Install and Configure Access Manager (Technical Note: Deploying Access Manager to an Application Server Cluster)

Technical Note: Deploying Access Manager to an Application Server Cluster

Install and Configure Access Manager

Perform the following steps on all of the servers:

Install Access Manager using the Java ES installer with the Configure Later option. Access Manager requires Sun Java System Directory Server. Either install Directory Server before you install Access Manager. Or, use an existing Directory Server.
Start all instances of Application Server to verify that they are installed properly.

Create an amsamplesilent file on the DAS machine (host-server1) and set the following attributes:

SERVER_NAME=host-server1
SERVER_HOST=$SERVER_NAME.example.com
SERVER_PORT=8082
ADMIN_PORT=4849
DS_HOST=qa-host-server1.example.comDS_DIRMGRPASSWD=password
ROOT_SUFFIX="dc=example,dc=com"
ADMINPASSWD=password
AMLDAPUSERPASSWD=password
COOKIE_DOMAIN=.example.com
AM_ENC_PWD=""
NEW_OWNER=root
NEW_GROUP=other
PAM_SERVICE_NAME=other
WEB_CONTAINER=AS8

AS81_HOST=host-server1.example.com
AS81_INSTANCE=amcluster

Save and deploy the ampsamplesilent file. For example:
```
amconfig -s amsamplesilent
```
Restart Access Manager and the cluster instance
Log in to Access Manager as amadmin on the DAS machine and add the additional server instances to the Platform server list. For more information, see Add Instances to the Platform Server List and Realm/DNS Aliases.
Copy the ampsamplesilent file to /usr/tmp directory on both server1 and server2.
On the DAS machine, locate the AM_ENC_PWD property in amconfig.properties (located in /etc/opt/SUNWam/config):
```
am.encryption.pwd=RrO0vsw+sg8D1+3ldZ6imu9yhjhyksS2
```

Copy the value of the AM_ENC_PWD from the DAS machine and replace the value in the amsamplesilent file for both server1 and server2:

SERVER_NAME=server1
AM_ENC_PWD=RrO0vsw+sg8D1+3ldZ6imu9yhjhyksS2

SERVER_NAME=server2
AM_ENC_PWD=RrO0vsw+sg8D1+3ldZ6imu9yhjhyksS2

Deploy the configuration file on server1 and server2. The applications will produce error messages when attempting to deploy, because the applications are already in the domain. The configuration files need to be created and the command line utilities need to be defined. To do so, run the amconfig command for each installed instance. For example:

amconfig -s /usr/tmp/ amsamplesilent

For more information, see the Access Manager Administration Guide.

Note –

Certain error messages will be sent, but these are expected and can be ignored.

Access Manager 7 errors:

Directory Server is already loaded with Access Manager DIT.
CLI171 Command deploy failed : Application amserver is already deployed on other targets. Ple
ase use create-application-ref command to create reference to the specified target; requested
 operation cannot be completed
Failed to deploy /amserver
cp: cannot access /var/opt/SUNWappserver/domains/domain1/config/domain.xml
cp: cannot access /var/opt/SUNWappserver/domains/domain1/config/server.policy
CLI167 Could not create the following jvm options. Options exist:
-Djava.protocol.handler.pkgs=com.iplanet.services.com
-DLOG_COMPATMODE=Off
-Ds1is.java.util.logging.config.class=com.sun.identity.log.s1is.LogConfigReader
-Dcom.iplanet.am.serverMode=true
CLI137 Command create-jvm-options failed.

Repeat these steps for other instances in the cluster.