Install 

1 = Full Access Manager installation for a new instance (default) 

2 = Install Access Manager console only 

3 = Install Access Manager SDK only 

4 = Install SDK only and configure the container 

5 = Install Federation Management module only 

6 = Install server only 

7 = Install Access Manager and configure the container for deploying with Portal Server 

Caution DEPLOY_MODE=7 is intended only for deploying Access Manager with Portal Server.

8 = Configure or redeploy Distributed Authentication UI server only 

9 = Configure or redeploy Access Manager client SDK only 

10 = Generate an Access Manager WAR file  

For some deployments, you might want to install the console only and server only on a single host server using different web containers. First, run the Java ES installer to install all Access Manager subcomponents using the Configure Later option. Then, run the amconfig script to configure both the console and server instances.

Uninstall (unconfigure) 

11 = Full uninstall 

12 = Uninstall console only 

13 = Uninstall SDK only 

14 = Uninstall SDK only and unconfigure the container 

15 = Uninstall Federation Management module 

16 = Uninstall server only 

17 = Uninstall Access Manager and unconfigure the container when deployed with Portal Server. 

Caution DEPLOY_MODE=17 is intended only when Access Manager is deployed with Portal Server.

18 = Uninstall Distributed Authentication UI server only 

19 = Uninstall Access Manager client SDK only 

Re-install 

(also referred to as re-deploy or re-configure) 

21 = Redeploy all (console, password, services, and common) web applications. 

26 = Undeploy all (console, password, services, and common) web applications. 

AM_REALM

Indicates the Access Manager mode: 

• enabled: Access Manager operates in Realm Mode, with Access Manager 7.1 features and console.

• disabled: Access Manager operates in Legacy Mode, with Access Manager 6 2005Q1 features and console.

  In Legacy Mode, Access Manager has Access Manager 6 2005Q1 features, in addition to Access Manager 7.1 and console.

You will be directed to Access Manager mode, depending on the deployment descriptor you use: 

• Realm Mode: http://host:port/amserver

• Legacy Mode: http://host:port/amconsole

Default: enabled

Access Manager Realm Mode is enabled by default. If you are deploying Access Manager with Messaging Server, Calendar Server, Delegated Administrator, or Instant Messaging, you must select Legacy Mode (AM_REALM=disabled) before you run the amconfig script.

BASEDIR

Base installation directory for Access Manager packages. 

Default: PLATFORM_DEFAULT

On Solaris systems, PLATFORM_DEFAULT is /opt

On Linux systems, PLATFORM_DEFAULT is /opt/sun

On HP—UX systems, PLATFORM_DEFAULT is /opt/sun

On Windows systems, the base installation directory is the Java ES installation directory. The default value is C:\Program Files\Sun\JavaES5.

SERVER_NAME

Name of local host where the Access Manager server (/amserver) has been or will be deployed.

SERVER_HOST

Fully qualified host name of the system where Access Manager is running (or will be installed). 

For a remote SDK installation, set this variable to the host where Access Manager is (or will be) installed and not the remote client host. 

This variable should match the counterpart variable in the web container configuration. For example, for Application Server 8, this variable should match AS81_HOST.

SERVER_PORT

Access Manager port number. Default: 58080 

For a remote SDK installation, set this variable to the port on the host where Access Manager is (or will be) installed and not the remote client host. 

This variable should match the counterpart variable in the web container configuration. For example, for Application Server 8, this variable should match AS81_PORT.

ADMIN_PORT

Port on which the administration instance will listen for connections. Default values are: 

• Web Server 7: 8989

• Application Server: 4849

• BEA WebLogic Server: 7001

• IBM WebSphere Application Server: 9080

SERVER_PROTOCOL

Server protocol: http or https. Default: http

For a remote SDK installation, set this variable to the protocol on the host where Access Manager is (or will be) installed and not the remote client host. 

This variable should match the counterpart variable in the web container configuration. For example, for Application Server 8, this variable should match AS81_PROTOCOL.

CONSOLE_HOST

Fully qualified host name of the server where the console is installed. 

Default: Value provided for the Access Manager host 

CONSOLE_PORT

Port of the web container where the console is installed and listens for connections. 

Default: Value provided for the Access Manager port  

CONSOLE_PROTOCOL

Protocol of the web container where the console is installed. 

Default: Same as the server protocol  

CONSOLE_REMOTE

Set to true if the console is remote from the Access Manager services. Otherwise, set to false. Default: false 

DS_HOST

Fully qualified host name of Directory Server. 

DS_PORT

Directory Server port. Default: 389. 

DS_DIRMGRDN

Directory manager DN: the user who has unrestricted access to Directory Server. 

Default: "cn=Directory Manager"

DS_DIRMGRPASSWD

Password for the directory manager 

See the note about special characters in the description of Access Manager Configuration Variables.

ROOT_SUFFIX

Initial or root suffix of the directory user management node. You must make sure that this value exists in the Directory Server you are using. 

See the note about special characters in the description of Access Manager Configuration Variables.

SM_CONFIG_BASEDN

Initial or root suffix of the Access Manager information tree (service management node). By default, the value of SM_CONFIG_BASEDN is the same as the ROOT_SUFFIX variable.

On Windows system, set to blank if the value is same as the ROOT_SUFFIX variable.

ADMINPASSWD

ADMIN_PASSWORD

(Windows systems only) 

Password for the Access Manager administrator (amadmin). Must be different from the password for amldapuser.

Note: If the password contains special characters such as a slash (/) or backslash (\\), the special character must be enclosed by single quotes (”). For example:

ADMINPASSWD=’\\\\\\\\\\####///’

However, the password cannot have a single quote as one of the actual password characters. 

AMLDAPUSERPASSWD

Password for amldapuser. Must be different from the password for amadmin.

See the note about special characters in the description of Access Manager Configuration Variables.

CONSOLE_DEPLOY_URI

URI prefix for accessing the HTML pages, classes and JAR files associated with the Access Manager Administration Console subcomponent. 

Default: /amconsole

SERVER_DEPLOY_URI

URI prefix for accessing the HTML pages, classes, and JAR files associated with the Identity Management and Policy Services Core subcomponent. 

Default: /amserver

PASSWORD_DEPLOY_URI

URI that determines the mapping that the web container running Access Manager will use between a string you specify and a corresponding deployed application. 

Default: /ampassword

COMMON_DEPLOY_URI

URI prefix for accessing the common domain services on the web container. 

Default: /amcommon

DISTAUTH_DEPLOY_URI

URI prefix for accessing content associated with the Distributed Authentication web application. 

CLIENT_DEPLOY_URI

URI prefix for accessing content associated with the Client SDK. 

COOKIE_DOMAIN

Names of the trusted DNS domains that Access Manager returns to a browser when it grants a session ID to a user. At least one value should be present. In general, the format is the server’s domain name preceded with a period. 

Example: .example.com

JAVA_HOME

Path to the JDK installation directory. Default: /usr/jdk/entsys-j2se. This variable provides the JDK used by the command line interface’s (such as amadmin) executables. The version must be 1.4.2 or later.

AM_ENC_PWD

Password encryption key: String that Access Manager uses to encrypt user passwords. Default: none. When the value is set to none, amconfig will generate a password encryption key for the user, so a password encryption will exist for the installation that is either specified by the user or created through amconfig.

Important: If you are deploying multiple instances of Access Manager or the remote SDK, all instances must use the same password encryption key. When you deploy an additional instance, copy the value from the am.encryption.pwd property in the AMConfig.properties file of the first instance.

PLATFORM_LOCALE

Locale of the platform. Default: en_US (US English)

NEW_OWNER

New owner for the Access Manager files after installation. Default: root

NEW_GROUP

New group for the Access Manager files after installation. Default: other

For a Linux installation, set NEW_GROUP to root.

PAM_SERVICE_NAME

Name of the PAM service from the PAM configuration or stack that comes with the operating system and is used for the Unix authentication module (normally other for Solaris or password for Linux). Default: other.

XML_ENCODING

XML encoding. Default: ISO-8859-1

NEW_INSTANCE

Specifies whether the configuration script should deploy Access Manager to a new user-created web container instance: 

• true = To deploy Access Manager to a new user-created web container instance other than an instance that already exists.

• false = To configure the first instance or re-configure an instance.

  Default: false

  Application Server Consideration: If you are deploying Access Manager with Application Server as the web container, use the Domain Administration Server (DAS) as the web container for testing purposes only. In a production environment, create a new Application Server instance to use as the Access Manager web container and set NEW_INSTANCE=true.

SSL_PASSWORD

Is not used in this release. 

WS

Sun Java System Web Server 7

WS6

Sun Java System Web Server 6.1 SP5

AS8 (default)

Sun Java System Application Server 8.1

WL8

BEA WebLogic Server 8.1

WAS5

IBM WebSphere Application Server 5.1

WS_INSTANCE

Name of the Web Server instance on which Access Manager will be configured or deployed. The value should correspond to a directory beneath the WS_HOME value. Default:

Solaris systems: /var/opt/SUNWwbsvr7/https-$SERVER_HOST

Linux systems: /var/opt/sun/webserver7/https-$SERVER_HOST

HP-UX systems: https-$SERVER_HOST

Windows systems: https-hostname

WS_HOME

Web Server instance directory. Defaults:  

Solaris systems: /var/opt/SUNWwbsvr7

Linux systems: /var/opt/sun/webserver7/$WS_INSTANCE

HP-UX systems: /var/opt/sun/webserver7

Windows systems: javaes-install-dir/webserver7

javaes-install-dir represents the Java ES 5 installation directory. The default value is C:\Program Files\Sun\JavaES5.

WS_PROTOCOL

Protocol (http or https) used by the Web Server instance. Default: SERVER_PROTOCOL variable

WS_HOST

Fully qualified domain name on which the Web Server instance is listening for connections. Default: SERVER_HOST variable

If you are configuring a Distributed Authentication UI server, set WS_HOST to the same value as the DISTAUTH_HOST variable.

WS_PORT

Port on which WS_INSTANCE will listen for connections. Default: 80 (SERVER_PORT variable)

WS_ADMINPORT

Port on which the Web Server administration instance will listen for SSL connections. Default: 8989 (ADMIN_PORT variable)

WS_ADMIN

User ID of the Web Server administrator. Default: "admin"

WS_ADMINPASSWD

Password for the Web Server administrator. Default: Same value as the amadmin password (ADMINPASSWDS variable)

WS61_INSTANCE

Name of the Web Server instance on which Access Manager will be deployed or un-deployed. 

Default: https-web-server-instance-name

where web-server-instance-name is the Access Manager host (Access Manager Configuration Variables variable)

WS61_HOME

Web Server base installation directory. Default: 

Solaris systems: /opt/SUNWwbsvr

HP-UX systems: /opt/sun/webserver

Windows systems: javaes-install-dir/webserver

javaes-install-dir represents the Java ES 5 installation directory. The default value is C:\Program Files\Sun\JavaES5.

WS61_PROTOCOL

Protocol used by the Web Server instance set by the Sun Java System Web Server 6.1 SP5 variable where Access Manager will be deployed: http or https.

Default: Access Manager protocol (Access Manager Configuration Variables variable)

WS61_HOST

Fully qualified host name for the Web Server instance ( Sun Java System Web Server 6.1 SP5 variable).

Default: Access Manager host instance (Access Manager Configuration Variables variable)

WS61_PORT

Port on which Web Server listens for connections. 

Default: Access Manager port number (Access Manager Configuration Variables variable)

WS61_ADMINPORT

Port on which the Web Server Administration Server listens for connections. 

Default: 8888 

WS61_ADMIN

User ID of the Web Server administrator. 

Default: "admin"

AS81_HOME

Path to the directory where Application Server 8.1 is installed. 

Default: 

Solaris systems: /opt/SUNWappserver/appserver

HP-UX systems: /opt/sun/appserver

Windows systems: javaes-install-dir/appserver

javaes-install-dir represents the Java ES 5 installation directory. The default value is C:\Program Files\Sun\JavaES5.

AS81_PROTOCOL

Protocol used by the Application Server instance: http or https. 

Default: Access Manager protocol (Access Manager Configuration Variables variable)

AS81_HOST

Fully qualified domain name (FQDN) on which the Application Server instance listens for connections. 

Default: Access Manager host (Access Manager Configuration Variables variable)

AS81_PORT

Port on which Application Server instance listens for connections. 

Default: Access Manager port number (Access Manager Configuration Variables variable)

AS81_ADMINPORT

Port on which the Application Server administration server listens for connections. 

Default: 4849 

AS81_ADMIN

Name of the user who administers the Application Server administration server for the domain into which Application Server is being displayed. 

Default: admin

AS81_ADMINPASSWD

Password for the Application Server administrator for the domain into which Application Server is being displayed. 

See the note about special characters in the description of Access Manager Configuration Variables.

AS81_INSTANCE

Name of the Application Server instance that will run Access Manager. 

Default: server

AS81_DOMAIN

Path to the Application Server directory for the domain to which you want to deploy this Access Manager instance. 

Default: domain1

AS81_INSTANCE_DIR

Path to the directory where Application Server stores files for the instance. Default: 

Solaris systems: /var/opt/SUNWappserver/domains/domain1

HP-UX systems: /var/opt/sun/appserver/domains/domain1

Windows systems: javaes-install-dir/appserver/domains/domain1

javaes-install-dir represents the Java ES 5 installation directory. The default value is C:\Program Files\Sun\JavaES5.

AS81_DOCS_DIR

Directory where Application Server stores content documents. Default: 

Solaris systems: /var/opt/SUNWappserver/domains/domain1/docroot

HP-UX systems: /var/opt/sun/appserver/domains/domain1/docroot

Windows systems: javaes-install-dir/appserver/domains/domain1/docroot

javaes-install-dir represents the Java ES 5 installation directory. The default value is C:\Program Files\Sun\JavaES5.

AS81_ADMIN_IS_SECURE

Specifies whether the Application Server administration instance is using SSL: 

• true: Secure port is enabled (HTTPS protocol).

• false: Secure port is not enabled (HTTP protocol).

  Default: true (enabled)

  In ampsamplesilent, there is an additional setting that specified whether the application server administration port is secure:

• true: The application server administration port is secure (HTTPS protocol).

• false: The application server administration port is not secure (HTTP protocol).

  Default: True (enabled).

WL8_HOME

WebLogic home directory. Default: 

Solaris systems: /usr/local/bea

Windows systems: weblogic-install-dir For example: C:/bea

WL8_PROJECT_DIR

WebLogic project directory. Default: user_projects

WL8_DOMAIN

WebLogic domain name. Default: mydomain

WL8_CONFIG_LOCATION

Parent directory of the location of the WebLogic start script. 

WL8_SERVER

WebLogic server name. Default: myserver

Note: For a WebLogic managed server deployment, set WL8_SERVER to the name of the managed instance within the domain, and set SERVER_PORT=7001, to point to the WebLogic Admin Server port.

WL8_INSTANCE

WebLogic instance name. Default:  

Solaris systems: /usr/local/bea/weblogic81 ($WL8_HOME/weblogic81)

Windows systems: weblogic-install-dir/weblogic81

WL8_PROTOCOL

WebLogic protocol. Default: http

WL8_HOST

WebLogic host name. Default: Host name of the server 

WL8_PORT

WebLogic port. Default: 7001 

WL8_SSLPORT

WebLogic SSL port. Default: 7002 

WL8_ADMIN

WebLogic administrator. Default: "weblogic"

WL8_PASSWORD

WebLogic administrator password. 

See the note about special characters in the description of Access Manager Configuration Variables.

WL8_JDK_HOME

WebLogic JDK home directory. Default: BEA WebLogic Server 8.1 /jdk142_04

WAS51_HOME

WebSphere home directory. Default:  

Solaris systems: /opt/WebSphere/AppServer

Windows systems: websphere-install-dir/WebSphere/AppServer

For example: C:/WebSphere/AppServer

WAS51_JDK_HOME

WebSphere JDK home directory. Default:  

Solaris systems: /opt/WebSphere/AppServer/java

Windows systems: websphere-install-dir/WebSphere/AppServer/java

WAS51_CELL

WebSphere cell. Default: host-name value 

WAS51_NODE

WebSphere node name. Default: host name of the server where WebSphere is installed. Default: hostname value 

WAS51_INSTANCE

WebSphere instance name. Default: server1

WAS51_PROTOCOL

WebSphere protocol. Default: http

WAS51_HOST

WebSphere host name. Default: Hostname of the server 

WAS51_PORT

WebSphere port. Default: 9080 

WAS51_SSLPORT

WebSphere SSL port. Default: 9081 

WAS51_ADMIN

WebSphere administrator. Default: "admin"

WAS51_ADMINPORT

WebSphere administrator port. Default: 9090 

DIRECTORY_MODE

Directory Server modes: 

1 = Use for a new installation of a Directory Information Tree (DIT). 

2 = Use for an existing DIT for multiple Access Manager instances on either the same host server or on multiple host servers. The naming attributes and object classes are the same, so the configuration scripts load the installExisting.ldif and umsExisting.xml files.

The configuration scripts also update the LDIF and properties files with the actual values entered during configuration (for example, BASE_DIR, SERVER_HOST, and ROOT_SUFFIX).

This update is also referred to as “tag swapping,” because the configuration scripts replace the placeholder tags in the files with the actual configuration values. 

3 = Use for an existing DIT when you want to do a manual load. The naming attributes and object classes are different, so the configuration scripts do not load the installExisting.ldif and umsExisting.xml files. The scripts perform tag swapping (described for mode 2).

You should inspect and modify (if needed) the LDIF files and then manually load the LDIF files and services. 

4 = Use for an existing multiple-server installation. The configuration scripts do not load the LDIF files and services, because the operation is against an existing Access Manager installation. The scripts perform tag swapping only (described for mode 2) and add a server entry in the platform list. 

5 = Use for an existing upgrade. The scripts perform tag swapping only (described for mode 2). 

Default: 1 

USER_NAMING_ATTR

User naming attribute: Unique identifier for the user or resource within its relative name space. Default: uid

To specify another value such as the user's email attribute (mail) or common name (cn), see Specifying a User Naming Attribute Other Than the User ID (uid).

ORG_NAMING_ATTR

Naming attribute of the user’s company or organization. Default: o

ORG_OBJECT_CLASS

Organization object class. Default: sunismanagedorganization

USER_OBJECT_CLASS

User object class. Default: inetorgperson

DEFAULT_ORGANIZATION

Default organization name. Default: none