To Configure Distributed Authentication UI Servers to Authenticate to Access Manager as a Custom User (Deployment Example 1: Access Manager 7.0 Load Balancing, Distributed Authentication UI, and Session Failover)

Deployment Example 1: Access Manager 7.0 Load Balancing, Distributed Authentication UI, and Session Failover

Previous: To Configure the Distributed Authentication UI Servers Load Balancer
Next: To Configure the Load Balancer Cookies for the Distributed Authentication UI Servers

To Configure Distributed Authentication UI Servers to Authenticate to Access Manager as a Custom User

Set up a custom user.
1. Open a browser and go to the Access Manager login URL.
  
  https://LoadBalancer-3.example.com:9443/amserver/UI/Login
2. Log in to the Access Manager console using the following information:
  
  Username
  
  amadmin
  
  Password
  
  4m4dmin1
3. On the Access Control tab, click the top-level realm example.com.
4. Click the Subjects tab.
5. Click the Agents tab.
6. On the Agents tab, click the New button.
7. In the New Agent page, provide the following information, and then click Create.
  
  ID
  
  authuiadmin
  
  Password
  
  4uthu14dmin
8. On the Agent tab, in the list of Agent names, click on authuiadmin.
  1. On the General tab, copy the UniversalID value, and save it where you can use it later.
9. Log out of the console.

Define authuiadmin as a special user in Access Manager 1.
1. As a root user, log in to host AccessManager–1.
2. Locate the /etc/opt/SUNWam/config/AMConfig.properties file.
  
  Make a backup of this file before you modify it.
3. In the file, locate the following property:
  
  com.sun.identity.authentication.special.users
4. At end of the list of values, add the UniversalID that you obtained and saved from the Agents list:
  
  |uid=authuiadmin,ou=agents,o=example.com
  
  This step authorizes the user to authenticate remote applications to the Access Manager server using the Access Manager Client SDK.

Define authuiadmin as a special user in Access Manager 2.
1. As a root user, log into host AccessManager–2.
2. Locate the /etc/opt/SUNWam/config/AMConfig.properties file.
  
  Make a backup of this file before you modify it.
3. In the file, locate the following property:
  
  com.sun.identity.authentication.special.users
4. At end of the list of values, add the UniversalID that you obtained and saved from the Agents list:
  
  |uid=authuiadmin,ou=agents,o=example.com
  
  This step authorizes the user to authenticate remote applications to the Access Manager server using the Access Manager Client SDK.

Restart both Access Manager 1 server and Access Manager 2 server.

Log out of Access Manager 1 and log out of Access Manager 2.

Define the custom user as a special user on the Authentication UI 1 server.
1. As a root user log into host AuthenticationUI— 1.
2. Locate the following file:
  opt/SUNWwbsvr/https-AuthenticationUI-1.example.com/ webapps/distAuth/WEB-INF/classes/AMConfig.properties
  Make a backup of this file before you modify it.
3. In the file, set the following properties:
  
  com.sun.identity.agents.app.username=authuiadmin
  
  com.iplanet.am.service.password=4uthu14dmin

Define the custom user as a special user on the Authentication UI 2 server.
1. As a root user, log into host AuthenticationUI–2.
2. Locate the following file:
  opt/SUNWwbsvr/https-AuthenticationUI-2.example.com/ webapps/distAuth/WEB-INF/classes
  Make a backup of this file before you modify it.
3. In the file, set the following properies:
  
  com.sun.identity.agents.app.username=authuiadmin
  
  com.iplanet.am.service.password=4uthu14dmin

Restart Authentication UI 1 server and Authentication UI 2 server.

# cd /opt/SUNWwbsvr/https-AuthenticationUI-1.example.com

# ./stop ; ./start

# cd /opt/SUNWwbsvr/https-AuthenticationUI-2.example.com

# ./stop ; ./start

Log out of Authentication UI 1 server and log out of Authentication UI 2 server.

Verify that everything works.
1. On Directory Server 1 and Directory Server 2, go to logs directory and run the tail command.
  
  # cd /var/opt/mps/serverroot/slapd-am-config/logs
  
  # tail -f access | grep authuiadmin
2. In a browser, go to following URL to open the Access Manager login page.
  
  https://LoadBalancer-4.example.com:9443/distAuth/UI/Login?goto=https://LoadBalancer-3.example.com:9443/amserver/UI/Login
  
  Using this URL, you will be able to view entries for the Authentication UI server binding to the Directory Server as the special user authuiadmin.
3. In the logs, look for entries similar to this:
```
[12/Jul/2006:21:08:33 -0700] conn=43430 op=0 msgId=1059 - 
BIND dn="uid=authuiadmin,ou=agents,o=example.com" method=128 version=3 
[12/Jul/2006:21:08:33 -0700] conn=43430 op=0 msgId=1059 - 
RESULT err=0 tag=97 nentries=0 etime=0 dn="uid=authuiadmin,ou=agents,o=example.com"
```
  When you see err=0 in either log, you know that the Authentication UI server successfully logged into the Access Manager server. If the err value is anything other an 0, you must troubleshoot the configuration.
4. Log in to the Access Manager console using the following information:
  
  Username
  
  amadmin
  
  Password
  
  4m4dmin1
  
  If you can successfully log in, you know that authentication worked successfully

Log out of the console.

© 2010, Oracle Corporation and/or its affiliates