CR# 6440697: Distributed Authentication should run as non-amadmin user (Sun Java System Access Manager 7 2005Q4 Release Notes)

Sun Java System Access Manager 7 2005Q4 Release Notes

Previous: CR# 6441918: Site monitor interval and time-out properties
Next: CR# 6440695: Distributed Authentication UI servers with a load balancer

CR# 6440697: Distributed Authentication should run as non-amadmin user

To create a Distributed Authentication administrator other than the default administrative user (amadmin) for Distributed Authentication application authentication, follow this procedure:

Create an LDAP user for the Distributed Authentication administrator. For example:
```
uid=DistAuthAdmin,ou=people,o=am
```
Add the Distributed Authentication administrator to the list of special users. For example:
```
com.sun.identity.authentication.special.users=cn=dsameuser,
ou=DSAME Users,o=am|cn=amService-UrlAccessAgent,ou=DSAME Users,
o=am|uid=DistAuthAdmin,ou=People,o=am
```
Add this property to the AMConfig.properties file of all Access Manager servers, so that the Distributed Authentication administrator's AppSSOToken does not expire when the session expires.

Previous: CR# 6441918: Site monitor interval and time-out properties
Next: CR# 6440695: Distributed Authentication UI servers with a load balancer