Sun Java Enterprise System 2005Q4 Installation Reference

Access Manager SDK Configuration Information

Access Manager SDK is automatically installed when you install Identity Management and Policy Services Core, a subcomponent of Access Manager. You can also install Access Manager SDK as a discrete component on a host that is remote from the Access Manager core services.

Before you install Access Manager SDK, the Access Manager core services must be installed and running on a remote host. The web container information and Directory Server configuration information that you provide during this installation must match the web container and Directory Server configuration information that you provided during installation of Access Manager core services.

Note –

When the installer asks for information about the remote web container and Directory Server, default values are displayed based on the local host.

Do not accept the default values; use them only as examples of format. Instead, you must supply the correct remote information.

If you are installing Access Manager SDK as a discrete component , you must provide the following types of information:

Access Manager SDK: Administration Information

The installer needs the following administration information if you are installing only Access Manager SDK.

Table 1–13 Administration Information for Access Manager SDK


Label and State File Parameter	Description
Administrator User ID `IS_ADMIN_USER_ID`	Access Manager top-level administrator. This user has unlimited access to all entries managed by Access Manager. The default name, `amadmin`, cannot be changed. This ensures that the Access Manager administrator role and its privileges are created and mapped properly in Directory Server, allowing you to log onto Access Manager immediately after installation.
Administrator Password `IS_ADMINPASSWD`	Password of the `amadmin` user. The value must have at least eight characters. Set this value to the same value used by Access Manager on the remote host. The default value is the Administrator Password (`CMN_ADMIN_PASSWORD` ) you provided under Common Server Settings. Refer to Common Server Settings.
LDAP User ID `IS_LDAP_USER`	Bind DN user for LDAP, Membership, and Policy services. This user has read and search access to all Directory Server entries. The default user name, `amldapuser`, cannot be changed.
LDAP Password `IS_LDAPUSERPASSWD`	Password of the `amldapuser` user. This password must be different from the password of the `amadmin` user. It can be any valid Directory Service password. Set this value to the same value used by Access Manager on the remote host.
Password Encryption Key `AM_ENC_PWD`	A string that Access Manager uses to encrypt user passwords. Note: For security purposes, it is recommended that the password encryption key be 12 characters or longer. All Access Manager subcomponents must use the same encryption key that the Identity Management and Policy Services Core uses. To specify the encryption key for Access Manager SDK, do the following: Copy the value for `am.encryption.pwd` as generated by the installation of the core. Paste the copied value into this field. In a state file, the default is `LOCK`. Any character combination is permitted.

Access Manager SDK: Directory Server Information

The installer needs the following Directory Server information if you are installing Access Manager SDK without other Access Manager subcomponents.

Table 1–14 Directory Server Information for Access Manager SDK


Label and State File Parameter	Description
Directory Server Host `IS_DS_HOSTNAME`	A host name or value that resolves to the host on which Directory Server resides. Set this value to the same value used by Access Manager on the remote host.
Directory Server Port `IS_DS_PORT`	Port on which Directory Server listens for client connections. Set this value to the same value used by Access Manager on the remote host.
Access Manager Directory Root Suffix `IS_ROOT_SUFFIX`	The distinguished name (DN) specified as the Access Manager root suffix when Directory Server was installed. This root suffix indicates the part of the directory that is managed by Access Manager. Set this value to the same value used by Access Manager on the remote host. The default value is based on the fully qualified domain name for this host, minus the host name. For example, if this host is `siroe.subdomain.example.com` , the value is `dc=subdomain,dc=example,dc=com`. Use this default value as an example of format only.
Directory Manager DN `IS_DIRMGRDN`	DN of the user who has unrestricted access to Directory Server. Set this value to the same value used by Access Manager on the remote host. The default value is `cn=Directory Manager`.
Directory Manager Password `IS_DIRMGRPASSWD`	Password for the directory manager. Set this value to the same value used by Access Manager on the remote host.

Access Manager SDK: Provisioned Directory Information

The information needed to configure a provisioned directory depends on whether the installer detects an existing provisioned directory on your host.

When the installer is generating a state file, IS_EXISTING_DIT_SCHEMA=y is written to the state file if the installer finds an existing provisioned directory. The installer writes IS_EXISTING_DIT_SCHEMA=n to the state file if the installer does not find an existing provisioned directory.

Existing Provisioned Directory Found

If the installer finds an existing provisioned directory, you provide the following information.

Table 1–15 Existing Provisioned Directory Information for Access Manager SDK


Label and State File Parameter	Description
User Naming Attribute `IS_USER_NAMING_ATTR`	Naming attribute used for users in the provisioned directory. The default value is `uid`.

No Existing Provisioned Directory Found

If the installer does not find an existing provisioned directory, you can choose whether to use an existing provisioned directory. If you answer Yes to the first question in this table, you must answer the remaining questions in the table.

Table 1–16 No Existing Provisioned Directory Information for Access Manager SDK


Label and State File Parameter	Description
Is Directory Server provisioned with user data? `IS_LOAD_DIT`	Specifies whether you want to use an existing provisioned directory. The default value is No. In a state value, permitted values are `y` or `n`. The default value is `n`.
Organization Marker Object Class `IS_ORG_OBJECT_CLASS`	Object class defined for the organization in the existing provisioned directory. This value is used only if the value for the first item in this table is `Yes`. The default value is `SunISManagedOrganization`.
Organization Naming Attribute `IS_ORG_NAMING_ATTR`	Naming attribute used to define organizations in the existing provisioned directory. This value is used only if the value for the first item in this table is `Yes`. The default value is `o`.
User Marker Object Class `IS_USER_OBJECT_CLASS`	Object class defined for users in the existing provisioned directory. This value is used only if the value for the first item in this table is `Yes`. The default value is `inetorgperson`.
User Naming Attribute `IS_USER_NAMING_ATTR`	Naming attribute used for users in the existing provisioned directory. This value is used only if the value for the first item in this table is `Yes`. The default value is `uid`.

Access Manager SDK: Web Container Information

The installer needs the following web container information if you are installing only Access Manager SDK.

Table 1–17 Web Container Information for Access Manager SDK


Label and State File Parameter	Description
Host `IS_WS_HOST_NAME` (Web Server)	Host name of the web container that runs Access Manager core services. Use the value specified during the installation of Access Manager on the remote host. There is no default value.
Services Deployment URI `SERVER_DEPLOY_URI`	URI prefix for accessing the HTML pages, classes, and JAR files associated with Access Manager. Set this value to the same value used by Access Manager on the remote host. The default value is `amserver`. Do not enter a leading slash.
Cookie Domain `COOKIE_DOMAIN_LIST`	The names of the trusted DNS domains that Access Manager returns to a browser when Access Manager grants a session ID to a user. Set this value to the same value used by Access Manager on the remote host. The default value is the current domain, prefixed by a dot (`.`).
Services Port `IS_WS_INSTANCE_PORT` (Web Server) `IS_IAS81INSTANCE_PORT` (Application Server)	Port number of the web container instance that runs Access Manager core services. Use the port number specified when Access Manager core services were installed.