Prerequisites
Ensure that OpenDJ is setup and running.
DNS
OpenAM requires that you use fully qualified domain names, such as openam.example.com so we'll use,
openam.krypton.com and www.openam.krypton.com
First, OpenAM does requires these entries on the server. Edit your /etc/hosts file accordingly.
If you are not using real DNS, then ensure that these entries are on your client machine's hosts file.
Setup Tomcat
Setup Zero Footprint Tomcat run as serveradmin. Do not have Tomcat started yet.
OpenAM Download and Prep
Download
Download the files
wget http://download.forgerock.org/downloads/openam/snapshot9.5/openam_954.war wget http://download.forgerock.org/downloads/openam/snapshot9.5/ssoAdminTools_954.zip
Data Directory
Each OpenAM instance has a configuration directory, agents directory and administration tools. As a sudo enabled user,
cd /opt sudo mkdir openam.0 cd openam.0 sudo mkdir agents config admintools cd /opt sudo chown -R serveradmin:staff ./openam.0 sudo chmod -R 750 ./openam.0
Deploy
Rename and copy the war to the Tomcat deployment directory
cp openam_954.war /opt/apache/tomcat.0/webapps/openam.war
Start Tomcat and browse to http://openam.krypton.com:8080/openam/ to start the wizard.
Initial Wizard
Select Custom Configuration.
Default User Password
User = amadmin
Pass = Adam's password+
Server Settings
Server URL = openam.krypton.com:8080
Cookie Domain = .krypton.com
Platform Local = en_US
Configuration Director = /opt/openam.0/config where the 0 designates this as the first instance
As per the forum notes, you MUST use the fully quantified domain name, openam.krypton.com and not krypton.com in your browser url.
Configuration Data Store Settings
First Instance = selected
Data Store = OpenDS or Sun Java System Directory Server
SSL/TLS Enabled = no
Host Name = localhost
Port = 50389
Admin Port = 5444
JMX Port = 1689
Root Suffix = dc=openam,dc=krypton,dc=com
Login ID = cn=Directory Manager
Password = Adam's password+
Originally I wanted to use OpenDJ for the Data Store but it is recommended against by ForgeRock. Read the OpenDJ setup for more details.
ForgeRock also recommends using the embedded LDAP server as the configuration store when you have four or fewer instances of OpenAM in production. At the same time, ForgeRock does not recommend
Since both the Configuration Data Store and the User Data Store use very similar schemas we make a point to differentiate the root suffix.
If you really want to use an external data store for the Configuration read https://wikis.forgerock.org/confluence/display/openam/Configure+an+external+OpenDJ+or+OpenDS+as+the+configuration+store
User Data Store Settings
Other User Data Store = selected
User Data Store Type = OpenDS
SSL/TLS Enabled = no
Host Name = opendj0.krypton.com
Port = 1389
Root Suffix = dc=krypton,dc=com
Login ID = cn=Directory Manager
Site Configuration
Select No
Default Policy Agent User
Set password for policy agent must be different so using 2Keys.
Summary Details
Configuration Store Details
| SSL/TLS Enabled Host Name Listening Port Root Suffix User Name Directory Name | No krypton.com 1389 dc=opendj.krypton,dc=com cn=Directory Manager /opt/openam-config.0 |
User Store Details
| SSL/TLS Enabled Host Name Listening Port Root Suffix User Name User Data Store Type | No krypton.com 1389 dc=opendj.krypton,dc=com cn=Directory Manager OpenDS |
Site Configuration Details
This instance is not setup behind a load balancer |
Run
When the configuration completes, click Proceed to Login, and then login as OpenAM administrator.