To Configure the SafeWord Authentication Module

Perform this procedure on id-amer-01.us only.

Steps

1. Save a backup copy of the following files:

   /etc/opt/SUNWam/config/xml/amAuthSafeWord.xml /opt/SUNWam/locale/amAuthSafeWord.properties /opt/SUNWam/locale/amAdminCLI.properties /etc/opt/SUNWam/config/AMConfig.properties

2. Download the Access Manager patch 115766 and install it with the patchadd command.

3. Load the XML for the new SafeWord authentication module with the following commands:

   id-amer-01# cd /opt/SUNWam/bin/ id-amer-01# ./amadmin -u amadmin -w password \ -deleteservice iPlanetAMauthSafeWordService id-amer-01# ./amadmin -u amadmin -w password \ -schema /etc/opt/SUNWam/config/xml/amAuthSafeWord-63p.xml

4. Edit the following files so that they use the base DN of dc=example,dc=com and reference URLs of the BE servers in this Edge complex. The AccessManagerPath is the installation path specified in the AccessManagerStateFile.

   AccessManagerPath/locale/amAuthUI.properties AccessManagerPath/locale/amAuthSafeWord.properties /apps/http-id-amer-01/is-web-apps/services/config/auth/default/Login.jsp /apps/http-id-amer-01/is-web-apps/services/config/auth/default/aml/Login.jsp /apps/http-id-amer-01/is-web-apps/services/config/auth/default/wml/Login.jsp AccessManagerPath/web-src/services/config/auth/default/LDAP.xml AccessManagerPath/web-src/services/config/auth/default_en/LDAP.xml AccessManagerPath/web-src/services/config/auth/default/SafeWord.xml AccessManagerPath/web-src/services/config/auth/default_en/SafeWord.xml AccessManagerPath/locale/amAuthMobilePass.properties AccessManagerPath/web-src/services/config/auth/default/MobilePass.xml AccessManagerPath/web-src/services/config/auth/default/MobilePass.xml AccessManagerPath/web-src/services/config/auth/default_en/MobilePass.xml AccessManagerPath/lib/am_services.jar /etc/opt/SUNWam/config/amAuthMobilePass-63p.xml /SW/wireless/auth/xml/amAuth_add_mobilepass.xml

5. Configure the authentication modules with the following commands:

   AccessManagerPath/bin/amadmin -u amadmin -w password -v -t /SW/wireless/auth/xml/amAuth_add_mobilepass.xml AccessManagerPath/bin/amadmin -u amadmin -w password -v -s /etc/opt/SUNWam/config/amAuthMobilePass-63p.xml AccessManagerPath/bin/amadmin -u amadmin -w password -v -t /SW/wireless/auth/xml/SetAuthOrg-63.xml AccessManagerPath/bin/amadmin -u amadmin -w password -v -t /SW/wireless/auth/xml/CreateOrgMobilePassTemplate-63.xml AccessManagerPath/bin/amadmin -u amadmin -w password -v -t /SW/wireless/auth/xml/CreateOrgMobilePassRequests-63.xml AccessManagerPath/bin/amadmin -u amadmin -w password -v -t /SW/wireless/auth/xml/CreateOrgSafeWordTemplate-63.xml AccessManagerPath/bin/amadmin -u amadmin -w password -v -t /SW/wireless/auth/xml/CreateOrgSafeWordRequests-63.xml *

   Some of these commands may take up to several hours to complete. Some may also hang and not terminate. If SetAuthOrg-63.xml, CreateOrgMobilePassTemplate-63.xml, or CreateOrgSafeWordTemplate-63.xml fail to terminate, do the following:

   1. Log into the Access Manager console at http://id-amer-01.us.example.com/amconsoleas amadmin using the password given in AccessManagerStateFile.

   2. Select View->Services and expand the Core service. Then highlight LDAP, MobilePass and SafeWord from the list box entitled Organization Authentication Modules.

   3. Add safewordid to the Alias Search Attribute Name and click Save.

   4. Click Edit beside the Organization Authentication Configuration, and in the dialog window, select all modules and click on Delete.

   5. Add the SafeWord module by selecting it from the Module name list and setting the Enforcement Requirement to REQUIRED. Click OK to save the change.

   6. Modify the Gateway access service by setting the accepted authentication level to 2 with the following command:

      AccessManagerPath/bin/amadmin -u amadmin -w password -v -t /SW/wireless/xml/modifyGWAccessService.xml