test

Sun Java Enterprise System 2005Q4 Installation Planning Guide

Access Manager

Access Manager provides authentication and authorization services for most other Java ES components. In any particular solution, the components that use Access Manager services depend on the specific solution, but almost every other Java EScomponent is a possible consumer of Access Manager services.

Access Manager has only one solution-level dependency, on a source of user and group data. Therefore, it is logical to install and configureAccess Manager immediately after Directory Server and Administration Server, before any possible consumers of Access Manager services are installed and configured.

Access Manager has a local dependency on a web container.

Note –

Access Manager has two operating modes. Legacy mode (6.x style) supports Access Manager 6 features. If you are installing Access Manager with Portal Server, Messaging Server, Calendar Server, Delegated Administrator, or Instant Messaging, you must select the Access Manager Legacy (6.x) installation type.

Realm mode (7.x style) supports Access Manager 7 features, including the new Access Manager 7 Console. However, realm (7.x) can only be used in solutions that include none of the components listed above.

Note –

If your deployment architecture places Portal Server and Access Manager on separate computers, some considerations apply. For more information, see Portal Server Using a Remote Access Manager Example in Sun Java Enterprise System 2005Q4 Installation Guide for UNIX.

Basic Installation Procedures for Access Manager

The basic steps for installing and configuring Access Managerare the following:

  1. Use the Java ES installer to install Access Manager on all computers systems specified in your deployment architecture.

    1. When you install Access Manager you must specify the web container in which Access Manager runs.

    2. When you install Access Manager you must specify the repository for user and group data (typically a Directory Server instance, specified with a URL).

    3. Installing Access Manager modifies the LDAP directory to support single sign-on (sometimes referred to as schema 2). For more information about LDAP schemas, see Specifying the LDAP Schema for a Solution.

  2. Start and verify all instances of Access Manager.

  3. If your solution uses load balancing for the Access Manager instances, verify that the load balancer is working properly.

Choosing Configuration Values for Access Manager

For each Access Manager instance in your solution, you must specify configuration values that configure the instance to interoperate with the other components in the solution.

Table 3–8 Key Configuration Values for Access Manager Instances

Input Field 

Choosing a Value for Your Solution 

Administrator User ID and Administrator Password 

You establish the password for the fully privileged administrator account. This account logs in to the Access Manager console. This account has complete access to all directory entries managed by Access Manager. 

LDAP User ID and LDAP Password 

You establish the password for a less privileged administrator account. This account logs in to the Access Manager console. This account has read and search privileges. 

Install Type 

You indicate whether the Access Manager instance should operate in realm mode or legacy mode. Legacy mode is required if the instance is interoperating with Portal Server, Messaging Server, Calendar Server, Instant Messaging, or Delegated Administrator. 

Web Container 

You specify the web container in which the Access Manager instance runs. Depending on your selection, the installer prompts you for the necessary information. 

Host Name, Web Server Port, Web Server Instance Directory, Document Root Directory, Secure Server Instance Port 

If you are installing Access Manager and Web Server together, use these fields to specify how Web Server is installed. 

If you are installingAccess Manager on a computer where Web Server is already installed, use these fields to specify an existing Web Server instance. 

Installation Directory, Access Manager Runtime Instance, Instance Directory, Access Manager Instance Port, Document Root, Administrator User Id, Administrator Port, Secure Server Instance Port, Secure Administration Server Port,  

If you are installing Access Manager and Application Server together, use these fields to specify how the Application Server is installed. 

If you are installingAccess Manager on a computer where Application Server is already installed, use these fields to specify an existing Application Server instance. 

Host Name, Services Deployment URI, Common Domain Deployment URI, Cookie Domain, Administration Console (Deploy New Console, Use Existing Console), Console Deploy URI, Password Deployment URI, Console Host Name, Console Port 

Use these fields to specify how Access Manager Identity Management and Policy Services Core (core) and Administration Server Console (console) services are deployed to  

Web Server. 

Directory Server Host, Directory Server Port, Access Manager Directory Root Suffix, Directory Manager DN, Directory Manager Password. 

Use these fields to provide access to the  

Directory Serverinstance that your solution uses for user and group data. If you are using something other than Directory Server as your repository for user and group data, this URL must be? 

  • Directory Server Host and Directory Server Port were assigned when Directory Server was installed and configured. If Directory Server is configured with multi-master replication, and/or load balancing, use the logical address for the replicated/load-balanced service, rather than the name of one of the computers.

  • Access Manager Directory Root Suffix is the directory entry that Access Manager uses as the directory root. The default value is the actual directory root, also established when the Directory Server instance was installed.

  • The Directory Manager DN and password were also established when the Directory Server instance was installed.

If your solution uses some other source of user and group data, this URL must be? 

No, Yes, Organization Marker Object Class, Organization Naming Attribute, User Marker Object Class, User Naming Attribute 

Use these fields to configure Access Manager to work with a directory already provisioned with user data.  

Adding Installation Procedures for Access Manager to Your Installation Plan

To add installation and configuration instructions for Access Manager, do the following:

  1. If theAccess Manager instances are load balanced, the first instruction in your installation plan is confirming that the load balancer is functioning before anyJava ES software is installed.

  2. Next, in your plan, list all of the computers with Access Manager instances.

    1. Access Manager has a local dependency on a web container. Each computer that runs an instance of Access Manager must also run an instance of the specified web container. Your deployment architecture should indicate which web container your solution is using.

    2. For each computer, add an instruction to run the Java ES installer and select Access Manager. If you are using Web Server or Application Server as your web container, add an instruction to select the web container, too. The installer is capable of automatically deploying Access Manager to the selected web container.

    3. If the computers that run Access Managerare already listed in your plan (for example, if Directory Server is installed on the same computer) add an instruction to select Access Manager. You can install Access Manager at the same time as Directory Server, even if you use the configure now option, but your plan must put the instructions for configuring, starting, and verifying the Directory Server instances before the instructions for configuring or starting any instance Access Manager.

  3. Underneath each Access Manager instance, list the key values for configuring the instance. Use Table 3–8 to help you select configuration values.

  4. Underneath each Web Server or Application Server instances, list the key values for configuring the instance. For information on selecting configuration values for these components, see Web Server or Application Server.

  5. If your solution uses one of the third-party web containers that supports Access Manager, you install Access Manager in configure later mode. To configure and deploy the Access Manager instance, you run an Access Manager configuration tool named amconfig. For more information, see Access Manager amconfig Script in Sun Java System Access Manager 7 2005Q4 Administration Guide. The third-party web container must be installed and running before you run the amconfig configuration tool.

  6. For each computer, add an instruction to start and verify the Access Manager instance. If the instances are load balanced, add an instruction to verify operation of the load balancer.