Installing the Client SDK

You can obtain the Client SDK from the Access Manager compact disc, and then complete the following steps:

• To Install the Client SDK

• To Configure the Client SDK

• To Deploy amclientwebapps.war

To Install the Client SDK

Before You Begin

• The Access Manager server which will be used by the client SDK must be up and running, and you must know the URL for accessing this server.

• The machine where the client SDK will be installed must have an Access Manager supported web container installed. Examples of Access Manager supported web containers are Sun Java System Web Server 6.1 sp5, Sun Java System Application Server 8.1, BEA WebLogic Server 8.1 sp4, and IBM Websphere Application Server 5.1.1.5.

• The web container instance on which the client SDK will be deployed must be up and running.

• The client SDK machine must have access to the Access Manager client SDK package SUNWamclnt through the Java Enterprise System 4 bits or through some other means.

1. Create a package administration file. .

   Using a text editor, add the following contents to this file.

   mail=
   instance=unique
   partial=nocheck
   runlevel=nocheck
   idepend=nocheck
   rdepend=nocheck
   space=nocheck
   setuid=nocheck
   conflict=nocheck
   action=nocheck
   basedir=ClientSDK-base-directory
   

   In this example, the package administration file is named /usr/tmp/pkgadmin.

   The value for basediris the directory in which you want to install the Access Manager client SDK.

2. Create a package response file named /usr/tmp/pkgresp.

   Using a text editor, place the following three lines (a single y on each line) in this file.

   y
   y
   y
   

3. In the Access Manager package directory, use the pkgadd utility to install the SUNWamclnt package:

   cd JES2005Q4-Image-root/OperatingSystem-Architecture/Product/identity_svr/Packages

   pkgadd -n -a /usr/tmp/pkgadmin -d . -r /usr/tmp/pkgresp -R / SUNWamclnt

4. In the directory in which you installed the Access Manager client SDK package, make a copy of the file Makefile.clientsdk.

   The directory in which you installed the Access Manager client SDK package should be the same as the value you used for basedir in the package administration file in step 1a.

   On Solaris:

   cd ClientSDK-base-directory/SUNWam

   cp Makefile.clientsdk Makefile.clientsdk.orig

   On Linux:

   cd ClientSDK-base-directory/identity

   cp Makefile.clientsdk Makefile.clientsdk.orig

To Configure the Client SDK

1. In Makefile.clientsdk, edit the following parameters:

   JAVA_HOME

   Use the following path: /usr/jdk/entsys-j2se

   SERVER_HOSTNAME

   The fully-qualified domain name of the Access Manager server.

   SERVER_PROTOCOL

   If the Access Manager server is SSL-enabled, change this value to HTTPS.

   SERVER_PORT

   The port number on which the Access Manager server is running.

   ENCRYPTION_KEY

   This value must be the same value used for the Access Manager server. You can obtain the value by running one of the following commands on the Access Manager server:

   On Solaris

   grep pwd /etc/opt/SUNWam/config/AMConfig.properties

   On Linux

   grep pwd /etc/opt/sun/identity/config/AMConfig.properties

   DEBUG_DIR

   (Optional) If you don't want the debug logs stored in the tmp directory, then change this value to the directory where you want debug logs to be created.

2. Run the make or gmake command:

   make -f Makefile.clientsdk

   This step generates a sample properties file in the directory temp, standalone samples in the directory clientsdk-samples and a deployable war file, amclientwebapps.war.The following table summarizes the items included in the WAR file.

   File	Description
   index.html	Instructions for installing and using the Client SDK packages
   WEB-INF/web.xml	Client SDK for stand-alone applications
   WEB-INF/classes/AMClient.properties	Archive of Access Manager samples, web applications, and Javadoc
   WEB-INF/classes/*.classes	File for building stand-alone samples and web applications
   WEB-INF/docs	Javadoc (Public Client SDK APIs)
   WEB-INF/samples	Sample stand-alone programs
   WEB-INF/webapps	Sample web applications

To Deploy amclientwebapps.war

1. Create a deployment directory for amclientwebapps.war.

   On Solaris

   mkdir -p ClientSDK-base-directory/SUNWam/web-src/clientsdk

   On Linux

   mkdir -p ClientSDK-base-directory/identity/web-src/clientsdK

2. On the web container instance where you want to use the Access Manager client SDK, deploy the amclientwebapps.war file. See the following examples:

   Sun Java Enterprise Web Server on Solaris or Linux

   Use the wdeploy command to deploy amclientwebapps.war with a URI of /amcilentwebapps on the Web Server instance https-clientSDKinstance. Example:

   WebServer-base-directory/bin/https/httpadmin/bin/wdeploy deploy -u /amclientwebapps -i https-clientSDKinstance -v https-clientsdkinstance -d ClientSDK-base-directory/SUNWam/web-src/clientsdk clientSDK-base-directory/SUNWam/amclientwebapps.war

   Sun Java Enterprise Application Server on Solaris

   Using the asadmin command to deploy amclientwebapps.war with a URI of /amclientwebapps on the application server instance clientsSDKinstance. Example:

   ApplicationServer-base-directory/appserver/bin/asadmin deploy -user Admin-User-ID --host ApplicationServer-instanceHost --port ApplicationServer-Admin-Port --contextroot amclientwebapps -name amcilentwebapps -target clientSDKinstance ClientSDK-base-directory/SUNWam/amclientwebapps.war

   Be sure to use the fully qualified host name for ApplicationServer-instanceHost.

   Enter the Application Server administration password when prompted.

   Sun Java Enterprise Application Server on Linux

   Using the asadmin command to deploy amclientwebapps.war with a URI of /amclientwebapps on the application server instance clientsSDKinstance. Example:

   ApplicationServer-base-directory/bin/asadmin deploy -user Admin-User-ID --host ApplicationServer-instanceHost --port ApplicationServer-Admin-Port --contextroot amclientwebapps -name amcilentwebapps -target clientSDKinstance ClientSDK-base-directory/SUNWam/amclientwebapps.war

   Be sure to use the fully qualified host name for ApplicationServer-instanceHost.

   Enter the Application Server administration password when prompted.

   If you are deploying the client SDK on a third-party web container such as BEA WebLogic Server or IBM WebSphere Application Server, then see the documentation that comes with that product.

3. Restart the web container instance on which the Access Manager client SDK was deployed.

   If the full server instance being accessed by the client SDK is SSL-enabled, then you must install the root CA certificate of the server's certificate in the web container's JVM-wide cacerts keystore. Alternatively, you can create a keystore on the client SDK machine to contain the server's root CA certificate. Then add the necessary JVM options to the client SDK's web container instance to locate the newly created keystore.