Documentation Home
> Sun Java System Access Manager 7 2005Q4 Deployment Planning Guide
Sun Java System Access Manager 7 2005Q4 Deployment Planning Guide
Book Information
Index
A
B
C
D
F
G
H
I
J
L
M
N
O
P
R
S
T
V
W
Preface
Chapter 1 Introduction to Deployment Planning for Access Manager
About Access Manager
Access Manager Deployment Planning
Solution Life Cycle
Business Analysis Phase
Technical Requirements Phase
Logical Design Phase
Deployment Design Phase
Implementation Phase
Chapter 2 Business Analysis for Access Manager
About Business Analysis
Defining Access Manager Business Requirements
Defining Resources
Human Resources
Executive Sponsors
Team Lead
Project Management
Systems Analyst
Line-of-Business (LOB) Application Administrators
System Administrators
Access Manager Administrator
Directory Server Administrator
Hardware, Datacenter, and Network Administrator
Independent Software Vendors
Third Party Affiliates
Funding
Setting Goals
Gathering Information
Business Processes
IT Infrastructure
Virtual Data
Evaluating Applications
Platform Information
Security Models
Lifecycle of a Session
Customization and Branding
Categorizing Data
Mapping To Authentication
Mapping To Authorization
Building a Time Line
Deployment Design
Proof-of-Concept
Early Adoption
General Participation
Production Environment
Deployment Road Map
Chapter 3 Technical Requirements
Deployment Options
Security
High Availability
Clustering
Scalability
Hardware Requirements
Software Requirements
Operating System Requirements
Web Container Requirements
Directory Server Requirements
Java Development Kit (JDK) Software Requirements
Access Manager Session Failover Requirements
Web Browser Requirements
Access Manager Schema
Marker Object Classes
Administrative Roles
Access Manager Administrative Accounts
Schema Limitations
Only One Type of Entry Can be Marked as an Organization
People Containers Must be Parent Entries for Users
Only One Organization Description is Allowed in the Access Manager XML
Examples of Unsupported DITs
Chapter 4 Logical Design with Access Manager
About Logical Architectures
Designing a Logical Architecture
Access Manager Components
Web Container
Directory Server
Access Manager Information Tree
Identity Repository
Message Queue and Berkeley DB for Session Failover
Java ES Components That Use Access Manager
Example Access Manager Logical Architectures
Access Manager Web Deployment
Access Manager Multiple Server Deployment
Java Application Deployment
Access Manager Session Failover Deployment
Overview of Access Manager Session Failover
Session Failover Deployment Scenario
Access Manager and Portal Server Deployment
Installation on a Single Server
Installation on Multiple Servers
Federation Management
Chapter 5 Deployment Design with Access Manager
Using a Load Balancer
Configuring the Load Balancer for Sticky Sessions
Multiple JVM Environment
Directory Server Replication Considerations
Configuring For Replication
Example of the serverconfig.xml File
Configuring With a Load Balancer
Load Balancer Modification to the serverconfig.xml File
Directory Server With a Firewall
Setting the Global Timeout Attribute
Setting the Timeout Value for Individual Client Connections
Chapter 6 Implementation of an Access Manager Design
Installing Access Manager on Multiple Host Servers
Deploying Access Manager Instances
Adding Additional Instances to the Platform Server List and Realm/DNS Aliases
Configuring an Access Manager Deployment as a Site
Site Configuration
Using a Load Balancer With Access Manager
Configuring SSL Termination for a Load Balancer
Generating a CSR with the SubjectAltName Extension
Configuring Access Manager For Load Balancer Cookies
Configuring a Load Balancer with SAML
Setting the fqdnMap Property
Accessing an Access Manager Instance Through a Load Balancer
Implementing Access Manager Session Failover
Access Manager Session Failover Scenario
Installing the Session Failover Components
Configuring Access Manager for Session Failover
1–Disable Cookie Encoding
2–Edit the Web Container server.xml File
3–Add a New User in the Message Queue Server
4–Edit the amsessiondb Script (if Needed)
5–Run the amsfoconfig Script
Requirements to Run the amsfoconfig Script
Functions of the amsfoconfig Script
Running the amsfoconfig Script
amsfoconfig Script Sample Run
Starting the Session Failover Components
Running the amsfo Script
amsfopasswd Script
Configuring Session Failover Manually
1–Install the Required Components in the Deployment
2–Configure the Access Manager Deployment as a Site
3–Create a New Secondary Configuration Instance for the Load Balancer
4–Perform Session Failover Miscellaneous Configuration Tasks
5–Start the Session Failover Components
amsessiondb Script
Performance Tests With the amsessiondb Client
Setting Session Quota Constraints
Deployment Scenarios for Session Quota Constraints
Configuration of Session Quota Constraints
Multiple Settings For Session Quotas
Enabling Session Property Change Notifications
Tuning Your Deployment
Appendix A Installed Product Layout
Summary of Access Manager Directories
Base Installation Directory
/bin Directory
/docs Directory
/dtd Directory
/include Directory
/ldaplib Directory
/lib Directory
/locale Directory
/migration Directory
/public_html Directory
/samples Directory
/share Directory
/upgrade Directory
/web-src Directory
Configuration (/config) Directory
Appendix B Changing the Password Encryption Key
Installation Considerations
Changing the Key Value
© 2010, Oracle Corporation and/or its affiliates