Ensure that OpenDJ is setup and running.
OpenAM requires that you use fully qualified domain names, such as openam.example.com so we'll use,
openam.krypton.com and www.openam.krypton.com
First, OpenAM does requires these entries on the server. Edit your /etc/hosts file accordingly.
If you are not using real DNS, then ensure that these entries are on your client machine's hosts file.
Setup Zero Footprint Tomcat run as serveradmin. Do not have Tomcat started yet.
Download the files
wget http://download.forgerock.org/downloads/openam/snapshot9.5/openam_954.war wget http://download.forgerock.org/downloads/openam/snapshot9.5/ssoAdminTools_954.zip |
Each OpenAM instance has a configuration directory, agents directory and administration tools. As a sudo enabled user,
cd /opt sudo mkdir openam.0 cd openam.0 sudo mkdir agents config admintools cd /opt sudo chown -R serveradmin:staff ./openam.0 sudo chmod -R 750 ./openam.0 |
Rename and copy the war to the Tomcat deployment directory
cp openam_954.war /opt/apache/tomcat.0/webapps/openam.war |
Start Tomcat and browse to http://openam.krypton.com:8080/openam/ to start the wizard.
Select Custom Configuration.
User = amadmin
Pass = Adam's password+
Server URL = openam.krypton.com:8080
Cookie Domain = .krypton.com
Platform Local = en_US
Configuration Director = /opt/openam.0/config where the 0 designates this as the first instance
As per the forum notes, you MUST use the fully quantified domain name, openam.krypton.com and not krypton.com in your browser url. |
First Instance = selected
Data Store = OpenDS or Sun Java System Directory Server
SSL/TLS Enabled = no
Host Name = localhost
Port = 50389
Admin Port = 5444
JMX Port = 1689
Root Suffix = dc=openam,dc=krypton,dc=com
Login ID = cn=Directory Manager
Password = Adam's password+
Originally I wanted to use OpenDJ for the Data Store but it is recommended against by ForgeRock. Read the OpenDJ setup for more details.
ForgeRock also recommends using the embedded LDAP server as the configuration store when you have four or fewer instances of OpenAM in production. At the same time, ForgeRock does not recommend |
Since both the Configuration Data Store and the User Data Store use very similar schemas we make a point to differentiate the root suffix. |
If you really want to use an external data store for the Configuration read https://wikis.forgerock.org/confluence/display/openam/Configure+an+external+OpenDJ+or+OpenDS+as+the+configuration+store
Other User Data Store = selected
User Data Store Type = OpenDS
SSL/TLS Enabled = no
Host Name = opendj0.krypton.com
Port = 1389
Root Suffix = dc=krypton,dc=com
Login ID = cn=Directory Manager
Select No
Set password for policy agent must be different so using 2Keys.
Configuration Store Details
SSL/TLS Enabled Host Name Listening Port Root Suffix User Name Directory Name | No krypton.com 1389 dc=opendj.krypton,dc=com cn=Directory Manager /opt/openam-config.0 |
User Store Details
SSL/TLS Enabled Host Name Listening Port Root Suffix User Name User Data Store Type | No krypton.com 1389 dc=opendj.krypton,dc=com cn=Directory Manager OpenDS |
Site Configuration Details
This instance is not setup behind a load balancer |
When the configuration completes, click Proceed to Login, and then login as OpenAM administrator.