4.5 Installing and Configuring Access Manager

Access Manager needs to be installed on the back-end servers id-amer-NN.us. Make sure that Web Server has been previously installed on these servers, as described in 4.4 Installing and Configuring Web Server.

To Install and Configure Access Manager

Steps

1. Run the Java ES installer using the silent install state file.

   id-amer-NN# cd /var/bits/Java_es/Solaris_sparc id-amer-NN# ./installer -nodisplay -noconsole \ -state /var/bits/silent/AccessManagerStateFile

2. Verify the installation by accessing the Access Manager console at http://id-amer-NN.us.example.com/amconsole. Log in as amadmin using the password given in AccessManagerStateFile.

3. On all Access Manager instances except id-amer-01.us, perform the following configuration changes to avoid a service initialization error:

   1. After logging in, select General Properties and edit the Organization alias. Add this server's name to the Organization Alias, for example id-amer-NN.us.example.com. Save the changes.

   2. Select the Service Configuration tab, then select Platform and edit the Server List. Add this server's name and port, for example id-amer-NN.us.example.com:80|02, and save the changes.

To Configure the SafeWord Authentication Module

Perform this procedure on id-amer-01.us only.

Steps

1. Save a backup copy of the following files:

   /etc/opt/SUNWam/config/xml/amAuthSafeWord.xml /opt/SUNWam/locale/amAuthSafeWord.properties /opt/SUNWam/locale/amAdminCLI.properties /etc/opt/SUNWam/config/AMConfig.properties

2. Download the Access Manager patch 115766 and install it with the patchadd command.

3. Load the XML for the new SafeWord authentication module with the following commands:

   id-amer-01# cd /opt/SUNWam/bin/ id-amer-01# ./amadmin -u amadmin -w password \ -deleteservice iPlanetAMauthSafeWordService id-amer-01# ./amadmin -u amadmin -w password \ -schema /etc/opt/SUNWam/config/xml/amAuthSafeWord-63p.xml

4. Edit the following files so that they use the base DN of dc=example,dc=com and reference URLs of the BE servers in this Edge complex. The AccessManagerPath is the installation path specified in the AccessManagerStateFile.

   AccessManagerPath/locale/amAuthUI.properties AccessManagerPath/locale/amAuthSafeWord.properties /apps/http-id-amer-01/is-web-apps/services/config/auth/default/Login.jsp /apps/http-id-amer-01/is-web-apps/services/config/auth/default/aml/Login.jsp /apps/http-id-amer-01/is-web-apps/services/config/auth/default/wml/Login.jsp AccessManagerPath/web-src/services/config/auth/default/LDAP.xml AccessManagerPath/web-src/services/config/auth/default_en/LDAP.xml AccessManagerPath/web-src/services/config/auth/default/SafeWord.xml AccessManagerPath/web-src/services/config/auth/default_en/SafeWord.xml AccessManagerPath/locale/amAuthMobilePass.properties AccessManagerPath/web-src/services/config/auth/default/MobilePass.xml AccessManagerPath/web-src/services/config/auth/default/MobilePass.xml AccessManagerPath/web-src/services/config/auth/default_en/MobilePass.xml AccessManagerPath/lib/am_services.jar /etc/opt/SUNWam/config/amAuthMobilePass-63p.xml /SW/wireless/auth/xml/amAuth_add_mobilepass.xml

5. Configure the authentication modules with the following commands:

   AccessManagerPath/bin/amadmin -u amadmin -w password -v -t /SW/wireless/auth/xml/amAuth_add_mobilepass.xml AccessManagerPath/bin/amadmin -u amadmin -w password -v -s /etc/opt/SUNWam/config/amAuthMobilePass-63p.xml AccessManagerPath/bin/amadmin -u amadmin -w password -v -t /SW/wireless/auth/xml/SetAuthOrg-63.xml AccessManagerPath/bin/amadmin -u amadmin -w password -v -t /SW/wireless/auth/xml/CreateOrgMobilePassTemplate-63.xml AccessManagerPath/bin/amadmin -u amadmin -w password -v -t /SW/wireless/auth/xml/CreateOrgMobilePassRequests-63.xml AccessManagerPath/bin/amadmin -u amadmin -w password -v -t /SW/wireless/auth/xml/CreateOrgSafeWordTemplate-63.xml AccessManagerPath/bin/amadmin -u amadmin -w password -v -t /SW/wireless/auth/xml/CreateOrgSafeWordRequests-63.xml *

   Some of these commands may take up to several hours to complete. Some may also hang and not terminate. If SetAuthOrg-63.xml, CreateOrgMobilePassTemplate-63.xml, or CreateOrgSafeWordTemplate-63.xml fail to terminate, do the following:

   1. Log into the Access Manager console at http://id-amer-01.us.example.com/amconsoleas amadmin using the password given in AccessManagerStateFile.

   2. Select View->Services and expand the Core service. Then highlight LDAP, MobilePass and SafeWord from the list box entitled Organization Authentication Modules.

   3. Add safewordid to the Alias Search Attribute Name and click Save.

   4. Click Edit beside the Organization Authentication Configuration, and in the dialog window, select all modules and click on Delete.

   5. Add the SafeWord module by selecting it from the Module name list and setting the Enforcement Requirement to REQUIRED. Click OK to save the change.

   6. Modify the Gateway access service by setting the accepted authentication level to 2 with the following command:

      AccessManagerPath/bin/amadmin -u amadmin -w password -v -t /SW/wireless/xml/modifyGWAccessService.xml