Component |
Description | |
---|---|---|
Host |
Computer system that hosts the Directory Server. |
|
Host Name |
DirectoryServer–3SP.siroe.com |
|
Directory Server Administration Instance |
Administration server that manages Directory Server and all its instances. |
|
Port Number |
1391 |
|
Service URL |
http://DirectoryServer–3SP.siroe.com:1391 |
|
Instance Directory |
/var/opt/mps/serverroot/admin-serv |
|
Directory Server Configuration Instance |
Instance that stores Directory Server configuration data. |
|
Instance name |
DirectoryServer-3SP |
|
Port Number |
1390 |
|
Service URL |
http://DirectoryServer-3SP.siroe.com:1390 |
|
Base suffix |
dc=siroe,dc=com |
|
Super User |
cn=Directory Manager |
|
Super User password |
admin123 |
|
Administrative User |
admin |
|
Administrative User Password |
admin123 |
|
Instance Directory |
/var/opt/mps/serverroot/slapd-DirectoryServer-3SP |
|
Federation Manager Configuration Instance |
Stores Federation Manager configuration data. |
|
Instance name |
fm-config |
|
Port Number |
1389 |
|
Service URL |
http://DirectoryServer–3SP.siroe.com:1389 |
|
Base Suffix |
o=siroe.com |
|
Replication Manager |
cn=replication manager,cn=replication,cn=config |
|
Replication Manager Password |
11111111 |
|
Instance Directory |
/var/opt/mps/serverroot/slapd-fm-config |
|
User Data Store |
Stores Federation Manager user data. In this deployment example, the user data store is located on the same computer system as the Federation Manager configuration data store. The user data store could also be installed on a different computer system. |
|
Instance Name |
fm-users |
|
Port Number |
1489 |
|
Service URL |
http://DirectoryServer-3SP.siroe.com:1489 |
|
Base Suffix |
dc=siroe, dc=com |
|
Users Suffix |
o=siroeusers |
|
Replication Manager |
cn=replication manager, cn=replication,cn=config |
|
Replication Manager Password |
11111111 |
|
Instance Directory |
/var/opt/mps/serverroot/slapd-fm-users |
Table A–2 Directory Server 4SP Configuration
Component |
Description | |
---|---|---|
Host |
Computer system that hosts the Directory Server. |
|
Host Name |
DirectoryServer–4SP.siroe.com |
|
Directory Server Administration Instance |
Administration server that manages Directory Server and all its instances. |
|
Port Number |
1391 |
|
Service URL |
http://DirectoryServer–4SP.siroe.com:1391 |
|
Instance Directory |
/var/opt/mps/serverroot/admin-serv |
|
Directory Server Configuration Instance |
Instance that stores Directory Server configuration data. |
|
Instance name |
DirectoryServer-4SP |
|
Port Number |
1390 |
|
Service URL |
http://DirectoryServer-4SP.siroe.com:1390 |
|
Base suffix |
dc=siroe,dc=com |
|
Super User |
cn=Directory Manager |
|
Super User password |
admin123 |
|
Administrative User |
admin |
|
Administrative User Password |
admin123 |
|
Instance Directory |
/var/opt/mps/serverroot/slapd-DirectoryServer-4SP |
|
Federation Manager Configuration Instance |
Stores Federation Manager configuration data. |
|
Instance name |
fm-config |
|
Port Number |
1389 |
|
Service URL |
http://DirectoryServer–4SP.siroe.com:1389 |
|
Base Suffix |
o=siroe.com |
|
Replication Manager |
cn=replication manager,cn=replication,cn=config |
|
Replication Manager Password |
11111111 |
|
Instance Directory |
/var/opt/mps/serverroot/slapd-fm-config |
|
User Data Store |
Stores Federation Manager user data. In this deployment example, the user data store is located on the same computer system as the Federation Manager configuration data store. The user data store could also be installed on a different computer system. |
|
Instance Name |
fm-users |
|
Port Number |
1489 |
|
Service URL |
http://DirectoryServer-4 SP.siroe.com:1489 |
|
Base Suffix |
dc=siroe, dc=com |
|
Users Suffix |
o=siroeusers |
|
Replication Manager |
cn=replication manager, cn=replication,cn=config |
|
Replication Manager Password |
11111111 |
|
Instance Directory |
/var/opt/mps/serverroot/slapd-fm-users |
Table A–3 User Data Store Accounts
UserID |
Description | |
---|---|---|
spuser |
Used for testing Federation Manager login. |
|
Password |
spuser |
|
DN |
uid=spuser,o=siroeusers,dc=siroe,dc=com |
|
idpuser |
Used for testing single sign-on configuration and Web Policy Agents configuration. |
|
Password |
idpuser |
|
DN |
uid=idpuser,o=siroeusers,dc=siroe,dc=com |
|
testuser1 |
Used to verify fm-users data store configuration. |
|
Password |
11111111 |
|
DN |
uid=testuser1,o=siroeusers,dc=siroe,dc=com |
|
idp |
Used to verify that the configuration of Application Server sample application with J2EE Policy Agents. |
|
Password |
idp |
|
DN |
uid=idp,o=siroeusers,dc=siroe,dc=com |
Component |
Description | |
---|---|---|
Host |
Computer system that hosts the Federation Manager 1 server. |
|
Host Name |
FederationManager-1.siroe.com |
|
Web Server Administration |
Manages the entire Web Server an all its instances. |
|
Instance name |
admserv |
|
Port Number |
8888 |
|
Service URL |
http://FederationManager–1.siroe.com:8888 |
|
Administrative User |
admin |
|
Administrative User Password |
11111111 |
|
Instance Directory |
/opt/SUNWwbsvr/https-admserv |
|
Federation Manager Web Server |
Contains the Federation Manager applications. |
|
Instance name |
FedeartionManager-1.siroe.com |
|
Port Number |
8080 |
|
Service URL |
http://FederationManager-1.siroe.com:1080 |
|
Administrative User |
amadmin |
|
Administrative User Password |
11111111 |
|
Instance Directory |
/opt/SUNWwbsvr/https-FederationManager-1.siroe.com |
Table B–2 Federation Manager 2 Configuration
Component |
Description | |
---|---|---|
Host |
Computer system that hosts the Federation Manager 2 server. |
|
Host Name |
FederationManager-2.siroe.com |
|
Web Server Administration |
Manages the entire Web Server an all its instances. |
|
Instance name |
admserv |
|
Port Number |
8888 |
|
Service URL |
http://FederationManager–2.siroe.com:8888 |
|
Administrative User |
admin |
|
Administrative User Password |
11111111 |
|
Instance Directory |
/opt/SUNWwbsvr/https-admserv |
|
Federation Manager Web Server |
Contains the Federation Manager applications. |
|
Instance name |
FedeartionManager-2.siroe.com |
|
Port Number |
8080 |
|
Service URL |
http://FederationManager-2.siroe.com:1080 |
|
Administrative User |
amadmin |
|
Administrative User Password |
11111111 |
|
Instance Directory |
/opt/SUNWwbsvr/https-FederationManager-2.siroe.com |
Component |
Description | |
---|---|---|
Host |
Computer system that hosts Application Server 3 |
|
Host Name |
ProtectedResource-3.siroe.com |
|
Application Server Administration |
Manages the entire Application Server and all its instances |
|
Instance Name |
AdminServer |
|
Port Number |
8080 |
|
Administrative User |
admin |
|
Administrative User Password |
11111111 |
|
Instance Directory |
/opt/SUNWappserver/ProtectedResource-3 |
|
Application Server |
Stores configuration information for this Application Server instance. |
|
Instance Name |
ProtectedResource-3 |
|
Instance Directory |
/opt/SUNWappserver/ProtectedResource-3 |
|
J2EE Policy Agent Instance |
Server instance which contains the Application Server and J2EE policy agent. |
|
Instance Name |
ProtectedResource-3 |
|
Port Number |
8080 |
|
Instance Directory |
/export/j2ee_agents/am_as81_agent/agent_001 |
|
J2EE Policy Agent Profile | ||
Administrative User |
asagent |
|
Administrative User Password |
This encrypted password is generated using ampassword. |
Table C–2 Protected Resource 4 Application Server and J2EE Policy Agent 4 Configurations
Component |
Description | |
---|---|---|
Host |
Computer system that hosts Application Server 4 |
|
Host Name |
ProtectedResource-4.siroe.com |
|
Application Server Administration |
Manages the entire Application Server and all its instances |
|
Instance Name |
AdminServer |
|
Port Number |
8080 |
|
Administrative User |
admin |
|
Administrative User Password |
11111111 |
|
Instance Directory |
/opt/SUNWappserver/ProtectedResource-4 |
|
Application Server |
Stores configuration information for this Application Server instance. |
|
Instance Name |
ProtectedResource-4 |
|
Instance Directory |
/opt/SUNWappserver/ProtectedResource-4 |
|
J2EE Policy Agent Instance |
Server instance which contains the Application Server and J2EE policy agent. |
|
Instance Name |
ProtectedResource-4 |
|
Port Number |
8080 |
|
Instance Directory |
/export/j2ee_agents/am_as81_agent/agent_001 |
|
J2EE Policy Agent Profile | ||
Administrative User |
asagent |
|
Administrative User Password |
This encrypted password is generated using ampassword. |
Component |
Description | |
---|---|---|
Host |
Computer system that hosts Web Server 3 |
|
Host Name |
ProtectedResource-3.siroe.com |
|
Web Server Administration |
Manages the entire Web Server and all its instances. |
|
Instance Name |
admserv |
|
Port Number |
8888 |
|
Administrative User |
admin |
|
Administrative User Password |
web4dmin |
|
Instance Directory |
/opt/SUNWwbsvr/https-admserv |
|
Web Policy Agent Instance |
Server instance that contains the web server and web policy agent. |
|
Instance Name |
ProtectedResource-3.siroe.com |
|
Port Number |
2080 |
|
Instance Directory |
/opt/SUNWwbsvr/https-ProtectedResource-3.siroe.com |
|
Web Agent Profile | ||
Administrative User |
webagent |
|
Administrative User Password |
web4gent |
Table D–2 Protected Resource 4 Web Server and Web Policy Agent 4 Configurations
Component |
Description | |
---|---|---|
Host |
Computer system that hosts Web Server 4 |
|
Host Name |
ProtectedResource-4.siroe.com |
|
Web Server Administration |
Manages the entire Web Server and all its instances. |
|
Instance Name |
admserv |
|
Port Number |
8888 |
|
Administrative User |
admin |
|
Administrative User Password |
web4dmin |
|
Instance Directory |
/opt/SUNWwbsvr/https-admserv |
|
Web Policy Agent Instance |
Server instance that contains the web server and web policy agent. |
|
Instance Name |
ProtectedResource-4.siroe.com |
|
Port Number |
2080 |
|
Instance Directory |
/opt/SUNWwbsvr/https-ProtectedResource-4.siroe.com |
|
Web Agent Profile | ||
Administrative User |
webagent |
|
Administrative User Password |
web4gent |
Component |
Description | |
---|---|---|
Host |
Computer system that hosts all virtual servers in this deployment example. |
|
Host Name |
is-f5.siroe.com |
|
Load Balancer 1 Load Balancer 2 |
These load balancers are not discussed in this manual. See 1.2 System Architecture and 1.2 System Architecture for more information. |
|
Load Balancer 3 Access Manager Servers |
Virtual Service Address for the Access Manager Web Server instances. SSL is terminated at this at this load balancer before the request is forwarded to the Access Manager Servers. This load-balancer is the single point-of-failure for Access Manager and can be considered a limitation of this deployment example. Configured for cookie and IP— based stickiness and TCP (HTTP and LDAP) load balancing. External users access port 9443, while internal users will access port 90. |
|
Instance Name |
LoadBalancer-3 |
|
Port Number |
90 and 9443 |
|
Pool Name |
AccessManager-Pool |
|
Virtual Server and Port Number |
LoadBalancer-3.example.com:90 |
|
Monitor |
HTTP |
|
Load Balancer 4 Load Balancer 5 Load Balancer 6 |
These load balancers are not discussed in this manual. See 1.2 System Architecture and 1.2 System Architecture for more information. |
|
Load Balancer 7 Federation Manager Configuration Stores |
Virtual Service Address for the Federation Manager configuration store. Configured for cookie and IP-based stickiness and TCP (HTTP and LDAP) load balancing. |
|
Instance Name |
LoadBalancer-7 |
|
Port Number |
389 |
|
Pool Name |
federation_ds_pool |
|
Virtual Server and Port Number |
LoadBalancer-7.siroe.com:389 |
|
Monitor |
LDAP-tcp |
|
Load Balancer 8 Federation Manager User Data Stores |
Virtual Service Address for the Federation Manager User Data store. Configured for cookie and IP-based stickiness and TCP (HTTP and LDAP) load balancing. |
|
Instance Name |
LoadBalancer-8 |
|
Port Number |
1389 |
|
Pool Name |
DirectoryServer-UserData-Pool |
|
Virtual Server and Port Number |
LoadBalancer-8.siroe.com:1389 |
|
Monitor |
LDAP-tcp |
|
Load Balancer 9 Federation Manager Web Servers |
Virtual Service Address for the Federation Manager Web Server instances. SSL is terminated at this load balancer before the request is forwarded to the Access Manager servers. Configured for cookie and IP-based stickiness and TCP (HTTP and LDAP) load balancing. External users will access port 3443, while non-SSL port 1080 is used for proxying. |
|
Instance Name |
LoadBalancer-9 |
|
Port Number |
1080 |
|
Pool Name |
fm_server_pool |
|
Virtual Server and Port Number |
LoadBalancer-9.siroe.com:1080 |
|
Monitor |
HTTP |
|
Load Balancer 10 J2EE Policy Agents |
Virtual Service Address for J2EE Policy Agents SSL is terminated at this load balancer before the request is forwarded to J2EE Policy Agents. Configured for cookie and IP-based stickiness and TCP (HTTP and LDAP) load balancing. |
|
Instance Name |
LoadBalancer-10 |
|
Port Number |
4080 |
|
Pool Name |
federation_j2ee_agents |
|
Virtual Server and Port Number |
LoadBalancer-10.siroe.com:1080 LoadBalancer-10.siroe.com:2443 |
|
Monitor |
HTTP |
|
Load Balancer 11 Web Policy Agents |
Virtual Service Address for Web Policy Agents. SSL is terminated at this load balancer before the request is forwarded to Web Policy Agents. Configured for cookie and IP— based stickiness and TCP (HTTP and LDAP) load balancing. |
|
Instance Name |
LoadBalancer-11 |
|
Port Number |
5080 |
|
Pool Name |
federation_web_agents |
|
Virtual Server and Port Number |
LoadBalancer-11.siroe.com:2080 LoadBalancer-11.siroe.com:5443 |
|
Monitor |
HTTP |
Keystore |
Description | |
---|---|---|
Identity Provider Keystore |
/etc/opt/SUNWam/config/amkeystore |
|
Keystore Password |
passwordam |
|
Key Password |
keypasswordam |
|
Key Algorithm |
RSA |
|
Strength |
1024 |
|
Service Provider Keystore |
/etc/opt/SUNWam/config/fmkeystore |
|
Keystore Password |
password |
|
Key Password |
keypassword |
|
Key Algorithm |
RSA |
|
Strength |
1024 |
Table F–2 Certificate Chains
Root CA |
Server |
Certificate Type |
Certificate ID |
---|---|---|---|
OpenSSL |
Self |
Root CA |
OpenSSL_CA_Cert |
OpenSSL |
LoadBalancer-9.siroe.com |
Server SSL |
LoadBalancer-9.siroe.com_OpenSSL |
OpenSSL |
LoadBalancer-10.siroe.com |
Server SSL |
LoadBalancer-10.siroe.com_OpenSSL |
OpenSSL |
LoadBalancer-11.siroe.com |
Server SSL |
LoadBalancer-11.siroe.com_OpenSSL |