Configure Dymamic Domain in Access Manager . . .

Similar Messages

• Do I have to configure realm policy in Access Manager for IDM SPML Request

  Hi all,
  I wanted to run a SPML request from my application to the IDM which is presently protected by an AM server. Somehow, I get the following error, while I run a search using SpmlClient:
  org.openspml.util.SpmlException: Unsupported response content type "text/html", must be: "text/xml".
  Do I have to set a policy in Sun Access manager for the realm? Guys, pls help.
  Thanks,
  Aneesh.

  > I believe as long as you have access to the above two you can turn the CA off if you want.
  Enterprise CAs are not intended to be offline. Therefore, you should not turn off them. If these root CAs issue certificates only to subordinate CAs, then you should consider to implement offline Standalone (not Enterprise) Root CAs.
  > I believe the location of the CRL is detailed in the CDP which is detailed on the Certs issued but a given CA, so the client can look in the Cert and see what it states about the CDP and thereby get the list of revoked certs.
  this is correct.
  > to place its CDP at a location other than the  default location in case it overwrites the existing CRL at the default location
  no, CDP locations should be defined in the post-installation script.
  > does the fully qualified X500 name of the CDP include the CA Name (and therefore be unique) and it will not over write the original
  yes, LDAP URL includes CA server's NetBIOS name to differentiate between CAs.
  My weblog: en-us.sysadmins.lv
  PowerShell PKI Module: pspki.codeplex.com
  PowerShell Cmdlet Help Editor pscmdlethelpeditor.codeplex.com
  Check out new: SSL Certificate Verifier
  Check out new:
  PowerShell FCIV tool.

• Error while configuring IWA in Oracle Access Manager

  This is the error that I get:
  "The credentials (REMOTE_USER=MyUser Resource=/edm/ RequesterIP=172.25.164.82 Operation=GET) used in the login do not correspond to a user profile in the Identity System."
  I definitely have this user in AD as well as Netscape DS. My OAM configuration points to Netscape Directory. While the IWA login happens successfully, the WebGate is not able to identify this user in Netscape. What could be the possible reasons for this error?
  Kindly let me know.
  Thanks,
  Prashant.

  Thanks Boland. That solved the problem. I was using samaccountname from AD, instead of uid from Netscape.
  -Prashant.

• How to Configure Landing pages in Access Manager

  On successful authentication, I need to redirect every user to to a specific page - Landing page. Which property I shoud set in AMagent.properties file to do that ?
  Thanks
  Abhijeet_tcs

  Hi,
  Were you successful in configuring a landing page in the Authentication Policies.
  I have similar requirement, but it doesnot work somehow the login page goto parameter seems to take preference.
  Any help is higly appreciated
  thanks

• Exporting Access Manager configuration

  Is there a way that one can import and export Access Manager configurations (i.e. realms, datastores, policy configs, etc) from an existing installed instance?
  We have a number of environments planned to host Access Manager for different project phases (e.g. test, staging, production). We want to configure one AM instance only, and then simply apply all configs in other environments in an easy manner. At the moment we have to manually enter all configuration details through the Access Manager web console; huge hassle!

  Hi,
  You need to user "amadmin" script for this to export xml configuration files ( amPolicyConfig.xml, amAuthDataStore.xml ).
  You can also try something "brute-force" like exporting configurations from LDAP server to ldif, modifying the necessary stuff ( server-names etc, platform id ) and then importing them to another environment with AM installed. I have done this for AM 7.1 before discovering the export tools, it works.
  Hope it helps,
  Andrei

• Plse...help me on the communicating between CLEAN ACCESS MANAGER and Switch 3560E-24Ps by snmp

  Dear All,
  I try to configure in both Clean Access Manager and Switch 3560E-24Ps on SNMP Version 2 protocol but I can't make it working together (For CAM and Switch 3560G-48Ps I can do that). Plse give me any suggestion to solve that problem. All configuration is as below:

  http://www.cisco.com/en/US/docs/security/nac/appliance/configuration_guide/412/cam/412_cam_book.html

• Access Manager 7.1 Session Failover

  Hello,
  I am trying to do a session failover with access Manager 7.1.
  My Infrastructure:
  OS: Solaris 10
  2 Solaris Servers dedicated to 4 LDAP instances (2 each)
  2 Solaris Servers dedicated to 2 LDAP Proxy servers configured to access 4 LDAP instances.
  2 Solaris Servers dedicated to 2 Sun Application Server 8.2 running 2 instances of Access Manager sharing the 4 LDAP instances through Proxy.
  2 Solaris Servers dedicated to 2 instances of JMS servers (1 on each) with Access Manager Session DB configured. JMS is running on cluster mode.
  1 Solaris server for Webserver 7.0 configured for Load Balancing (loadbalancer.xml).
  Configuration:
  2 instances of Access Manager on separate solaris boxes use the same LDAP instance(s).
  Access Manager is configured for session failover using amsfoconfig as documented.
  The Session failover instances where started as documented
  1.     Start session DB using amsfo script
  2.     Start the Access Manager instances (by Starting DAS)
  3.     Start Webserver
  My Problem:
  Session Failover does not work. The Amsession log throws
  ERROR: JMQSessionRepository.save(): failed to save Session
  java.lang.NullPointerException
  at com.iplanet.dpro.session.jmqdb.PersistSession.setString(PersistSession.java:310)
  at com.iplanet.dpro.session.jmqdb.JMQSessionRepository.save(JMQSessionRepository.java:357)
  at com.iplanet.dpro.session.service.SessionService.saveForFailover(SessionService.java:2812)
  AmSessionMonitor file continuously throws below error and fills up the disk (20 GB ) space quickly:
  04/24/2007 04:28:13:450 PM EDT: Thread[amSessionMonitor,5,main]
  WARNING: SessionMonitor runtime exception
  java.lang.NullPointerException
  at com.iplanet.dpro.session.service.SessionService.locateCurrentHostServer(SessionService.java:1762)
  at com.iplanet.dpro.session.service.SessionService.getCurrentHostServer(SessionService.java:1731)
  at com.iplanet.dpro.session.service.SessionMonitor.run(SessionMonitor.java:94)
  JMS queue Log:
  Sun Java(tm) System Message Queue 3.7
  Sun Microsystems, Inc.
  Version: 3.7 UR1 (Build 9-b)
  Compile: Sun Jun 18 22:11:21 PDT 2006
  Copyright (c) 2006 Sun Microsystems, Inc. All rights reserved.
  SUN PROPRIETARY/CONFIDENTIAL. Use is subject to license terms.
  This product includes code licensed from RSA Data Security.
  ================================================================================
  Java Runtime: 1.5.0_09 Sun Microsystems Inc. /usr/jdk/instances/jdk1.5.0/jre
  [18/Apr/2007:09:14:28 EDT] License: Sun Java(tm) System Message Queue 3.7 UR1 Enterprise Edition
  [18/Apr/2007:09:14:29 EDT] IMQ_HOME=/
  "log.txt" 725 lines, 61600 characters
  Magic/Version: 469754818/301 Size: 116 Type: ACKNOWLEDGE(24)
  Expiration: 0 Timestamp: 1177446120954
  Source IP: 172.31.120.44(c0:ca:66:ec:a9:d5) Port: 60437 Sequence: 32
  Property Offset: 76 Property Size: 0
  Encryption: 0 Priority: 5
  Flags: consumerID: 0
  TransactionID: 0
  MessageID: 32-172.31.120.44(c0:ca:66:ec:a9:d5)-60437-1177446120954
  Properties: null
  Message Body: 40 bytes [3052053123717449216:16-172.31.120.44(b1:6a:3:39:7d:6)-60434-1177446116385]
  Internal Buffers (useDirect=false):
  Fixed Header Buffer:java.nio.HeapByteBuffer[pos=0 lim=72 cap=72]
  com.sun.messaging.jmq.jmsserver.util.BrokerException: Internal Error: Unable to complete processing acks: Unknown consumer [consumer:30520
  53123717449216, type=NONE]
  at com.sun.messaging.jmq.jmsserver.data.handlers.AckHandler.handleAcks(AckHandler.java:256)
  at com.sun.messaging.jmq.jmsserver.data.handlers.AckHandler.handle(AckHandler.java:166)
  at com.sun.messaging.jmq.jmsserver.data.PacketRouter.handleMessage(PacketRouter.java:146)
  at com.sun.messaging.jmq.jmsserver.service.imq.IMQConnection.readData(IMQConnection.java:1856)
  at com.sun.messaging.jmq.jmsserver.service.imq.IMQConnection.process(IMQConnection.java:816)
  at com.sun.messaging.jmq.jmsserver.service.imq.OperationRunnable.process(OperationRunnable.java:141)
  at com.sun.messaging.jmq.jmsserver.util.pool.BasicRunnable.run(BasicRunnable.java:459)
  at java.lang.Thread.run(Thread.java:595)
  [24/Apr/2007:16:22:05 EDT] [B1071]: Established cluster connection : testuidp02.dol.state.nj.us/172.31.120.45:7676 (aminstance)
  [24/Apr/2007:16:23:00 EDT] [B1066]: Closing: [email protected]:57590->jms:60425 because "[B0061]: Client exited without closing con
  nections". Count=1
  [24/Apr/2007:16:24:37 EDT] [B1065]: Accepting: [email protected]:42435->jms:60425. Count=2
  [24/Apr/2007:16:26:15 EDT] [B1066]: Closing: [email protected]:42435->jms:60425 because "[B0061]: Client exited without closing con
  nections". Count=1
  Access Manager via load balancer web server works fine with out session failover configuration.
  I noticed through forums that Accessmanager 2005Q4 had similar problem and was fixed with a patch.
  Will somebody please help who has done session failover with AM7.1?
  Thanks
  Kris

  Yep, that was me struggling with 2005Q4 before they released a patch (120954-03 if I am not mistaken).
  1. Have you configured your AM installation as a site?
  2. Have you added a secondary configuration in the session tab?
  A restart will be required after that. Try setting log levels to debug. When AM webserver comes up and brings the application live, you'll see information regarding the secondary configuration, and whether things are actually in place or not.
  Hope this helps.
  Ankush
  http://www.iamcg.net

• Install Oracle Access Manager in existing Access Manager domain

  Hi
  I am operator of a windows system with Oracle Access Manager installed.
  We use OAM for SSO against Webpages in OIM running on Jboss, and now we are going to implement against a WebLogic webapplication too.
  The userbase is standard Active Directory
  I did not set up OAM myself so I'm not completely sure how it works.
  To be able to test the SSO solution given by an external provider, I need to have a proper stage environment.
  My idea is to set up another OAM on another server, wich points towards the same AD domaincontroller as the existing OAM
  Is this possible? In the installation guide I find that the new AccessManager system should be added into the existing OAM configuration , before we turn of the existing OAM and then install the complete OAM on the new server. Then we can turn on the existing OAM again, and implement them as clusters. I would like them to be two indipendent instances not affecting one another, but in the same AD domain to be able to test features in one of them and use the other as the production server.
  My fear is that I "mess up" the form in AD created from the old OAM, and that way mess the upp production environment.
  Edited by: user631873 on 11.sep.2009 06:22

  Hi,
  Technically, you can certainly set up a new OAM infrastructure which points to the existing AD instance. You could do this in a number of ways, for example:
  - set up the new instance so that it points to the same users and configuration branch as the existing instance, so that the new instance is effectively just an extension of the existing instance (with extra Identity and Access Servers, etc) ;
  - set up the new instance so that it points to the same AD instance, but uses different User searchbase and Config branch. In this case the new instance is more or less completely separate, but it happens to use the same directory ;
  - set up the new instance so that it points to the same Users, but a different Config branch, in which case the new instance has independed OAM configuration (policies, authentication schemes etc) but operates on the same user base.
  (In OAM you can define separate ldap locations for the Users, Identity Config and Access Config.)
  It depends on exactly what you want, but if the idea is to have a proper stage environment, then it is usually better for them to be completely independent, including the directory. OAM can update users as well as policies, and additionally different major versions of OAM have different schemas, so there are risks when using the same directory instance. Load testing is also an issue, since the directory is accessed extensivley by OAM.
  Regards,
  Colin

• Extending Domain with Oracle Access Manager 10g

  Oracle® Fusion Middleware Enterprise Deployment Guide for Oracle Identity Management
  11g Release 1 (11.1.1)
  Part Number E12035-05
  http://download.oracle.com/docs/cd/E14571_01/core.1111/e12035/toc.htm
  Chapter 10 - Extending the Domain with Oracle Access Manager 10g
  - Section 10.4.3 Installing WebGate on OAMADMINHOST, WEBHOST1, and WEBHOST2
  Question:
  How many webgate instances should be created?
  1) Is there only on instance and the three installation share the same ID?
  2) Is there two instances? one for the web cluster, the other for the OAM Admin Console server?
  3) Is there three separate webgates and instances?
  Thanks

  It should be this way:
  Ebiz:
  1. Integrate OAM with OASSO
  2. Register OASSO and OID with Ebiz11.5.10.2
  3. Protect the resource in OAM
  4. Verify if authentication is successful for this resource.
  Obiee:
  1. Integrate OBIEE with OAM
  2. Verify if authentication is successful for this resource.
  IWA:
  1. Install IIS webser and webgate
  2. Create authentication scheme which protects / of IIS web server.
  Create a Form Authentication Scheme(this scheme should protect OBIEE and EBiz resource) which will have challenge redirect to IIS web server where IWA is configured and / is protected.
  Login Flow:
  1. User tries to access ebiz or obiee resource.
  2. Form Authentication Scheme will challenge redirect to IIS web server where IWA is configured.
  3. As IWA is configured. User will be automatically get ObSSOCookie.
  4. User gets redirected back to the requested resource.
  There is a My oracle support doc which talks in details about this setup.

• Can not configure Access Manager

  Hi all,
  1. I istalled Sun java messaging server 6.
  2. I edit amsamplesilent to prepare amsamplesilent.my:
  # cd /opt/SUNWam/bin
  #mv amsamplesilent amsamplesilent.my
  3. I configure Access Manager:
  #./amconfig -s amsamplesilent.my but get the following error:
  # ./amconfig amsamplesilent.my
  Usage: amconfig -s <silentinputfile>
  ./amconfig: Sourcing ./amutils
  ln: cannot create /opt/SUNWam/lib/jaxrpc-spi.jar: File exists
  chown: jaxrpc-spi.jar: No such file or directory
  full install
  ./amdsconfig: Sourcing ./amutils
  LD_LIBRARY_PATH is --- /usr/lib/mps/secv1:/usr/lib/mps/secv1:/usr/lib/mps/secv1:/opt/SUNWam/lib:/opt/SUNWam/ldaplib/ldapsdk
  CLASSPATH is --- /opt/SUNWam/locale:/etc/opt/SUNWam/config:/opt/SUNWam/lib:/opt/SUNWam/lib/am_services.jar:/opt/SUNWam/lib/ldapjdk.jar:/usr/share/lib/mps/secv1/jss3.jar:/opt/SUNWam/lib/am_sdk.jar
  ldap_simple_bind: Can't connect to the LDAP server - No route to host
  ldap_simple_bind: Can't connect to the LDAP server - No route to host
  ldap_simple_bind: Can't connect to the LDAP server - No route to host
  ldap_simple_bind: Can't connect to the LDAP server - No route to host
  sleep 3
  ldap_simple_bind: Can't connect to the LDAP server - No route to host
  ldap_simple_bind: Can't connect to the LDAP server - No route to host
  ldap_simple_bind: Can't connect to the LDAP server - No route to host
  sleep 4
  ldap_simple_bind: Can't connect to the LDAP server - No route to host
  ldap_simple_bind: Can't connect to the LDAP server - No route to host
  ldap_simple_bind: Can't connect to the LDAP server - No route to host
  sleep 5
  ldap_simple_bind: Can't connect to the LDAP server - No route to host
  ldap_simple_bind: Can't connect to the LDAP server - No route to host
  ldap_simple_bind: Can't connect to the LDAP server - No route to host
  sleep 6
  ERROR : Loading of Access Manager schema into the Directory failed
  Starting the tag swapping of the install.ldif and installExisting.ldif
  ROOT_SUFFIX is dc=iplanet,dc=com
  People_NM_ROOT_SUFFIX is People_dc=iplanet_dc=com
  SERVER_HOST sample.red.iplanet.com
  DIRECTORY_SERVER sample.red.iplanet.com
  DIRECTORY_PORT 389
  USER_NAMING_ATTR uid
  ORG_NAMING_ATTR o
  CONSOLE_DEPLOY_URI /amconsole
  ORG_OBJECT_CLASS sunismanagedorganization
  RS_RDN iplanet
  USER_OBJECT_CLASS inetorgperson
  ldap_simple_bind: Can't connect to the LDAP server - No route to host
  ldap_simple_bind: Can't connect to the LDAP server - No route to host
  sleep 3
  ERROR : Configuring/Loading of the default DIT in the Directory Server failed
  ldap_simple_bind: Can't connect to the LDAP server - No route to host
  ldap_simple_bind: Can't connect to the LDAP server - No route to host
  sleep 3
  Warning : Plugins and Indexes already exist.
  ./amsvcconfig: Sourcing ./amutils
  LD_LIBRARY_PATH is --- /usr/lib/mps/secv1:/usr/lib/mps/secv1:/usr/lib/mps/secv1:/opt/SUNWam/lib:/opt/SUNWam/ldaplib/ldapsdk
  CLASSPATH is --- /opt/SUNWam/locale:/etc/opt/SUNWam/config:/opt/SUNWam/lib:/opt/SUNWam/lib/am_services.jar:/opt/SUNWam/lib/ldapjdk.jar:/usr/share/lib/mps/secv1/jss3.jar:/opt/SUNWam/lib/am_sdk.jar
  ldap_simple_bind: Can't connect to the LDAP server - No route to host
  Loading service schema XML files ...
  Info 112: Entering ldapAuthenticate method!
  Error 15: Cannot authenticate user.
  LDAP authentication failed.
  Error 9: Operation failed: Error 15: Cannot authenticate user.
  Error occured while loading: /etc/opt/SUNWam/config/ums/ums.xml
  ./amws61config: Sourcing ./amutils
  /opt/SUNWam/console.war: No such file or directory
  current web app is applications
  copying files from sunwamconsdk
  Swapping tag swap in index.html files ...
  Making amconsole.war
  Successfully done making warfile ...
  Deploying from /opt/SUNWam/web-src/applications (/opt/SUNWam/amconsole.war) to /opt/SUNWwbsvr/https-sample.red.iplanet.com/is-web-apps/applications for /amconsole
  wdeploy deploy -u /amconsole -i https-sample.red.iplanet.com -v https-sample.red.iplanet.com -d /opt/SUNWwbsvr/https-sample.red.iplanet.com/is-web-apps/applications /opt/SUNWam/amconsole.war
  [wdeploy] The war file name is /opt/SUNWam/amconsole.war
  [wdeploy] Fatal error in parsing XML file ..Premature end of file.
  [wdeploy] (-1, -1) in file null
  [wdeploy] Error encountered while parsing /opt/SUNWwbsvr/https-sample.red.iplanet.com/config/server.xml
  Failed deploying /amconsole
  /opt/SUNWam/services.war: No such file or directory
  current web app is services
  Swapping tag swap in index.html files ...
  Making amserver.war
  Successfully done making warfile ...
  Deploying from /opt/SUNWam/web-src/services (/opt/SUNWam/amserver.war) to /opt/SUNWwbsvr/https-sample.red.iplanet.com/is-web-apps/services for /amserver
  wdeploy deploy -u /amserver -i https-sample.red.iplanet.com -v https-sample.red.iplanet.com -d /opt/SUNWwbsvr/https-sample.red.iplanet.com/is-web-apps/services /opt/SUNWam/amserver.war
  [wdeploy] The war file name is /opt/SUNWam/amserver.war
  [wdeploy] Fatal error in parsing XML file ..Premature end of file.
  [wdeploy] (-1, -1) in file null
  [wdeploy] Error encountered while parsing /opt/SUNWwbsvr/https-sample.red.iplanet.com/config/server.xml
  Failed deploying /amserver
  /opt/SUNWam/password.war: No such file or directory
  current web app is password
  Swapping tag swap in index.html files ...
  Making ampassword.war
  Successfully done making warfile ...
  Deploying from /opt/SUNWam/web-src/password (/opt/SUNWam/ampassword.war) to /opt/SUNWwbsvr/https-sample.red.iplanet.com/is-web-apps/password for /ampassword
  wdeploy deploy -u /ampassword -i https-sample.red.iplanet.com -v https-sample.red.iplanet.com -d /opt/SUNWwbsvr/https-sample.red.iplanet.com/is-web-apps/password /opt/SUNWam/ampassword.war
  [wdeploy] The war file name is /opt/SUNWam/ampassword.war
  [wdeploy] Fatal error in parsing XML file ..Premature end of file.
  [wdeploy] (-1, -1) in file null
  [wdeploy] Error encountered while parsing /opt/SUNWwbsvr/https-sample.red.iplanet.com/config/server.xml
  Failed deploying /ampassword
  /opt/SUNWam/introduction.war: No such file or directory
  current web app is common
  Swapping tag swap in index.html files ...
  Making amcommon.war
  Successfully done making warfile ...
  Deploying from /opt/SUNWam/web-src/common (/opt/SUNWam/amcommon.war) to /opt/SUNWwbsvr/https-sample.red.iplanet.com/is-web-apps/common for /amcommon
  wdeploy deploy -u /amcommon -i https-sample.red.iplanet.com -v https-sample.red.iplanet.com -d /opt/SUNWwbsvr/https-sample.red.iplanet.com/is-web-apps/common /opt/SUNWam/amcommon.war
  [wdeploy] The war file name is /opt/SUNWam/amcommon.war
  [wdeploy] Fatal error in parsing XML file ..Premature end of file.
  [wdeploy] (-1, -1) in file null
  [wdeploy] Error encountered while parsing /opt/SUNWwbsvr/https-sample.red.iplanet.com/config/server.xml
  Failed deploying /amcommon
  Checking if Web Server is already configed with Access Manager
  Configuring Web Server
  Mime type: 'type=text/vnd.wap.wml' already exists: Skipping ....
  Mime type: 'type=image/vnd.wap.wbmp' already exists: Skipping ....
  I tried again but I still get this error.
  Any Ideas for this problem?
  Thanks.

  ldap_simple_bind: Can't connect to the LDAP server - No route to host
  i would consider this a fatal error.
  The system cannot locate where your Directory Server is. "no route to host" means that it's trying to get to the host, but your networking isn't set up correctly, and it doesn't find any route to get to the specified host.

• Remote Access Management Console - configuration issue with Network Location Server

  2012 Std R2
  The remote Access management console operation status shows  all green except for network location server .
  Error: There is no response from the network location server URL. DirectAccess connectivity might not work as expected, and DirectAccess clients located inside the corporate network might not be able to reach internal resources.
  Resolution listed as:
  1. Configure the network location server on a server that is highly available to clients on the internal network.
  2. If the network location server is running on the Remote Access server, ensure that IIS is running, and that the URL is available.
  The remote access server is located on this server. IIS is running. What URL: show I be looking at?
  Any other thoughts so I can get remote access working.
  l also am getting a remote access error for IPV6, could this be a cause:
  RoutingDomainID- {00000000-0000-0000-0000-000000000000}: Unable to add the interface {D37062B2-A3E0-4496-A459-9E0BBCE5423C} with the Router Manager for the IPV6 protocol. The following error occurred: Cannot complete this function.
  John Lenz

  Hi John,
  please follow the steps to reinstall TCP/IP stack.
  1.Restart your PC into Safe Mode with Networking.
  2.
  Edit your registry. Delete the following keys:
  HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Services/Winsock
  HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Services/Winsock2
  3.
  Open the nettcpip.inf file in your %winroot%/inf folder
  (%winroot% is usually c:/windows).
  Find the [MS_TCPIP.PrimaryInstall] section. Change the Characteristics value from 0xA0 to 0x80.
  Open the properties of the network connection you want to fix. In the General tab, click on the Install button. Click on the Have Disk button, and point the location to %winroot%/inf. After that select TCP/IP (not version 6).
  4.
  Now you would notice that you can uninstall TCP/IP!
  Do that, then restart the PC.
  Go back to your network connection, and install TCP/IP again as per the above. After another reboot, you should be up and running.
  I also noted that the XP network repair tool may yank out the ISA 2004 firewall client stuff. Just run the firewall clinet repair or install it again to fix that problem after you did your reboot. Before you do this kind of crazy stuff.
  5.
  This along with a TCP/IP reset using the netsh command:
  netsh int ip reset resetlog.txt
  wish you have a nice thanksgiving too
  Regards,
  Mike
  Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

• Sun Access Manager 7.1 configuration

  I am trying to configure Sun Access Manager 7.1 update 1 on websphere 6.1.0.11 running on windows 2003 server and am getting a crypt error on SunJCE. Any suggestions on how to fix this?
  The thread dump looks like this
  05/16/2008 11:22:00:509 AM EDT: Thread[WebContainer : 2,5,main]
  05/16/2008 11:22:00:509 AM EDT: Thread[WebContainer : 2,5,main]ERROR: Crypt: failed to set password-based key
  java.security.NoSuchProviderException: no such provider: SunJCE
  at sun.security.jca.GetInstance.getService(GetInstance.java:82)
  at javax.crypto.b.a(Unknown Source)
  at javax.crypto.SecretKeyFactory.getInstance(Unknown Source)
  at com.iplanet.services.util.JCEEncryption.setPassword(JCEEncryption.java:377)
  at com.iplanet.services.util.Crypt.createInstance(Crypt.java:139)
  at com.iplanet.services.util.Crypt.<clinit>(Crypt.java:103)
  at java.lang.J9VMInternals.initializeImpl(Native Method)
  at java.lang.J9VMInternals.initialize(J9VMInternals.java:192)
  at com.sun.identity.setup.ServicesDefaultValues.validatePassword(ServicesDefaultValues.java:396)
  at com.sun.identity.setup.ServicesDefaultValues.setServiceConfigValues(ServicesDefaultValues.java:107)
  at com.sun.identity.setup.AMSetupServlet.processRequest(AMSetupServlet.java:307)
  at com.ibm._jsp._configurator._jspService(_configurator.java:221)
  at com.ibm.ws.jsp.runtime.HttpJspBase.service(HttpJspBase.java:85)
  at javax.servlet.http.HttpServlet.service(HttpServlet.java:856)
  at com.ibm.ws.webcontainer.servlet.ServletWrapper.service(ServletWrapper.java:989)
  at com.ibm.ws.webcontainer.servlet.ServletWrapper.service(ServletWrapper.java:930)
  at com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:145)
  at com.sun.identity.setup.AMSetupFilter.doFilter(AMSetupFilter.java:89)
  at com.ibm.ws.webcontainer.filter.FilterInstanceWrapper.doFilter(FilterInstanceWrapper.java:190)
  at com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:130)
  at com.ibm.ws.webcontainer.filter.WebAppFilterChain._doFilter(WebAppFilterChain.java:87)
  at com.ibm.ws.webcontainer.filter.WebAppFilterManager.doFilter(WebAppFilterManager.java:761)
  at com.ibm.ws.webcontainer.filter.WebAppFilterManager.doFilter(WebAppFilterManager.java:673)
  at com.ibm.ws.webcontainer.servlet.ServletWrapper.handleRequest(ServletWrapper.java:498)
  at com.ibm.ws.wswebcontainer.servlet.ServletWrapper.handleRequest(ServletWrapper.java:464)
  at com.ibm.wsspi.webcontainer.servlet.GenericServletWrapper.handleRequest(GenericServletWrapper.java:122)
  at com.ibm.ws.jsp.webcontainerext.AbstractJSPExtensionServletWrapper.handleRequest(AbstractJSPExtensionServletWrapper.java:205)
  at com.ibm.ws.webcontainer.webapp.WebApp.handleRequest(WebApp.java:3276)
  at com.ibm.ws.webcontainer.webapp.WebGroup.handleRequest(WebGroup.java:267)
  at com.ibm.ws.webcontainer.WebContainer.handleRequest(WebContainer.java:811)
  at com.ibm.ws.wswebcontainer.WebContainer.handleRequest(WebContainer.java:1455)
  at com.ibm.ws.webcontainer.channel.WCChannelLink.ready(WCChannelLink.java:113)
  at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleDiscrimination(HttpInboundLink.java:454)
  at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleNewInformation(HttpInboundLink.java:383)
  at com.ibm.ws.http.channel.inbound.impl.HttpICLReadCallback.complete(HttpICLReadCallback.java:102)
  at com.ibm.ws.tcp.channel.impl.AioReadCompletionListener.futureCompleted(AioReadCompletionListener.java:165)
  at com.ibm.io.async.AbstractAsyncFuture.invokeCallback(AbstractAsyncFuture.java:217)
  at com.ibm.io.async.AsyncChannelFuture.fireCompletionActions(AsyncChannelFuture.java:161)
  at com.ibm.io.async.AsyncFuture.completed(AsyncFuture.java:136)
  at com.ibm.io.async.ResultHandler.complete(ResultHandler.java:195)
  at com.ibm.io.async.ResultHandler.runEventProcessingLoop(ResultHandler.java:743)
  at com.ibm.io.async.ResultHandler$2.run(ResultHandler.java:873)
  at com.ibm.ws.util.ThreadPool$Worker.run(ThreadPool.java:1469)
  05/16/2008 11:22:00:509 AM EDT: Thread[WebContainer : 2,5,main]ERROR: JCEEncryption:: not yet initialized

  Have you followed the release notes instructions? There is one specifically about changing JCE:
  http://docs.sun.com/app/docs/doc/819-5899/gdpsl?a=view
  http://docs.sun.com/app/docs/doc/819-4683/gfvfl?a=view
  http://docs.sun.com/app/docs/doc/819-5899/gdxas?a=view
  shivaram

• Configuring IIS6.0 with Sun Access manager

  As I am new to Sun java Access manager .I have installed and configured the Sun Access manager 7.1 on Tomcat and able to login to the console also.Now I am looking to configure the web application which resides in IIS 6.0 with Sun Access manager,To do this are there any documents about how to configure the Windows IIS 6.0Policy agent with Sun Accessmanager?In the Sun website I didnt see any document related to this configuration,could anyone please help how to work on this?
  Thanks in advance.

  http://docs.sun.com/app/docs/doc/819-4771?l=en
  should give you all the information you need. For server changes like policy refer to AM 7.1 docs on docs.sun.com

• How do I configure Access Manager?

  I don't have idea how to configure Access Manager, I installed ans configure Directory and Web Server and working well, but I need to configure access Manager, there is a script called " amsamplesilent " it has some variables that i dont understand very well, how do I do to configure?
  Plz help me.

  So you used "configure later" option while installing Access Manager - correct?
  amsamplesilent is not a script - it's an input file for the command "amconfig"
  copy this file and adjust it to your settings (which variables haven't you understood?)
  run amconfig -f <your_sample_install_file>
  -Bernhard

• I don't Configuring Access Manager in SSL Mode

  i only install am7.1 and ws7.0 in windows2003 pack 1.
  then, i read "Sun Java SystemAccess Manager 7.1 Postinstallation Guide" .
  it said that "Login to theWeb Server console.The default port is 8888." but i can't find the default port .
  i think my web server console's default port is 8989.

  Hi,
  As a part of my requirement, I need to Configure Access Manager in SSL Mode. For that, I followed all the steps(Change http to https in web server instance in Access Manager, Install Certificate, Modify AMConfig.properties) mentioned in the PostInstallation Guide of Sun Access Manager to configure the SSL using Selfsigned certificate. so, after doing all these steps, as soon as the hit the Access Manager URL httsp://machinename:portno/amserver/UI/Login, it shows "page cannot be displayed" error. I have checked the web server with SSL enabled in it and its running fine.
  On one of forum post, I read that you need to set this property to true "com.sun.am.jssproxy.trustAllServerCerts" if you are not installing the ROOTCA certificate however this is not listed in the AM documentation.
  Any help on this would be highly appreciated. Let me know if am missing any steps.