OpenAM 11.0.1 Installation & Configuration (Load Balancing)
Step 1 - Install & setup WebLogic/OpenAM environment
2) Install webllogic 12.1.2
3) Create wl-openam domain
4) Change mem_args 2048 and PermGen at least 256M
5) ${DOMAIN_HOME}/bin/startWebLogic.sh -Djavax.xml.soap.MessageFactory=com.sun.xml.internal.messaging.saaj.soap.ver1_1.SOAPMessageFactory1_1Impl $*
6) Create custom configuration from 'openam' site and install in "/pae/openam"
7) unzip 'ssoadm' tool into /pae/openam/SSOAdminTools-11.0.1
8) echo 1Password > /pae/openam/SSOAdminTools-11.0.1/openam/bin/pwd.txt
9) chmod 400 /pae/openam/SSOAdminTools-11.0.1/openam/bin/pwd.txt
10) Copy the XML file from CM to /pae/openam/DSTOpenAMAuth.xml
11) Deploy "OpenAM11.0.1" application. Restart the Appserver JVM's.
Step 2 - Configure OpenAM (11.0.1) using Configurator tool On Primary Server.
Run SSO Configurator to install OpenAM.Below is the steps followed to install a primary & secondary servers.
1) Download & unzip "SSOConfiguratorTools-11.0.1.zip" in "/pae/openam" location.
2) Update "primary-configuration.properties" as needed;
primary-configuration.properties
#############################################################################
SERVER_URL=http://alvdstlwls003aq.asp.datascantech.com:9202
DEPLOYMENT_URI=/openam
BASE_DIR=/pae/openam
locale=en_US
PLATFORM_LOCALE=en_US
AM_ENC_KEY=5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8
ADMIN_PWD=1Password
AMLDAPUSERPASSWD=00000000
COOKIE_DOMAIN=.datascantech.com
#############################################################################
DATA_STORE=embedded
DIRECTORY_SSL=SIMPLE
DIRECTORY_SERVER=localhost
DIRECTORY_PORT=50389
DIRECTORY_ADMIN_PORT=4444
DIRECTORY_JMX_PORT=1689
ROOT_SUFFIX=dc=openam
DS_DIRMGRDN=cn=Directory Manager
DS_DIRMGRPASSWD=11111111
3) Run Configurator tool to install.
/pae/openam/jdk1.7.0_45/bin/java -jar openam-configurator-tool-11.0.1.jar -f primary-configuration.properties
Once its successfully installed; use "dst-config.sh" to configure "ssoadm".
dstconfig.sh
#!/bin/sh
echo 1Password > /pae/openam/SSOAdminTools-11.0.1/openam/bin/pwd.txt
chmod 400 /pae/openam/SSOAdminTools-11.0.1/openam/bin/pwd.txt
/pae/openam/SSOAdminTools-11.0.1/openam/bin/ssoadm list-servers -u amadmin -f /pae/openam/SSOAdminTools-11.0.1/openam/bin/pwd.txt
/pae/openam/SSOAdminTools-11.0.1/openam/bin/ssoadm create-svc --xmlfile /pae/openam/DSTOpenAMAuth.xml -u amAdmin -f /pae/openam/SSOAdminTools-11.0.1/openam/bin/pwd.txt
/pae/openam/SSOAdminTools-11.0.1/openam/bin/ssoadm register-auth-module --authmodule com.dst.fourx.openamauth.DSTOpenAMAuth -u amAdmin -f /pae/openam/SSOAdminTools-11.0.1/openam/bin/pwd.txt
/pae/openam/SSOAdminTools-11.0.1/openam/bin/ssoadm create-auth-cfg -e "/" -m "DST Authentication Chain" -u amAdmin -f /pae/openam/SSOAdminTools-11.0.1/openam/bin/pwd.txt
/pae/openam/SSOAdminTools-11.0.1/openam/bin/ssoadm update-auth-cfg-entr -e "/" -m "DST Authentication Chain" -u amadmin -f /pae/openam/SSOAdminTools-11.0.1/openam/bin/pwd.txt -a "DSTOpenAMAuth|REQUIRED"
/pae/openam/SSOAdminTools-11.0.1/openam/bin/ssoadm update-auth-cfg-props -e "/" -m "DST Authentication Chain" -u amadmin -f /pae/openam/SSOAdminTools-11.0.1/openam/bin/pwd.txt -a "iplanet-am-auth-post-login-process-class=com.dst.fourx.openamauth.DSTOpenAMPAP"
/pae/openam/SSOAdminTools-11.0.1/openam/bin/ssoadm add-svc-attrs -e "/" -s iPlanetAMAuthService -u amadmin -f /pae/openam/SSOAdminTools-11.0.1/openam/bin/pwd.txt -a "iplanet-am-auth-org-config=DST Authentication Chain"
/pae/openam/SSOAdminTools-11.0.1/openam/bin/ssoadm set-svc-attrs -e "/" -s iPlanetAMAuthService -u amadmin -f /pae/openam/SSOAdminTools-11.0.1/openam/bin/pwd.txt -a "iplanet-am-auth-dynamic-profile-creation=ignore"
###########################
Once the script runs successfully; Configure OpenAM on secondary server for loadbalaning, follow same steps to install & configure from Step 1
4) Download & unzip "SSOConfiguratorTools-11.0.1.zip" in "/pae/openam" location.
5) Update "secondary-configuration.properties" as needed;
secondary-configuration.properties
#############################################################################
SERVER_URL=http://alvdstlwls004aq.asp.datascantech.com:9202
DEPLOYMENT_URI=/openam
BASE_DIR=/pae/openam
locale=en_US
PLATFORM_LOCALE=en_US
AM_ENC_KEY=5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8
ADMIN_PWD=1Password
AMLDAPUSERPASSWD=00000000
COOKIE_DOMAIN=.datascantech.com
SERVER_URL=http://alvdstlwls004aq.asp.datascantech.com:9202
DEPLOYMENT_URI=/openam
BASE_DIR=/pae/openam
locale=en_US
PLATFORM_LOCALE=en_US
AM_ENC_KEY=5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8
ADMIN_PWD=1Password
AMLDAPUSERPASSWD=00000000
COOKIE_DOMAIN=.datascantech.com
#############################################################################
DATA_STORE=embedded
DIRECTORY_SSL=SIMPLE
DIRECTORY_SERVER=localhost
DIRECTORY_PORT=50389
DIRECTORY_ADMIN_PORT=4444
DIRECTORY_JMX_PORT=1689
ROOT_SUFFIX=dc=openam
DS_DIRMGRDN=cn=Directory Manager
DS_DIRMGRPASSWD=11111111
DATA_STORE=embedded
DIRECTORY_SSL=SIMPLE
DIRECTORY_SERVER=localhost
DIRECTORY_PORT=50389
DIRECTORY_ADMIN_PORT=4444
DIRECTORY_JMX_PORT=1689
ROOT_SUFFIX=dc=openam
DS_DIRMGRDN=cn=Directory Manager
DS_DIRMGRPASSWD=11111111
##############################################################################
DS_EMB_REPL_FLAG=embReplFlag
DS_EMB_REPL_REPLPORT1=58989
DS_EMB_REPL_HOST2=alvdstlwls003aq.asp.datascantech.com
DS_EMB_REPL_ADMINPORT2=4444
DS_EMB_REPL_REPLPORT2=50889
existingserverid=http://alvdstlwls003aq.asp.datascantech.com:9202/openam
DS_EMB_REPL_FLAG=embReplFlag
DS_EMB_REPL_REPLPORT1=58989
DS_EMB_REPL_HOST2=alvdstlwls003aq.asp.datascantech.com
DS_EMB_REPL_ADMINPORT2=4444
DS_EMB_REPL_REPLPORT2=50889
existingserverid=http://alvdstlwls003aq.asp.datascantech.com:9202/openam
/pae/openam/jdk1.7.0_45/bin/java -jar openam-configurator-tool-11.0.1.jar -f secondary-configuration.properties
/pae/openam/SSOAdminTools-11.0.1/openam/bin/ssoadm create-site -s sso -i https://uat.floorplan-solutions.net/sso -u amadmin -f /pae/openam/SSOAdminTools-11.0.1/openam/bin/pwd.txt
/pae/openam/SSOAdminTools-11.0.1/openam/bin/ssoadm add-site-members -s sso -e http://alvdstloes002as.asp.datascantech.com:9201/openam -u amadmin -f /pae/openam/SSOAdminTools-11.0.1/openam/bin/pwd.txt
# if you get 404 when u access the sso site thry proxy , make sure the cookie domains are set , include the external domain (.uat.floorplan-solutions.net & .dealeraccesssystem.com)
# pls use UAT and www subdomains for cookie domains so that cookies dont work accross uat and prod
/pae/openam/SSOAdminTools-11.0.1/openam/bin/ssoadm set-attr-defs -s iPlanetAMPlatformService -t global -a iplanet-am-platform-cookie-domains=.datascantech.com iplanet-am-platform-cookie-domains=.qa.datascantech.com iplanet-am-platform-cookie-domains=.qadas.datascantech.com -u amadmin -f /pae/openam/SSOAdminTools-11.0.1/openam/bin/pwd.txt
---end config
#NOTE: RESTART OPENAM Weblogic Instance
## pwd can be found in configuration>servers and sites> <server> > Security (Password Encryption Key:)
# /pae/openam/SSOAdminTools-11.0.1/openam/bin/ssoadm export-svc-cfg -u amadmin -e MELUOgbVav7DPJ/wjoSClTE0x7xVmcBa -f /pae/openam/SSOAdminTools-11.0.1/openam/bin/pwd.txt -o /home/wladmin/home/openam-backups/backup-`date -u +%F-%m-%S`.xml
#Edit ssoadm file
# -D"com.iplanet.am.naming.map.site.to.server=https://qa.datascantech.com/sso=http://alvdstlwls003aq.asp.datascantech.com:9202/openam" \
#Configure Profile
#Create Agent
# apachectl -t
# apachectl -k graceful
# keytool -import -trustcacerts -alias samlr12dmz-qa.jpmchase.com -file /pae/alvdstloes002as/software/DMZ_SAML_QAR12.cert -keystore /pae/openam/openam/keystore.jks
# keytool -list -keystore /pae/openam/openam/keystore.jks -storepass changeit | grep jpm
#https://uat.floorplan-solutions.net/sso/UI/Login?org=alvdstloes002as.asp.datascantech.com&service=adminconsoleservice
/pae/openam/SSOAdmin_11.0.1/log
No comments:
Post a Comment