Check if the Web Server runtime owner is root:other. That is, the runtime owner should be the same for Access Manager, Access Manager SDK, and Communications Express. It is preferred that the runtime owner be root:other.
If the runtime owner for Web Server is not root (but webservd), then do the following:
Check the Access Manager SDK by running the following command from the front-end AM SDK location (host).
cd /opt/SUNWam/bin
./amadmin -u amadmin -w password -m http://host:80
You should see output similar to the following:
Get Sessions: Server Name = http://host1.red.siroe.com:80 [Current Session] User Id: amAdmin Time Remain: 120 Max Session Time: 120 Idle Time: 0 Max Idle Time: 30 To invalidate sessions, enter the index numbers [CR without a number to exit]: Success 0: Successfully completed |
If Step 2 does not work as expected, then check that the Access Manager SDK classpath is correct in the Web Server on the Communications Express host (that is, the front end).
Make sure that /opt/SUNWam/lib/am_services.jar, /opt/SUNWam/lib/am_sdk.jar, and /opt/SUNWam/lib/am_sso_provider.jar are in the classpath suffix of the /opt/SUNWwbsvr/https-host.domainconfig/server.xml file.
Manually editing the server.xml file is generally not recommended. The correct way is to use the /opt/SUNWam/bin/amconfig command. See Problem: Web Server Exceptions.
Create a new state file similar to the following for the Access Manager SDK configuration.
Change to the directory that contains the amconfig input file template, amsamplesilent.
# cd /opt/SUNWam/bin
Copy the input template file to a new file.
# cp amsamplesilent amconfigcommx
Edit the amconfigcommx file to set the Access Manager SDK configuration parameters as follows (non-default values are shown in bold):
DEPLOY_LEVEL=4 SERVER_PROTOCOL=http #### (If you need secure access, change to https) SERVER_NAME=AM_SERVER_HOSTNAME #### (Access Manager hostname) SERVER_HOST=AM_SERVER_HOSTNAME_FQDN #### (Access Manager fully qualified domain name) SERVER_PORT=AM_SERVER_WEB_CONTAINER_PORT ADMIN_PORT=AM_SERVER_WEB_ADMIN_PORT DS_HOST=DS_HOSTNAME_FQDN #### (Directory Server fully qualified domain name) DS_DIRMGRPASSWD=DM_PASSWORD ROOT_SUFFIX=UG_SUFFIX ADMINPASSWD=AMADMIN_PASSWORD AMLDAPUSERPASSWD=AMLDAPUSERPASSWORD COOKIE_DOMAIN=.example.com #### (Modify to reflect default domain) AM_ENC_PWD="myQDWqCBhvI0bfp/BF/1b7+k/BiEpVcY" #### Get from AMConfig.properties file of fully installed Access Manager host NEW_OWNER=root NEW_GROUP=other WEB_CONTAINER=WS6 SSL_PASSWORD="ssl_password" #### (If SSL used) BASEDIR=/opt/SUNWam CONSOLE_HOST=$SERVER_HOST CONSOLE_PORT=$SERVER_PORT CONSOLE_PROTOCOL=$SERVER_PROTOCOL CONSOLE_REMOTE=true SERVER_DEPLOY_URI=/amserver if [ $DEPLOY_LEVEL -eq 2 -o $DEPLOY_LEVEL -eq 12 ]; then CONSOLE_DEPLOY_URI=$SERVER_DEPLOY_URI else CONSOLE_DEPLOY_URI=/amconsole fi PASSWORD_DEPLOY_URI=/ampassword COMMON_DEPLOY_URI=/amcommon DIRECTORY_MODE=4 #### DS_PORT=389 DS_DIRMGRDN="cn=Directory Manager" USER_NAMING_ATTR=uid ORG_NAMING_ATTR=o ORG_OBJECT_CLASS=sunismanagedorganization USER_OBJECT_CLASS=inetorgperson DEFAULT_ORGANIZATION= JAVA_HOME=/usr/jdk/entsys-j2se AM_REALM=disabled #### (For legacy use) PLATFORM_LOCALE=en_US XML_ENCODING=ISO-8859-1 NEW_INSTANCE=false ############### Required for Web Server ############################### WS61_INSTANCE=https-COMMS_EX_HOSTNAME_FQDN ####Modify to reflect front-end hostname WS61_HOME=/opt/SUNWwbsvr WS61_PROTOCOL=$SERVER_PROTOCOL WS61_HOST=COMMS_EX_HOST ####NOT $SERVER_HOST in an AM SDK remote AM Server configuration WS61_PORT=COMMS_EX_PORT ####NOT $SERVER_PORT in an AM SDK remote AM Server configuration WS61_ADMINPORT=$ADMIN_PORT WS61_ADMIN="admin" WS61_IS_SECURE=false DIRECTORY_MODE=4 DS_PORT=389 DS_DIRMGRDN="cn=Directory Manager" USER_NAMING_ATTR=uid ORG_NAMING_ATTR=o ORG_OBJECT_CLASS=sunismanagedorganization USER_OBJECT_CLASS=inetorgperson DEFAULT_ORGANIZATION= JAVA_HOME=/usr/jdk/entsys-j2se AM_REALM=disabled |
Make a backup copy of the /etc/opt/SUNWam/config/AMConfig.properties file. Check the content of the following lines in that file:
com.iplanet.am.directory.host=DS_SERVER_HOSTNAME_FQDN com.iplanet.am.server.host=AM_SERVER_HOSTNAME_FQDN com.iplanet.am.console.host=AM_SERVER_HOSTNAME_FQDN com.iplanet.am.profile.host=AM_SERVER_HOSTNAME_FQDN com.iplanet.am.naming.url=http://AM_SERVER_HOSTNAME_FQDN:WEBCONTAINER_PORT/amserver/namingservice com.iplanet.am.notification.url=http://COMMS_EX_HOSTNAME_FQDN:WEBCONTAINER_PORT/notificationservice |
Run the following command:
/opt/SUNWam/bin/amconfig -s Newly_Created_AMSAMPLESILENT
Make sure the default domain contains the Core and LDAP services, which you can find in the Access Manager console under the Services tab.
Make sure that the uwcauth.properties reads the complete dn for the variable uwcauth.identity.binddn as shown below:
!Bind DN of AdmAdmin uwcauth.identity.binddn=uid=amadmin,ou=people,o=usergroup |