder URL presented in user's certificate will be used for OCSP validation. If the OCSP responder URL is not presented in user's certificate, no OCSP validation will be performed.
Under the Information Technology Management Reform Act (Public Law 104-106), the Secretary of Commerce approves standards and guidelines that are developed by the National Institute of Standards and Technology (NIST) for Federal computer systems. These standards and guidelines are issued by NIST as Federal Information Processing Standards (FIPS) for use government-wide. NIST develops FIPS when there are compelling Federal government requirements such as for security and interoperability and there are no acceptable industry standards or solutions.
This property can be true or false. All the cryptography operations will be running FIPS compliant mode only if it is true.
The session attributes allow you to configure session information for a additional site and server instances.
The following attributes set server session limits:
Default value is 5000. Specify the maximum number of allowable concurrent sessions. Login sends a Maximum Sessions error if the maximum concurrent sessions value exceeds this number.
Default value is 3. Specifies the number of minutes after which the invalid session will be removed from the session table if it is created and the user does not login. This value should always be greater than the timeout value in the Authentication module properties file.
Default value is 0. Specifies the number of minutes to delay the purge session operation. After a session times out, this is an extended time period during which the session continues to reside in the session server. This property is used by the client application to check if the session has timed out through SSO APIs. At the end of this extended time period, the session is destroyed. The session is not sustained during the extended time period if the user logs out or if the session is explicitly destroyed by an OpenSSO Enterprise component. The session is in the INVALID state during this extended period.
The following attributes set statistical configuration:
Default value is 60. Specifies number of minutes to elapse between statistics logging. Minimum is 5 seconds to avoid CPU saturation. OpenSSO Enterprise assumes any value less than 5 seconds to be 5 seconds.
Default value is file. Specifies location of statistics log. Possible values are:
off — No statistics are logged.
file — Statistics are written to a file under the specified directory.
console — Statistics are written into Web Server log files.
Value is set during installation. Example: OpenSSO Enterprise-base/server-URI/stats. Specifies directory where debug files are created.
Default value is false. Enables or disables host lookup during session logging.
The following attributes set notification configuration:
Default value is 10. Defines the size of the pool by specifying the total number of threads.
Default value is 100. Specifies the maximum task queue length. When a notification task comes in, it is sent to the task queue for processing. If the queue reaches the maximum length, further incoming requests will be rejected along with a ThreadPoolException, until the queue has a vacancy.
The following attribute sets validation configuration:
Default value is true. Compares the Agent DN. If the value is false, the comparison is case-sensitive.
The SDK attributes set configuration definitions for the back-end data store.
The Data Store attributes basic datastore configuration:
Specifies if the back-end datastore notification is enabled. If this value is set to 'false', then in-memory notification is enabled.
The default is false. The purpose of this flag is to report to Service Management that the Directory Proxy must be used for read, write, and/or modify operations to the Directory Server. This flag also determines if ACIs or delegation privileges are to be used. This flag must be set to "true" when the Access Manager SDK (from version 7 or 7.1) is communicating with Access Manager version 6.3.
For example, in the co-existence/legacy mode this value should be "true". In the legacy DIT, the delegation policies were not supported. Only ACIs were supported, so o to ensure proper delegation check, this flag must be set to 'true' in legacy mode installation to make use of the ACIs for access control. Otherwise the delegation check will fail.
In realm mode, this value should be set to false so only the delegation policies are used for access control. In version 7.0 and later, Access Manager or OpenSSO Enterprise supports data-agnostic feature in realm mode installation. So, in addition to Directory Server, other servers may be used to store service configuration data. Additionally, this flag will report to the Service Management feature that the Directory Proxy does not need to be used for the read, write, and/or modify operations to the back-end storage. This is because some data stores, like Active Directory, may not support proxy.
Default value is 10. Defines the size of the pool by specifying the total number of threads.
The following attributes define event service notification for the data store:
Default value is 3. Specifies the number of attempts made to successfully re-establish the Event Service connections.
Default value is 3000. Specifies the delay in milliseconds between retries to re-establish the Event Service connections.
Default values are 80,81,91. Specifies the LDAP exception error codes for which retries to re-establish Event Service connections will trigger.
Default value is 0. Specifies the number of minutes after which the persistent searches will be restarted.
This property is used when a load balancer or firewall is between the policy agents and the Directory Server, and the persistent search connections are dropped when TCP idle timeout occurs. The property value should be lower than the load balancer or firewall TCP timeout. This ensures that the persistent searches are restarted before the connections are dropped. A value of 0 indicates that searches will not be restarted. Only the connections that are timed out will be reset.
Specifies which event connection can be disabled. Values (case insensitive) can be:
aci — Changes to the aci attribute, with the search using the LDAP filter (aci=*).
sm — Changes in the OpenSSO Enterprise information tree (or service management node), which includes objects with the sunService or sunServiceComponent marker object class. For example, you might create a policy to define access privileges for a protected resource, or you might modify the rules, subjects, conditions, or response providers for an existing policy.
um — Changes in the user directory (or user management node). For example, you might change a user's name or address.
For example, to disable persistent searches for changes to the OpenSSO Enterprise information tree (or service management node):
com.sun.am.event.connection.disable.list=sm
Persistent searches cause some performance overhead on Directory Server. If you determine that removing some of this performance overhead is absolutely critical in a production environment, you can disable one or more persistent searches using this property.
However, before disabling a persistent search, you should understand the limitations described above. It is strongly recommended that this property not be changed unless absolutely required. This property was introduced primarily to avoid overhead on Directory Server when multiple 2.1 J2EE agents are used, because each of these agents establishes these persistent searches. The 2.2 J2EE agents no longer establish these persistent searches, so you might not need to use this property.
Disabling persistent searches for any of these components is not recommended, because a component with a disabled persistent search does not receive notifications from Directory Server. Consequently, changes made in Directory Server for that particular component will not be notified to the component cache. For example, if you disable persistent searches for changes in the user directory (um), OpenSSO Enterprise will not receive notifications from Directory Server. Therefore, an agent would not get notifications from OpenSSO Enterprise to update its local user cache with the new values for the user attribute. Then, if an application queries the agent for the user attributes, it might receive the old value for that attribute.
Use this property only in special circumstances when absolutely required. For example, if you know that Service Configuration changes (related to changing values to any of services such as Session Service and Authentication Services) will not happen in production environment, the persistent search to the Service Management (sm) component can be disabled. However, if any changes occur for any of the services, a server restart would be required. The same condition also applies to other persistent searches, specified by the aci and um values.
The following attributes set connection data for the back end data store:
Default is 1000. Specifies the number milliseconds between retries.
Default value is 3. Specifies the number of attempts made to successfully re-establish the LDAP connection.
Default values are 80,81,91. Specifies the LDAPException error codes for which retries to re-establish the LDAP connection will trigger.
The following attributes define caching and replication configuration:
Default value is 10000. Specifies the size of the SDK cache when caching is enabled. Use an integer greater than 0, or the default size (10000 users) will be used.
Default value is 0. Specifies the number of times to retry.
Default value is 1000. Specifies the number of milliseconds between retries.
When enabled, the cache entries will expire based on the time specified in User Entry Expiration Time attribute.
This attribute specifies time in minutes for which the user entries remain valid in the cache after their last modification. After this specified period of time elapses (after the last modification/read from the Directory Server), the data for the entry that is cached will expire. At this point, new requests for data for these user entries are read from the Directory Server.
This attribute specifies the time in minutes for which the non-user entries remain valid in the cache after their last modification. After this specified period of time elapses (after the last modification/read from the Directory Server), the data for the entry that is cached will expire. At this point, new requests for data for these non-user entries are read from the Directory Server.
The Directory Configuration attributes define basic configuration information for the embedded directory store:
The Directory Configuration attributes are:
Specifies the minimal size of connection pools to be used for connecting to the Directory Server, as specified in the LDAP server attribute. The default is 1.
This attribute specifies the maximum size of connection pools to be used for connecting to the Directory Server, as specified in the LDAP server attribute. The default is 10.
Specifies the bind DN in the LDAP server.
Defines the password to be used for binding to the LDAP server. By default, the amldapuser password that was entered during installation is used as the bind user.
This attribute defines the directory server that will serve as the configuration data store for the OpenSSO Enterprise instance. To add a configuration server, click the Add button, and provide values for the following attributes:
Enter a name for the server.
Specifies fully-qualified host name of the Directory Server. For example:
DirectoryServerHost.domainName.com
Specifies the Directory Server port number .
Defines the connection type for the Directory Server. By default, SIMPLE is selected. You can also choose SSL.
The following attribute define basic directory-server configurations for Legacy mode instances of OpenSSO Enterprise. These attributes will only appear in a Legacy mode installation.
Specifies the minimal size of connection pools to be used for connecting to the Directory Server, as specified in the LDAP server attribute. The default is 1.
This attribute specifies the maximum size of connection pools to be used for connecting to the Directory Server, as specified in the LDAP server attribute. The default is 10.
This attribute lists the load balancer protocol, host name, and port. For example: http://lb.example.com:80.
The advanced properties enable an administrator to select and add values to server configuration properties that are not present in the OpenSSO Enterprise Console. All Server and Sites properties were located in the AMConfig.properties file in previous releases.
In addition to the default properties displayed in the Advance table of the console, the following properties can be added.
am.encryption.pwd= am_load_balancer_cookie= com.iplanet.am.clientIPCheckEnabled=true,false com.iplanet.am.console.deploymentDescriptor= com.iplanet.am.console.host= com.iplanet.am.console.port=integer com.iplanet.am.console.protocol=https,http com.iplanet.am.console.remote=true,false com.iplanet.am.cookie.encode=true,false com.iplanet.am.cookie.name= com.iplanet.am.cookie.secure=true,false com.iplanet.am.directory.host= com.iplanet.am.directory.port=integer com.iplanet.am.directory.ssl.enabled=true,false com.iplanet.am.domaincomponent= com.iplanet.am.event.connection.delay.between.retries=integer com.iplanet.am.event.connection.ldap.error.codes.retries= com.iplanet.am.event.connection.num.retries=integer com.iplanet.am.jssproxy.checkSubjectAltName=true,false com.iplanet.am.jssproxy.resolveIPAddress=true,false com.iplanet.am.jssproxy.SSLTrustHostList= com.iplanet.am.jssproxy.trustAllServerCerts=true,false com.iplanet.am.lbcookie.name= com.iplanet.am.lbcookie.value= com.iplanet.am.ldap.connection.delay.between.retries=integer com.iplanet.am.ldap.connection.ldap.error.codes.retries= com.iplanet.am.ldap.connection.num.retries=integer com.iplanet.am.locale= com.iplanet.am.notification.threadpool.size=integer com.iplanet.am.notification.threadpool.threshold=integer com.sun.identity.client.notification.url= com.iplanet.am.replica.delay.between.retries=integer com.iplanet.am.replica.num.retries=integer com.iplanet.am.rootsuffix= com.iplanet.am.sdk.cache.entry.default.expire.time=integer com.iplanet.am.sdk.cache.entry.expire.enabled=true,false com.iplanet.am.sdk.cache.entry.user.expire.time=integer com.iplanet.am.sdk.cache.maxSize=integer com.iplanet.am.sdk.caching.enabled=true,false com.iplanet.am.sdk.ldap.debugFileName= com.iplanet.am.sdk.package= com.iplanet.am.sdk.remote.pollingTime=integer com.iplanet.am.server.host= com.iplanet.am.server.port=integer com.iplanet.am.server.protocol=https,http com.iplanet.am.serverMode=true,false com.iplanet.am.service.secret= com.iplanet.am.services.deploymentDescriptor= com.iplanet.am.session.client.polling.enable=true,false com.iplanet.am.session.client.polling.period=integer com.iplanet.am.session.failover.cluster.stateCheck.period=integer com.iplanet.am.session.failover.cluster.stateCheck.timeout=integer com.iplanet.am.session.failover.httpSessionTrackingCookieName= com.iplanet.am.session.failover.sunAppServerLBRoutingCookieName= com.iplanet.am.session.failover.useInternalRequestRouting=true,false com.iplanet.am.session.failover.useRemoteSaveMethod=true,false com.iplanet.am.session.invalidsessionmaxtime=integer com.iplanet.am.session.maxSessions=integer com.iplanet.am.session.protectedPropertiesList= com.iplanet.am.session.purgedelay=integer com.iplanet.am.smtphost= com.iplanet.am.smtpport=integer com.iplanet.am.stats.interval=integer com.iplanet.am.util.xml.validating=on,off com.iplanet.am.version= com.iplanet.security.SSLSocketFactoryImpl= com.iplanet.security.SecureRandomFactoryImpl= com.iplanet.security.encryptor= com.iplanet.services.cdsso.cookiedomain= com.iplanet.services.comm.server.pllrequest.maxContentLength=integer com.iplanet.services.configpath= com.iplanet.services.debug.directory= com.sun.identity.configFilePath= com.iplanet.am.sdk.userEntryProcessingImpl= com.iplanet.am.profile.host= com.iplanet.am.profile.port=integer com.iplanet.am.pcookie.name= com.iplanet.am.jssproxy.SSLTrustHostList= com.sun.identity.authentication.ocspCheck= com.sun.identity.authentication.ocsp.responder.url= com.sun.identity.authentication.ocsp.responder.nickname= com.sun.identity.authentication.super.user= com.sun.identity.password.deploymentDescriptor= com.iplanet.am.session.httpSession.enabled= unixHelper.port=integer com.sun.identity.policy.Policy.policy_evaluation_weights= unixHelper.ipaddrs= com.sun.identity.authentication.uniqueCookieDomain= com.sun.identity.monitoring.local.conn.server.url= com.sun.identity.monitoring= com.iplanet.services.debug.level=off,error,warning,message com.sun.services.debug.mergeall=on,off com.sun.embedded.sync.servers=on,off com.sun.embedded.replicationport=integer com.iplanet.services.stats.directory= com.iplanet.services.stats.state=off,file,console com.sun.am.event.connection.disable.list= com.sun.am.event.connection.idle.timeout=integer com.sun.am.ldap.connnection.idle.seconds=integer com.sun.am.ldap.fallback.sleep.minutes=integer com.sun.am.session.SessionRepositoryImpl= com.sun.am.session.caseInsensitiveDN=true,false com.sun.am.session.enableAddListenerOnAllSessions=true,false com.sun.am.session.enableHostLookUp=true,false com.sun.am.session.trustedSourceList= com.sun.identity.agents.true.value= com.sun.identity.amsdk.cache.enabled=true,false com.sun.identity.client.encryptionKey= com.sun.identity.cookieRewritingInPath=true,false com.sun.identity.delegation.cache.size=integer com.sun.identity.enableUniqueSSOTokenCookie=true,false com.sun.identity.idm.cache.enabled=true,false com.sun.identity.idm.cache.entry.default.expire.time=integer com.sun.identity.idm.cache.entry.expire.enabled=true,false com.sun.identity.idm.cache.entry.user.expire.time=integer com.sun.identity.jsr196.authenticated.user= com.sun.identity.jss.donotInstallAtHighestPriority=true,false com.sun.identity.liberty.ws.util.providerManagerClass= com.sun.identity.log.logSubdir= com.sun.identity.loginurl= com.sun.identity.overrideAMC=true,false com.sun.identity.plugin.datastore.class.*= com.sun.identity.security.checkcaller=true,false com.sun.identity.security.x509.pkg= com.sun.identity.server.fqdnMap=map com.sun.identity.session.application.maxCacheTime=integer com.sun.identity.session.connectionfactory.provider= com.sun.identity.session.failover.connectionPoolClass= com.sun.identity.session.httpClientIPHeader= com.sun.identity.session.polling.threadpool.size=integer com.sun.identity.session.polling.threadpool.threshold=integer com.sun.identity.session.repository.cleanupGracePeriod=integer com.sun.identity.session.repository.cleanupRunPeriod=integer com.sun.identity.session.repository.dataSourceName= com.sun.identity.session.repository.enableEncryption=true,false com.sun.identity.session.repository.healthCheckRunPeriod=integer com.sun.identity.session.resetLBCookie=true,false com.sun.identity.session.returnAppSession=true,false com.sun.identity.sitemonitor.SiteStatusCheck.class= com.sun.identity.sitemonitor.interval=integer com.sun.identity.sitemonitor.timeout=integer com.sun.identity.sm.authservicename.provider= com.sun.identity.sm.cache.enabled=true,false com.sun.identity.sm.cacheTime=integer com.sun.identity.sm.enableDataStoreNotification=true,false com.sun.identity.sm.flatfile.root_dir= com.sun.identity.sm.ldap.enableProxy=true,false com.sun.identity.sm.notification.threadpool.size=integer com.sun.identity.sm.sms_object_class_name= com.sun.identity.url.readTimeout=integer com.sun.identity.url.redirect= com.sun.identity.urlchecker.invalidate.interval=integer com.sun.identity.urlchecker.sleep.interval=integer com.sun.identity.urlchecker.targeturl= com.sun.identity.util.debug.provider= com.sun.identity.webcontainer= com.sun.identity.wss.discovery.config.plugin= com.sun.identity.wss.provider.config.plugin= com.sun.identity.wss.security.authenticator= com.sun.identity.xmlenc.EncryptionProviderImpl= s1is.java.util.logging.config.class= s1is.java.util.logging.config.file= com.sun.identity.authentication.special.users= com.sun.identity.auth.cookieName= com.iplanet.am.naming.failover.url= com.sun.identity.authentication.uniqueCookieName= securidHelper.ports=integer com.iplanet.am.daemons= bootstrap.file= com.sun.identity.crl.cache.directory.host= com.sun.identity.crl.cache.directory.port=integer com.sun.identity.crl.cache.directory.ssl=true,false com.sun.identity.crl.cache.directory.user= com.sun.identity.crl.cache.directory.password= com.sun.identity.crl.cache.directory.searchlocs= com.sun.identity.crl.cache.directory.searchattr= com.sun.identity.authentication.ocspCheck=true,false com.sun.identity.authentication.ocsp.responder.url= com.sun.identity.authentication.ocsp.responder.nickname= com.sun.identity.security.fipsmode=true,false com.sun.identity.urlconnection.useCache=true,false com.sun.identity.sm.cache.ttl.enable=true,false com.sun.identity.sm.cache.ttl=integer com.sun.identity.common.systemtimerpool.size=integer com.iplanet.services.cdc.invalidGotoStrings= |
Click New in the Site list.
Enter the Site Name.
This value uniquely identifies the server and allows the possibility of specifying a second entry point (in addition to the primary URL) to the site. This is also used to shorten the cookie length by mapping the server URL to the server ID.
Enter the Primary URL for the site instance, including the site URI.
Click Save.
The created site will appear in the site list in the correct format.
Click on the name of the site you wish to edit from the Site list.
The primary URL for the site is listed in the Primary URL attribute.
If you wish, add a Secondary URL.
The secondary URL provides the connection information for the session repository used for the session failover functionality in OpenSSO Enterprise. The URL of the load balancer should be given as the identifier to this secondary configuration. If the secondary configuration is defined in this case, the session failover feature will be automatically enabled and become effective after the server restart.
Click Save.
The following table lists the Servers and Sites properties that were included in AMConfig.properties in previous releases, but are now managed as attributes through the OpenSSO Enterprise console. The properties are listed alphabetically. To search for a particular property, use your browser's Search or Find function.
The name of the property located in the AMConfig.properties file.
Is the name of the attribute as it appears in the OpenSSO Enterprise console.
Lists the console location where the attribute is located.
Property Name |
Attribute Name in Console |
Location in Console |
---|---|---|
am.encryption.pwd |
Password Encryption Key |
Servers and Sites > Security |
com.iplanet.am.clientIPCheckEnabled |
Client IP Address Check |
Servers and Sites > Security |
com.iplanet.am.cookie.encode |
Encode Cookie Value |
Servers and Sites > Security |
com.iplanet.am.cookie.name |
Cookie Name |
Servers and Sites > Security |
com.iplanet.am.cookie.secure |
Secure Cookie |
Servers and Sites > Security |
com.iplanet.am.event.connection.delay.between.retries |
Delay Between Event Service Connection Retries |
Servers and Sites > SDK |
com.iplanet.am.event.connection.ldap.error.codes.retries |
Error Codes for Event Service Connection Retries |
Servers and Sites > SDK |
com.iplanet.am.event.connection.num.retries |
Number of retries for Event Service Notification |
Servers and Sites > SDK |
com.iplanet.am.ldap.connection.delay.between.retries |
Number of Retries for LDAP Connection |
Servers and Sites > SDK |
com.iplanet.am.ldap.connection.ldap.error.codes.retries |
Error Codes for LDAP Connection Retries |
Servers and Sites > SDK |
com.iplanet.am.ldap.connection.num.retries |
Delay Between LDAP Connection Retries |
Servers and Sites > SDK |
com.iplanet.am.locale |
Default Locale |
Servers and Sites > General |
com.iplanet.am.notification.threadpool.size |
Notification Pool Size |
Servers and Sites > Session |
com.iplanet.am.notification.threadpool.threshold |
Notification Thread Pool Threshold |
Servers and Sites > Session |
com.iplanet.am.replica.delay.between.retries |
Delay Between SDK Replica Retries |
Servers and Sites > SDK |
com.iplanet.am.replica.num.retries |
SDK Replica Retries |
Servers and Sties > SDK |
com.iplanet.am.rootsuffix | ||
com.iplanet.am.sdk.cache.entry.default.expire.time |
Default Entry Expiration Time |
Servers and Sites > SDK |
com.iplanet.am.sdk.cache.entry.expire.enabled |
Cache Entry Expiration Enabled |
Servers and Sites > SDK |
com.iplanet.am.sdk.cache.entry.user.expire.time |
User Entry Expiration Time |
Servers and Sites > SDK |
com.iplanet.am.sdk.cache.maxSize |
SDK Caching Max. Size |
Servers and Sites > SDK |
com.iplanet.am.service.secret |
Authentication Service Shared Secret |
Servers and Sites > Security |
com.iplanet.am.session.invalidsessionmaxtime |
Invalidate Session Max Time |
Servers and Sites > Session |
com.iplanet.am.session.maxSessions |
Maximum Sessions |
Servers and Sites > Session |
com.iplanet.am.session.purgedelay |
Sessions Purge Delay |
Servers and Sites > Session |
com.iplanet.am.smtphost |
Mail Server Host Name |
Servers and Sites > General |
com.iplanet.am.smtpport |
Mail Server Port Number |
Servers and Sites > General |
com.iplanet.am.stats.interval |
Logging Interval |
Servers and Sites > Session |
com.iplanet.security.encryptor |
Encryption Class |
Servers and Sites > Security |
com.iplanet.services.comm.server.pllrequest.maxContentLength |
Platform Low Level. Comm. Max. Content Length |
Servers and Sites > Security |
com.iplanet.services.configpath |
Base Installation Directory |
Servers and Sites > General |
com.iplanet.services.debug.directory |
Debug Directory |
Servers and Sites > General |
com.iplanet.services.debug.level |
Debug Level |
Servers and Sites > General |
com.iplanet.services.stats.directory |
Directory |
Servers and Sites > General |
com.iplanet.services.stats.state |
State |
Servers and Sites > Session |
com.sun.am.event.connection.disable.list |
Disabled Even Service Connection |
Servers and Sites > SDK |
com.sun.am.session.caseInsensitiveDN |
Case Insensitive Client DN Comparison |
Servers and Sites > Session |
com.sun.am.session.enableHostLookUp |
Enable Host Lookup |
Servers and Sites > Session |
com.sun.identity.saml.xmlsig.certalias |
Certificate Alias |
Servers and Sites > Security |
com.sun.identity.saml.xmlsig.keypass |
Private Key Password File |
Servers and Sites > Security |
com.sun.identity.saml.xmlsig.keystore |
Keystore File |
Servers and Sites > Security |
com.sun.identity.saml.xmlsig.storepass |
Keystore Password File |
Servers and Sites > Security |
com.sun.identity.sm.ldap.enableProxy |
Enable Directory Proxy |
Servers and Sites > SDK |