Wednesday, June 16, 2010

3 easy Steps to deploy dist auth on AM 7.1

Step-1: Deploy amauthdistui.war that you get with installation or by building it.

Step-2: Copy AMConfig.properties to WEB-INF/classes of web-app directory. File is pasted below. Change it depending upon environment

Step-3: Copy amclientsdk.jar to WEB-INF/lib of web-app directory.

Restart container.

--- Working AMConfig.properties file from my setup ---

/* The following keys are used to configure the Debug service.
* Possible values for the key 'level' are: off | error | warning | message.
* The key 'directory' specifies the output directory where the debug files
* will be created.
* Trailing spaces are significant.
* Windows: Use forward slashes "/" separate directories, not backslash "\".
* Windows: Spaces in the file name are allowed for Windows.
*/
com.iplanet.services.debug.level=error
com.iplanet.services.debug.directory=/var/opt/SUNWam/distauth/debug

/*
* Naming URL
*/
com.iplanet.am.naming.url=http://avatar.red.iplanet.com:80/amserver/namingservice

/*
* Notification URL
*/
com.iplanet.am.notification.url=

/*
* Security Credentials to identify the client to AccessManager and
* used to get the configuration data from AccessManager.
* com.sun.identity.agents.app.username is the name to identitfy
* the application.
* It is recommended that you create an agent identity to identify
* each client in the Access Manager.
* Then, use the agent identity corresponding to the client.
* This would provide better security and provide a better audit trail.
* The default for com.sun.identity.agents.app.username in this file may be
* set as "anonymous" only for ease of use.
*
* com.iplanet.am.service.password is the password corresponding to
* com.sun.identity.agents.app.username.
* Please remember to change this password when you change the value for
* com.sun.identity.agents.app.username
*/
com.sun.identity.agents.app.username=distauth
com.iplanet.am.service.password=password

/*
* Property to set JCE as the default encryption classes
*/
com.iplanet.security.encryptor=com.iplanet.services.util.JCEEncryption

/*
* Cache update time (in minutes) for user management cache,
* if notification URL is not provided
*/
com.iplanet.am.sdk.remote.pollingTime=1

/*
* Cache update time (in minutes) for service configutation data,
* if notification URL is not provided
*/
com.sun.identity.sm.cacheTime=1

/*
* Server protocol, host and port
*/
com.iplanet.am.server.protocol=http
com.iplanet.am.server.host=avatar.red.iplanet.com
com.iplanet.am.server.port=80

/*
* Distributed Authentication Server protocol, host and port
*/
com.iplanet.distAuth.server.protocol=http
com.iplanet.distAuth.server.host=jackal.red.iplanet.com
com.iplanet.distAuth.server.port=7070

com.iplanet.am.cookie.name=iPlanetDirectoryPro
com.iplanet.am.cookie.secure=false
com.iplanet.am.cookie.encode=false

/*
* Distributed Authentication Server deploy URI
*/
com.iplanet.am.services.deploymentDescriptor=/amauthdistui
com.iplanet.am.version=7.1

/*
* Distributed Authentication deploy URI
*/
com.iplanet.am.distauth.deploymentDescriptor=/amauthdistui

/*
* List of comma separated trusted Distributed Authentication servers in cluster
*/
com.sun.identity.distauth.cluster=

/*
* Identify cert db directory path, prefix and password file
* to initialize JSS Socket Factory when Web Container is configured SSL
*/
com.iplanet.am.admin.cli.certdb.dir=CONTAINER_CERTDB_DIR
com.iplanet.am.admin.cli.certdb.prefix=CONTAINER_CERTDB_PREFIX
com.iplanet.am.admin.cli.certdb.passfile=CONFIG_DIR/.wtpass

/*
* Since the notification handler is not registered on Distributed
* authentication side, the following polling parameters need to be specified
* to enable the SessionPoller thread.
*/
com.iplanet.am.session.client.polling.enable=true
com.iplanet.am.session.client.polling.period=180

/*
* Load Balancer cookie name and value to be used when there are multiple
* Distributed authentication web application servers behind Load Balancer.
*/
#com.iplanet.am.lbcookie.name=DistAuthLBCookieName
#com.iplanet.am.lbcookie.value=DistAuthLBCookieValue

com.sun.identity.auth.cookieName=AMDistAuthCookie