/
OpenAM Setup v0.2

OpenAM Setup v0.2

Owned by Tin Pham
Last updated: Apr 09, 2012

Prerequisites

Ensure that OpenDJ is setup and running.

DNS

OpenAM requires that you use fully qualified domain names, such as openam.example.com so we'll use,

openam.krypton.com and www.openam.krypton.com

First, OpenAM does requires these entries on the server. Edit your /etc/hosts file accordingly.

If you are not using real DNS, then ensure that these entries are on your client machine's hosts file.

Setup Tomcat

Setup Zero Footprint Tomcat run as serveradmin. Do not have Tomcat started yet.

OpenAM Download and Prep

Download

Download the files

wget http://download.forgerock.org/downloads/openam/snapshot9.5/openam_954.war
wget http://download.forgerock.org/downloads/openam/snapshot9.5/ssoAdminTools_954.zip

Data Directory

Each OpenAM instance has a configuration directory, agents directory and administration tools. As a sudo enabled user,

cd /opt
sudo mkdir openam.0
cd openam.0
sudo mkdir agents config admintools
cd /opt
sudo chown -R serveradmin:staff ./openam.0
sudo chmod -R 750 ./openam.0

Deploy

Rename and copy the war to the Tomcat deployment directory

cp openam_954.war /opt/apache/tomcat.0/webapps/openam.war

Start Tomcat and browse to http://openam.krypton.com:8080/openam/ to start the wizard.

Initial Wizard

Select Custom Configuration.

Default User Password

User = amadmin
Pass = Adam's password+

Server Settings

Server URL = openam.krypton.com:8080
Cookie Domain = .krypton.com
Platform Local = en_US
Configuration Director = /opt/openam.0/config where the 0 designates this as the first instance

As per the forum notes, you MUST use the fully quantified domain name, openam.krypton.com and not krypton.com in your browser url.

Configuration Data Store Settings

First Instance = selected

Data Store = OpenDS or Sun Java System Directory Server
SSL/TLS Enabled = no
Host Name = localhost
Port = 50389
Admin Port = 5444
JMX Port = 1689
Root Suffix = dc=openam,dc=krypton,dc=com
Login ID = cn=Directory Manager
Password = Adam's password+

Originally I wanted to use OpenDJ for the Data Store but it is recommended against by ForgeRock. Read the OpenDJ setup for more details.

ForgeRock also recommends using the embedded LDAP server as the configuration store when you have four or fewer instances of OpenAM in production. At the same time, ForgeRock does not recommend

Since both the Configuration Data Store and the User Data Store use very similar schemas we make a point to differentiate the root suffix.

If you really want to use an external data store for the Configuration read https://wikis.forgerock.org/confluence/display/openam/Configure+an+external+OpenDJ+or+OpenDS+as+the+configuration+store

User Data Store Settings

Other User Data Store = selected

User Data Store Type = OpenDS

SSL/TLS Enabled = no
Host Name = opendj0.krypton.com
Port = 1389
Root Suffix = dc=krypton,dc=com
Login ID = cn=Directory Manager

Site Configuration

Select No

Default Policy Agent User

Set password for policy agent must be different so using 2Keys.

Summary Details

Configuration Store Details

 

SSL/TLS Enabled
Host Name
Listening Port
Root Suffix
User Name
Directory Name		No
krypton.com
1389
dc=opendj.krypton,dc=com
cn=Directory Manager
/opt/openam-config.0

 

User Store Details

 

SSL/TLS Enabled
Host Name
Listening Port
Root Suffix
User Name
User Data Store Type		No
krypton.com
1389
dc=opendj.krypton,dc=com
cn=Directory Manager
OpenDS

 

Site Configuration Details

This instance is not setup behind a load balancer

Run

When the configuration completes, click Proceed to Login, and then login as OpenAM administrator.