Part III Reference: Summaries of Server and Component Configurations
This section contains component descriptions and configurations
for the software and hardware used in this deployment example.
Appendix A Directory Servers
This appendix collects the information regarding the Directory
Server instances. It contains the following tables:
Table A–1 DirectoryServer–1 Host
Machine Configuration
|
Components
|
Description
|
|
|
Host Name
|
DirectoryServer–1.example.com
|
|
Installation Directory
|
/var/opt/mps/serverroot/
|
|
Administrator User
|
cn=Directory Manager
|
|
Administrator Password
|
d1rm4n4ger
|
|
Access Manager Configuration Data Instance
|
Directory Server instance that stores Access Manager configuration data.
|
|
|
Instance Name
|
am-config
|
|
|
Instance Directory
|
/var/opt/mps/am-config
|
|
|
Port Number
|
1389
|
|
|
Base Suffix
|
dc=example,dc=com
|
|
|
Administrative User
|
cn=Directory Manager
|
|
|
Administrative User Password
|
d1rm4n4ger
|
|
|
Replication Manager
|
cn=replication manager,cn=replication,cn=config
|
|
|
Replication Manager Password
|
replm4n4ger
|
|
User Data Instance
|
Directory Server instance that stores user data.
Note –
In this deployment, user data is stored on the same host
machine as the Access Manager configuration data. User data can also
be stored on a different host machine.
|
|
|
Instance Name
|
am-users
|
|
|
Instance Directory
|
/var/opt/mps/am-users
|
|
|
Port Number
|
1489
|
|
|
Base Suffix
|
dc=company,dc=com
|
|
|
Users Suffix
|
ou=users,dc=company,dc=com
|
|
|
Administrative User
|
cn=Directory Manager
|
|
|
Administrative User Password
|
d1rm4n4ger
|
|
|
Replication Manager
|
cn=replication manager,cn=replication,cn=config
|
|
|
Replication Manager Password
|
replm4n4ger
|
Table A–2 DirectoryServer–2 Host
Machine Configuration
|
Component
|
Description
|
|
|
Host Name
|
DirectoryServer–2.example.com
|
|
Installation Directory
|
/var/opt/mps/serverroot/
|
|
Administrator User
|
cn=Directory Manager
|
|
Administrator Password
|
d1rm4n4ger
|
|
Access Manager Configuration Data Instance
|
Directory Server instance that stores Access Manager configuration data.
|
|
|
Instance Name
|
am-config
|
|
|
Instance Directory
|
/var/opt/mps/am-config
|
|
|
Port Number
|
1389
|
|
|
Base suffix
|
dc=example,dc=com
|
|
|
Administrative User
|
cn=Directory Manager
|
|
|
Administrative User Password
|
d1rm4n4ger
|
|
|
Replication Manager
|
cn=replication manager,cn=replication,cn=config
|
|
|
Replication Manager Password
|
replm4n4ger
|
|
User Data Instance
|
Directory Server instance that stores user data.
Note –
In this deployment, user data is stored on the same host
machine as the Access Manager configuration data. User data can also
be stored on a different host machine.
|
|
|
Instance Name
|
am-users
|
|
|
Instance Directory
|
/var/opt/mps/am-users
|
|
|
Port Number
|
1489
|
|
|
Base Suffix
|
dc=company,dc=com
|
|
|
Users Suffix
|
ou=users,dc=company,dc=com
|
|
|
Administrative User
|
cn=Directory Manager
|
|
|
Administrative User Password
|
d1rm4n4ger
|
|
|
Replication Manager
|
cn=replication manager,cn=replication,cn=config
|
|
|
Replication Manager Password
|
replm4n4ger
|
Table A–3 User Entries
|
UserID
|
Description
|
|
|
testuser1
|
Used to verify that the policy agents work properly.
|
|
|
Password
|
password
|
|
|
DN
|
uid=testuser1,ou=users,dc=company,dc=com
|
|
testuser2
|
Used to verify that the policy agents work properly.
|
|
|
Password
|
password
|
|
|
DN
|
uid=testuser2,ou=users,dc=company,dc=com
|
Appendix B Access Manager Servers
This appendix collects the information regarding the Access Manager servers.
It contains the following tables:
Table B–1 AccessManager–1 Host
Machine Configuration
|
Component
|
Description
|
|
|
Host Name
|
AccessManager-1.example.com
|
|
Non-Root User
|
am71adm
|
|
Non-Root User Password
|
am71a6m
|
|
Web Server Administration Server
|
Manages the Web Server application and all instances.
|
|
|
Instance Name
|
admin-server
|
|
|
Instance Directory
|
/opt/SUNWwbsvr/admin-server
|
|
|
SSL Port
|
8989
|
|
|
SSL Service URL
|
https://AccessManager–1.example.com:8989
|
|
|
Administrative User
|
admin
|
|
|
Administrative User Password
|
web4dmin
|
|
Web Server Instance
|
Contains the deployed Access Manager applications
|
|
|
Instance name
|
AccessManager-1.example.com
|
|
|
Instance Directory
|
/opt/SUNWwbsvr/https-AccessManager-1.example.com
|
|
|
Port
|
1080
|
|
|
Service URL
|
http://AccessManager-1.example.com:1080
|
|
|
Administrative User
|
amadmin
|
|
|
Administrative User Password
|
4m4dmin1
|
|
|
Deployment URI
|
amserver
|
Table B–2 AccessManager–2 Host
Machine Configuration
|
Component
|
Description
|
|
|
Host Name
|
AccessManager-2.example.com
|
|
Non-Root User
|
am71adm
|
|
Non-Root User Password
|
am71a6m
|
|
Web Server Administration Server
|
Manages the Web Server application and all instances.
|
|
|
Instance Name
|
admin-server
|
|
|
Instance Directory
|
/opt/SUNWwbsvr/admin-server
|
|
|
SSL Port
|
8989
|
|
|
SSL Service URL
|
https://AccessManager–2.example.com:8989
|
|
|
Administrative User
|
admin
|
|
|
Administrative User Password
|
web4dmin
|
|
Web Server Instance
|
Contains the Access Manager applications
|
|
|
Instance Name
|
AccessManager-2.example.com
|
|
|
Instance Directory
|
/opt/SUNWwbsvr/https-AccessManager-2.example.com
|
|
|
Port
|
1080
|
|
|
Service URL
|
http://AccessManager-2.example.com:1080
|
|
|
Administrative User
|
amadmin
|
|
|
Administrative User Password
|
4m4dmin1
|
|
|
Deployment URI
|
amserver
|
Appendix C Distributed Authentication User Interfaces
This appendix collects the information regarding the Distributed Authentication User Interfaces.
It contains the following tables:
Table C–1 AuthenticationUI–1
Host Machine Configuration
|
Component
|
Description
|
|
|
Host Name
|
AuthenticationUI-1.example.com
|
|
Non-Root User
|
da71adm
|
|
Non-Root User Password
|
6a714dm
|
|
Web Server Administration Server
|
Manages the Web Server application and all instances.
|
|
|
Instance Name
|
admin-server
|
|
|
Instance Directory
|
/opt/SUNWwbsvr/admin-server
|
|
|
SSL Port
|
8989
|
|
|
SSL Service URL
|
https://AuthenticationUI-1.example.com:8989
|
|
|
Agent Profile
|
admin
|
|
|
Agent Profile Password
|
web4dmin
|
|
Web Server Instance
|
Contains the Distributed Authentication User Interface module.
|
|
|
Instance Name
|
AuthenticationUI-1.example.com
|
|
|
Instance Directory
|
/opt/SUNWwbsvr/https-AuthenticationUI-1.example.com
|
|
|
Port
|
1080
|
|
|
Service URL
|
http://AuthenticationUI-1.example.com:1080
|
|
|
Application User
|
authuiadmin
|
|
|
Application User Password
|
4uthu14dmin
|
|
|
Deployment URI
|
distAuth
|
Table C–2 AuthenticationUI–2
Host Machine Configuration
|
Component
|
Description
|
|
|
Host Name
|
AuthenticationUI-2.example.com
|
|
Non-Root User
|
da71adm
|
|
Non-Root User Password
|
6a714dm
|
|
Web Server Administration
|
Manages the Web Server and all its instances.
|
|
|
Instance Name
|
admin-server
|
|
|
Instance Directory
|
/opt/SUNWwbsvr/admin-server
|
|
|
Port Number
|
8989
|
|
|
Service URL
|
https://AuthenticationUI-2.example.com:8989
|
|
|
Administrative User
|
admin
|
|
|
Administrative User Password
|
web4dmin
|
|
Web Server Instance
|
Contains the Distributed Authentication User Interface module.
|
|
|
Instance Name
|
AuthenticationUI-2.example.com
|
|
|
Instance Directory
|
/opt/SUNWwbsvr/https-AuthenticationUI-2.example.com
|
|
|
Port
|
1080
|
|
|
Service URL
|
http://AuthenticaitonUI-2.example.com:1080
|
|
|
Agent Profile
|
authuiadmin
|
|
|
Agent Profile Password
|
4uthu14dmin
|
|
|
Deployment URI
|
distAuth
|
Appendix D Protected Resources
This appendix collects the information regarding the Protected
Resource host machines. It contains the following tables:
Table D–1 Protected Resource
1 Web Server and Web Policy Agent Host Machine Configurations
|
Component
|
Description
|
|
|
Host Name
|
ProtectedResource-1.example.com
|
|
Web Server Administration Server
|
Manages the Web Server application and all instances.
|
|
|
Instance Name
|
admin-server
|
|
|
Instance Directory
|
/opt/SUNWwbsvr/admin-server
|
|
|
SSL Port
|
8989
|
|
|
SSL Service URL
|
https://ProtectedResource-1.example.com:8989
|
|
|
Administrative User
|
admin
|
|
|
Administrative User Password
|
web4dmin
|
|
Web Server Instance
|
Contains the web policy agent.
|
|
|
Instance Name
|
ProtectedResource-1.example.com
|
|
|
Instance Directory
|
/opt/SUNWwbsvr/https-ProtectedResource-1.example.com
|
|
|
Port
|
1080
|
|
|
Protected Resource URL
|
http://ProtectedResource–1.example.com:1080
|
|
|
Web Agent Profile
|
webagent-1
|
|
|
Web Agent Profile Password
|
web4gent1
|
Table D–2 Protected Resource
1 Application Server and J2EE Policy Agent Host Machine Configurations
|
Component
|
Description
|
|
|
Host Name
|
ProtectedResource-1.example.com
|
|
BEA WebLogic Application Server Home
|
/usr/local/bea/
|
|
BEA WebLogic Application Server Domain
|
/usr/local/bea/user_projects/domains/ProtectedResource-1
|
|
WebLogic Administration Server
|
Manages the domain and all managed servers
|
|
|
Server Name
|
AdminServer
|
|
|
Server Directory
|
/usr/local/bea/user_projects/domains/ProtectedResource-1/servers/AdminServer
|
|
|
Port
|
7001
|
|
|
Console URL
|
http://protectedresource–1.example.com:7001/console
|
|
|
Administrative User
|
weblogic
|
|
|
Administrative User Password
|
w3bl0g1c
|
|
WebLogic Managed Server
|
Contains configuration information for this managed server and
the J2EE Policy Agent.
|
|
|
Server Name
|
ApplicationServer-1
|
|
|
Server Directory
|
/usr/local/bea/user_projects/domains/ProtectedResource-1/servers/ApplicationServer-1
|
|
|
Port
|
1081
|
|
|
J2EE Policy Agent Profile
|
j2eeagent-1
|
|
|
J2EE Policy Agent Profile Password
|
j2ee4gent1
|
Table D–3 Protected Resource
2 Web Server and Web Policy Agent Host Machine Configurations
|
Component
|
Description
|
|
|
Host Name
|
ProtectedResource-2.example.com
|
|
Web Server Administration Server
|
Manages the Web Server application and all instances.
|
|
|
Instance Name
|
admin-server
|
|
|
Instance Directory
|
/opt/SUNWwbsvr/admin-server
|
|
|
SSL Port
|
8989
|
|
|
SSL Service URL
|
https://ProtectedResource-2.example.com:8989
|
|
|
Administrative User
|
admin
|
|
|
Administrative User Password
|
web4dmin
|
|
Web Server Instance
|
Contains the web policy agent.
|
|
|
Instance Name
|
ProtectedResource-2.example.com
|
|
|
Instance Directory
|
/opt/SUNWwbsvr/https-ProtectedResource-2.example.com
|
|
|
Port
|
1080
|
|
|
Protected Resource URL
|
http://ProtectedResource–2.example.com:1080
|
|
|
Web Agent Profile
|
webagent-2
|
|
|
Web Agent Profile Password
|
web4gent2
|
Table D–4 Protected Resource
2 Application Server and J2EE Policy Agent Host Machine Configurations
|
Component
|
Description
|
|
|
Host Name
|
ProtectedResource-2.example.com
|
|
BEA WebLogic Application Server Home
|
/usr/local/bea/
|
|
BEA WebLogic Application Server Domain
|
/usr/local/bea/user_projects/domains/ProtectedResource-2
|
|
WebLogic Administration Server
|
Manages the domain and all managed servers
|
|
|
Server Name
|
AdminServer
|
|
|
Server Directory
|
/usr/local/bea/user_projects/domains/ProtectedResource-2/servers/AdminServer
|
|
|
Port
|
7001
|
|
|
Console URL
|
http://protectedresource–2.example.com:7001/console
|
|
|
Administrative User
|
weblogic
|
|
|
Administrative User Password
|
w3bl0g1c
|
|
WebLogic Managed Server
|
Contains configuration information for this managed server and
the J2EE Policy Agent.
|
|
|
Server Name
|
ApplicationServer-2
|
|
|
Server Directory
|
/usr/local/bea/user_projects/domains/ProtectedResource-2/servers/ApplicationServer-2
|
|
|
Port
|
1081
|
|
|
J2EE Policy Agent Profile
|
j2eeagent-2
|
|
|
J2EE Policy Agent Profile Password
|
j2ee4gent2
|
Appendix E Load Balancers
This appendix collects the information regarding the load balancers.
It contains the following table:
The BIG-IP load balancer login page and configuration console
for all load balancers in this deployment example is accessed from
the URL, is-f5.example.com.
- Login
-
username
- Password
-
password
Table E–1 Load Balancer Configurations
|
Load Balancer
|
Description
|
|
|
Load Balancer 1
|
Distribution for the two Directory Server instances that contain
Access Manager configuration data instance.
|
|
|
Virtual Server
|
LoadBalancer-1.example.com
|
|
|
Port
|
389
|
|
|
Pool Name
|
DirectoryServer-ConfigData-Pool
|
|
|
Access URL
|
LoadBalancer-1.example.com:389
|
|
|
Monitor
|
ldap-tcp
|
|
Load Balancer 2
|
Distribution for the two Directory Server instances that contains
user data.
|
|
|
Virtual Server
|
LoadBalancer-2.example.com
|
|
|
Port
|
489
|
|
|
Pool Name
|
DirectoryServer-UserData-Pool
|
|
|
Access URL
|
LoadBalancer-2.example.com:489
|
|
|
Monitor
|
ldap-tcp
|
|
Load Balancer 3
|
Distribution for the two Web Server applications installed on
the Access Manager host machines.
Note –
SSL is terminated at this load balancer before the request
is forwarded to Access Manager. This load-balancer is the single point-of-failure
for Access Manager and can be considered a limitation of this deployment
example.
|
|
|
Virtual Server
|
LoadBalancer-3.example.com
|
|
|
Port (external access)
|
9443
|
|
|
Port (internal access)
|
7070
|
|
|
Pool Name
|
AccessManager-Pool
|
|
|
External Access URL
|
LoadBalancer-3.example.com:9443
|
|
|
Internal Access URL
|
LoadBalancer-3.example.com:7070
|
|
|
Monitor
|
AccessManager-http
|
|
Load Balancer 4
|
Distribution for the two Web Server applications installed on
the Distributed Authentication UI host machines.
Note –
SSL is terminated at this load balancer before the request
is forwarded to the Distributed Authentication User Interface.
|
|
|
Virtual Server
|
LoadBalancer-4.example.com
|
|
|
Port (external access)
|
9443
|
|
|
Port (internal access)
|
90
|
|
|
Pool Name
|
AuthenticationUI-Pool
|
|
|
External Access URL
|
LoadBalancer-4.example.com:9443
|
|
|
Internal Access URL
|
LoadBalancer-4.example.com:90
|
|
|
Monitor
|
HTTP
|
|
Load Balancer 5
|
Distribution for Web Policy Agents.
|
|
|
Virtual Server
|
LoadBalancer-5
|
|
|
Port
|
90
|
|
|
Pool Name
|
WebAgent-Pool
|
|
|
Access URL
|
LoadBalancer-5.example.com:90
|
|
|
Monitor
|
WebAgent-http
|
|
Load Balancer 6
|
Distribution for J2EE Policy Agents
|
|
|
Virtual Server
|
LoadBalancer-6
|
|
|
Port
|
91
|
|
|
Pool Name
|
J2EEAgent-Pool
|
|
|
Access URL
|
LoadBalancer-6.example.com:91
|
|
|
Monitor
|
tcp
|
Appendix F Message Queue Servers
Message Queue serves as a communications broker that enables
Access Manager to communicate data with the session store. This appendix
collects the information regarding the Message Queue servers. It contains
the following tables:
Table F–1 Message Queue 1 Host Machine
Configuration
|
Component
|
Description
|
|
|
Host Name
|
MessageQueue-1.example.com
|
|
Session Tools Scripts Directory
|
/export/AMSFO/amSessionTools/amserver
|
|
Message Queue Directory
|
/export/AMSFO/amSessionTools/jmq
|
|
Berkeley Database Directory
|
/export/AMSFO/amSessionTools/bdb
|
|
Instance Name
|
msgqbroker
|
|
Port Number
|
7777
|
|
Administrative User
|
msgquser
|
|
Administrative User Password
|
m5gqu5er
|
Table F–2 Message Queue 2 Host Machine
Configuration
|
Component
|
Description
|
|
|
Host Name
|
MessageQueue-2.example.com
|
|
Session Tools Scripts Directory
|
/export/AMSFO/amSessionTools/amserver
|
|
Message Queue Directory
|
/export/AMSFO/amSessionTools/jmq
|
|
Berkeley Database Directory
|
/export/AMSFO/amSessionTools/bdb
|
|
Instance Name
|
msgqbroker
|
|
Port Number
|
7777
|
|
Administrative User
|
msgquser
|
|
Administrative User Password
|
m5gqu5er
|
Appendix G Known Issues and Limitations
The issues in this appendix will be updated as more information
becomes available.
Table G–1 Known Issues and Limitations
|
Reference Number
|
Description
|
|
6462076
|
Single WAR Configurator fails against Directory Server
Access Manager, when deployed as a single WAR, will not configure
Directory Server 6 with a single component root suffix (as in dc=example) although it works as expected with multi-component root
suffixes (as in dc=example,dc=com).
Workaround: Use multi-component
root suffixes.
|
|
6472662
|
When SSL terminates at the Access Manager
load balancer, the console application changes protocol from HTTPS
to HTTP.
When you try to access the Access Manager load balancer with a URL such
as https://loadbalancer:port/amserver/console or https://loadbalancer:port/amserver/UI/Login, you cannot access the login page because the console
application changes the protocol from HTTPS to HTTP.
Workaround: Add <property
name="relativeRedirectAllowed" value="true"/> to the sun-web.xml file for the individual instances
of Access Manager and restart them.
 Caution – After applying the workaround, the only supported URL
is https://loadbalancer:port/amserver/UI/Login. It is highly recommended
that you access the Access Manager instances directly to perform any
administrative tasks rather than accessing them through a load balancer.
This workaround was tested on Sun Java Systems Web Server 7.
|
|
6476271
|
BEA servers do not start up when startup
script is not configured properly.
The BEA administration server and managed server instances will
not start up if the start up script is not configured properly. When
using J2EE Policy Agent 2.2 on BEA Application Server 9.2, you must
append the following to the end of the setDomainEnv.sh file:
-
. /usr/local/bea/user_projects/domains/ProtectedResource-1/bin/setAgentEnv_ApplicationServer-1.sh for Protected Resource 1.
-
. /usr/local/bea/user_projects/domains/ProtectedResource-2/bin/setAgentEnv_ApplicationServer-2.sh for Protected Resource 1.
The setDomainEnv.sh file contains the call
to commEnv.sh.
|
|
6477741
|
Exception is thrown when you run the
agentadmin utility..
The following exception is thrown when you run the agentadmin utility from the J2EE Policy Agent 2.2 server (BEA Appserver
9.2).
# ./agentadmin --getUuid amadmin user example
Failed to create debug directory
Failed to create debug directory
Failed to create debug directory
Failed to create debug directory
Failed to create debug directory
|
|
PDF로 이 문서 다운로드 (2163 KB)