Wednesday Jan 24, 2007

Access Manager 7.1: Learn All About It

Two weeks back, I took a week-long Access Manager 7.1 beta course (AM3480). I've been wanting to blog about it ever since. The problem is that the week-long class set me back about a week.

Classroom Learning
As I've said in this blog before, I love classroom learning. That hasn't changed. I could easily take this class three weeks in a row, learn something new each time, and love the experience. It's a sickness really. Perhaps “sickness” is a strong word, but I do have an unusually high amount of enthusiasm toward learning in a classroom setting.

Beta as a Good Thing
The course was a “beta” course, which I think turned out to be a bonus. The class was taught to Sun employees in order to work out the kinks and perfect the content. There were nine of us. Instead of being taught by a course instructor, the class was taught by a course developer, specifically David Goldsmith. You can view a video of David explaining Federated Identity. Federated Identity was something covered in the class, so you can get a little sense of the type of material covered in the course. The video is part of a series of training hot topics.

About the students in this beta class, I was, without a doubt, the least technical person in the room. The other students were identity management developers, service folks, support folks, etc. Luckily, the class is designed to catch the less technical people, like me, too. The labs were very helpful in that respect. We also got a lot of explanations of why material was in the class, which ended up providing a pretty good perspective of what customers need and expect to learn about Access Manager. Students' comments were highly encouraged. It was all part of the process of determining what should and shouldn't be covered in the course when it's available to the public.

What I Learned
I took the Access Manager 6.3 training course and I noticed a lot of maturity in both Access Manager and in the Access Manager training course this time around. I was able to follow the course much better this time, mostly because I've become more familiar with Access Manager over time. However, more than a modicum of my increased understanding is because of the emphasis on real world situations. Kudos for that. The product can be pretty abstract. Performing the labs isn't enough to unveil all the cloudiness. But the explanations of what was being accomplished in the labs and what it means to customers were very helpful.

It's the Little Things
As I explained in a previous blog entry about training classes, it's the little things that really make it fun. Here are a few little, but cool, things I picked up or at least was exposed to in the class:

  • A UNIX trick: In the bash shell, the “CONTROL + r” combination gets the shell to try to complete your next command by matching what you start to type with commands you've typed in the past.

  • Browser Cache Issues: The browser cache can get in the way. I didn't know, but you can stop the browser from caching. I knew you could clear the cache, but even then I followed that by closing the browser. It seems that closing is not proper. Quitting is proper. I assumed they were the same. Who knew? Apparently, everybody else in the class.

  • CLI Options for Most Everything: Not to say that I actually learned the command-line options for everything, but we usually tried both a GUI option and a CLI option. There are various reasons for knowing the CLI commands, such as related to scripting and security. I appreciated and understood those reasons better than I have in the past.

The Customer
As it should be, the customer is all important. You leave this course knowing it. We heard a lot about why new features had been added or why certain facts or commands were being taught in the course. Basically, such lessons turned out to be history lessons about customer requests and expectations over the years.

The Real World
The federation chapters and the deployment chapter were very good for me because they focused on real world examples. We got a taste of deployments involving distributed authentication UI server and other scenarios that include a variety servers in the DMZ (with firewalls on both sides).

And we saw deployment examples where Access Manager was installed as a WAR file instead of through the Java Enterprise Server installer. This lightweight installation option is often demanded by customers and is the form in which OpenSSO is downloaded. In fact, the Access Manager WAR file option is often compared to sliced bread, the wheel, and chocolate ice cream. Customers love, love, love this thing. You can actually get your hands on the Access Manager 7.1 Beta WAR file. It's all part of the Java EE 5 SDK downloads. The following is the download specifically for Access Manager 7.1 Beta WAR. For that last link and other Sun links to an actual download, you need a Sun Online Account. It's a free but required step. Anyway, it was good to see something in the class about the WAR file option.

Time or Lack Thereof
It always comes down to time or money. In this case, it was time. As a class, we couldn't complete all the labs. I, personally, fell behind a few times. I came in early every morning and stayed past 10PM one night (probably not an option for students in the regular course) to catch back up. UNIX shortcuts and such are pretty unfamiliar to me. Therefore, I found it helpful just to watch other students bring up prior commands, use vi, and stuff like that.

With my extra effort, I managed to stay up with the class all the way through. Actually, the students were all a serious bunch. A lot of students stayed late. There was no email going on during lectures, pretty intense learning. All the same, the class as a whole couldn't get through everything, so it seems that some things will have to be taken out. Somehow, I don't think a seven-day class will fly. I'd sign up in a second, but a class of one just doesn't make much cents.

Thursday Nov 30, 2006

It's the little things

I've been taking an online Access Manager Training class. I think I'm getting used to this online learning thing.

One thing that can't be disputed, Access Manager is complex. I guess everything is these days. Well, software, anyways. I just completed 2 more of the 12 modules: "Logging and Debugging" and "Authentication and Single Sign-On."

I found most of it to be of interest, but one of the coolest things for me was that I learned something new about the UNIX command ls. Isn't that the silliest thing?

The command shown was ls -lrt. I don't remember ever learning the -r or -t options.

When debugging, one reviews a directory of debug files. If you use the -t option, it puts files in order chronologically from the most recent to the least recent. The -r option reverses that chronological order: from the least recent to the most recent.

Anyway, the most recently updated file is often the source of the problem. So this technique can help one debug. It's those little things that really matter. These things are so little that nobody tells you about them. Well, I guess training folks do, but nobody else does. They assume you know. Trust me, I don't know. Well, now I do. Is it just me?

Sunday Nov 12, 2006

Training - Online vs. Classroom

I'll take the classroom any day.

I understand that some people prefer online courses to instructor-led courses. And not because the online courses are so much cheaper, but because they're so much more enjoyable.

I am definitely not one of those people. Not that there's anything wrong with that. If that's who you are.

I'm taking an Access Manager 7 Online Training Course through Sun Training right now, and it's good stuff. Don't get me wrong; it's excellent. I'm dying, I tell you! I just finished the fourth of 12 modules. There's a soothing instructor's voice talking me through the whole thing. Lots of screen casts. It's quite clear. Dying! Burning alive! It's killing me! High quality, state of the art, professional, online training. I highly recommend it if you like that kind of thing. I've learned a lot.

Give me a right-there-in-the-classroom instructor any day of the week. I actually took an instructor-led Access Manager class about a year and a half ago. Heaven! A delight. Of course, I didn't have to pay for it, so it was that much more delightful. Through Sun Training, I also once took a Solaris 10 instructor-led course. That was equally fantastic. That class made me want to be a better man, and that's as good as it gets.

What does this all mean to you? I have no idea. But, here's the link to all of the Identity Management Training courses. Perhaps you too will reach a higher state of consciousness. Unlikely, highly unlikely, but let's not count it out.

Thursday Nov 02, 2006

Access Manager Hollywood

I haven't quit my day job yet, but I might have a career in commercials.

I participated in a fun little "commericial" for Identity Management training. I've embedded here in my blog. Mostly, I wanted to see how hard it would be to add it here. It wasn't hard.

In the commercial, David Goldsmith is the interviewer. I'm the second person interviewed. For some reason, I keep looking at something. I don't remember what it was. It looks like I'm looking at the microphone. I think I was trying to understand the inner conflict of needing Identity Management training when I'm obviously heading toward a career as an actor.

Identity Management just for me

Wednesday Nov 01, 2006

So you want to play with Sun Java System Access Manager and Policy Agent?

So you want to play with Sun JavaTM System Access Manager and Sun JavaTM System Access Manager Policy Agent?

"A Wise policy" (with a British accent--what movie's that from?). It's the free-ness of playing with this stuff that makes it wise. Download the software, access the documentation, interact in the forums, look up all kinds of information at various Sun Microsystems web pages, install, configure, and experiment with the software all for free. However, there's no such thing as a free launch. So, you can't get free technical support, professional services, hardware, jewelery, training, and such; but still, a lot of stuff is free.

The question is "how exactly does one get to all this stuff?" Let me say, up front, I don't know. I'm going through this exercise to learn how it's done. I mean, I know some things. But some things I don't. I'll be looking up a lot of stuff as I go along. At least I'm not making up a lot of stuff as I go along. All the same, mistakes are likely.

I'll probably revise this info as time goes by. If people comment about where I've gone wrong or where I could go more right, I'll try to incorporate such comments into this entry. Otherwise, this will be an exercise in introspection, which is okay, too.

Software Downloads

Java Enterprise System 2005Q4 Downloads

Things to Know
Important Info about the Link
Download Sun Java Enterprise System software

The key here is to get Access Manager 7 (AM 7) and other key components. The First step is to download Java ES.
To provide a page from
which you can download
Sun Java Enterprise System
(Java ES) and even Solaris,
if you wish. The link is actually
to the Solaris Enterprise System
. Java ES is a part of the Solaris Enterprise System

With Java ES, you can install
most of the software needed for a deployment that includes
distributed applications. I'm
focusing on Access Manager 7
(AM 7). The figure below shows
how AM 7 fits in to
Java ES.

You can install any of the
Java ES components you want. Maybe, you just need Web Server, Directory
Server, & Access Manager. Maybe you need more. A lot is available in Java ES.
You will have to register to download this stuff. You'll create a "Sun Online Account." In my humble opinion, it's not too involved. Of course, I work for Sun Microsystems. My opinion could be influenced by a desire for the stock price to go up.

Also, from the general software download site,

The Link

many ways exist to get the same software. There are different ways in which this stuff is bundled. It can be confusing. How's your tolerance for ambiguity?
The following is a screen shot from the page (it's a link, too). See! you can download Solaris, Sun Java Enterprise System, and more. Notice the Sun Java Identity Management Suite. That might work for you better than the entire Java ES download. It's all good, whatever you decide.

I've provided the image below because I don't even want you to have to click a link and wait to see what's there.

The Solaris Enterprise System Download Page

Java Enterprise System Infrastructure

The following image (it's a link, too) comes from Sun Java Enterprise System 2005Q4 Technical Overview

By the way, I like that manual. I wouldn't mind hearing comments, good or bad, from people about it. Does it cover the areas you would expect (things like that)?

Java ES Components

(from the manual) The operating system platforms shown in the figure are not formally part of Java Enterprise System; however, they are included to show the operating system platforms on which Java ES components are supported.

(from me) Java ES changes from release to release. Not all the components shown above, such as those in the "User Collaboration" row will come with Java ES in the future.

In the figure above, Policy Agent isn't mentioned. Either is Identity Manager or Federation Manager. Identity Manager is used for user provisioning while Federation Manager is kind of like Access Manager, only bigger. Therefore, federation manager allows user's to access content/resources controlled by different service providers ("service provider" is a broad term; it often equates to a single company). So those service providers have to work together very closely.

Policy Agent, Identity Manager, and Federation can all work with Access Manager, but none of them are currently components of Java ES, which explains why they aren't mentioned in the figure. Below a little ways, I explain how to download individual agents of the Policy Agent 2.2 software set. At this time, I'm not going to get too much into Identity Manager or Federation Manager.

However, three links follow, one for downloading Identity Manager, one for Identity Manager documentation, and one to download Federation Manager. The Federation Manager documentation collection is mixed with the Access Manager documentation collection. Keep going down this page and you'll see links to the overall Access Manager documentation collection.

Policy Agent 2.2 Software Downloads

Things to Know
Important Info about the Link
Download Policy Agent 2.2 Software

The Link

The key here is to get the specific agent from the Policy Agent 2.2 software set that you want.

To provide a page from which you can download a specific agent from the Policy Agent 2.2 software set.

While it might be possible to set up an  Access Manager deployment  without an agent, it's rare in the real world.

Same info as with Java ES about registering and stuff.

Also, from the general software download site, you can get a view of all the software listed alphabetically,

The Link

which isn't pretty, but it is complete.

The following is a screen shot that shows the type of info on this page (the screen shot is a link, too). This shows three of the many agents available in the Policy Agent 2.2 software set.

Excerpt of Policy Agent 2.2 Downloads


Access the Java Enterprise System 2005Q4 Documentation Collection

There's a lot to the Java ES documentation collection. There are the usual suspects, such as Sun Java Enterprise System 2005Q4 Installation Planning Guide. However, I'm just listing the documents that might be less obvious, but more beneficial since they'll  point you to many of the documents that you might require, depending upon what you're trying to accomplish.

Anyway, I'm starting with links to the Java ES documentation collection, then to the Access Manager documentation collection, and finally to the Policy Agent documentation collection. Individual document links are to HTML versions. You'll find a PDF version of many of these documents, too. Find the PDF version by accessing the collection link instead of the individual document link.
Link Key Documents
Things to Know Important Info about the Link
Access the Sun Java Enterprise System 2005Q4 Document Collection

Installation and Initial Configuration (UNIX Platforms) This document links to Java ES installation-related topics, regardless of which document the topic appears in.

The topic-based thing really works for some. If you're one, then have fun.
The following is a screen shot of the page (it's a link, too). This shows the entire Java Enterprise System document collection. It's not impossible for the collection to change. Therefore, visit the page if you want to ensure that what you see is what you get.

The Java ES Document Collection

Sun Java Enterprise System 2005Q4 Documentation Roadmap
This document is also included in the Access Manager document collection. It gives ideas of how to use the various documents for the various components that make up Java ES.
Sun Java Enterprise System 2005Q4 Installer Tutorial There are a lot of components in Java ES. Which ones to install and how to prepare for the configuration of them can boggle the mind. This tutorial is supposed to calm your mind.
Installation and Uninstallation FAQs (UNIX Platforms) There are a lot of components in Java ES, which lends itself to questions, voices basically. This list of FAQs is supposed to calm your mind by quieting the voices.

Access the Access Manager 7 Document Collection

It's a similar deal here with this document collection. There are the usual suspects, such as Sun Java System Access Manager 7 2005Q4 Administration Guide. No doubt, you're going to want to be all over that guide. Guidance on what docs to use is provided in the Java ES doc collection, such as in the Sun Java Enterprise System 2005Q4 Documentation Roadmap. All the same, I'm listing some of the less obvious docs that I think can be extremely useful.
Link Key Documents
Things to Know Important Info about the Link

Access the Access Manager 7 Document Collection

The Link
Sun Java System Access Manager 7 2005Q4 Documentation Center This document links to Various Access Manager 7 topics, regardless of which document the topic appears in. The document includes links to the Policy Agent 2.2 docs.

The topic-based thing again. If you're so inclined, spend the time.
The following is a screen shot of the page (it's a link, too). This shows the Access Manager 7 document collection. It's not impossible for the collection to change humunuh humunuh. Therefore, visit the page if you want to ensure that what you see is what you get.

You'll notice that a some of the documents listed here are actually from the Java ES documentation collection. The idea is that you can go directly to the Access Manager documentation collection and, from here, link to everything you need.

Access Manager Document Collection
Deployment Example: Access Manager Load Balancing, Distributed Authentication, and Session Failover DON'T IGNORE THIS DOCUMENT! Expect deployment example docs, like this one, to come out regularly. Even if the deployment doesn't apply exactly to your situation, it's useful. Some deployment docs, such as this one, lay out the whole process of using Java ES, Access Manager, Policy Agent, etc. Good Stuff!
Sun Java System Access Manager Policy Agent 2.2 User's Guide This document appears in the Access Manager document collection and the Policy Agent document collection. A couple of cool things about this document are that it lists the agents by the two different agent types: J2EE agents and web agents, and that you can easily see the supported platforms for all the agents of each agent type. 

Access the Policy Agent 2.2 Document Collection

Access Manager is updated when Java ES is updated. However, Policy Agent is not. Policy Agent 2.2 pretty much marches to the beat of a different drummer. This reflects itself in the documentation as well. For Policy Agent 2.2, new agents are constantly being introduced. Every time a new agent is released, the Sun Java System Access Manager Policy Agent 2.2 User's Guide is updated and the Sun Java System Access Manager Policy Agent 2.2 Release Notes are also updated.
Link Key Documents
Things to Know Important Info about the Link
Access the Policy Agent 2.2 Document Collection

Sun Java System Access Manager Policy Agent 2.2 Release Notes The Release Notes cover all the agents in the Policy Agent 2.2 software set. Therefore, this doc is perhaps more "living" than most "living docs." You can expect a "Known Issue" for one agent or another to pop up in the Release Notes overnight.

The other docs are updated kind of often, too. Therefore, if you print out hard copies of any of the agent docs, be afraid. If you have a hard copy of an agent doc for a few months, there's a fair chance that it's not the most current document. OK, maybe you don't have to be afraid, but be aware.
The following is a screen shot of the page (it's a link, too). This shows the Policy Agent 2.2 document collection. This collection changes every 5 minutes. Well, not that fast, but it changes quickly. Plan accordingly. I don't know how you'd plan for that, but be aware of it anyway.

Policy Agent 2.2 Document Collection

More Information

Access a Variety of Other Forms of Information

In the Sun Microsystem's universe, it seems all things are connected. You'll find the links below seem to cross back and forth in and around each other.
Things to Know
Access Manager Related Stuff From This Link

Access "BigAdmin:
System Administrator Resources and Community"

This site is for system administrators. But like I implied above, it's all mixed and inter-connected. Whatever your role, you can find something you like at this site.
The BigAdmin portal is an interactive Web-based repository of resources for system administrators: 
FAQs, docs, education, resources, patches, scripts, software, and services and support.
You'll find documents here that are not part of the official documentation.

Single Sign-On Using Sun Java System Access Manager 2005Q4 and Sun Java System Access Manager Policy Agent 2.2

Installing, Managing, and Using Sun Java System Access Manager and Sun Java System Identity Manager on the Solaris 10 OS

Access "Sun Developer Network (SDN)"

This site is for developers. However, plenty of other people can benefit from it, too. Lots of good stuff here.
You should register for a Sun Online Account if you haven't already. I believe it's the same account required to download Sun software. Otherwise, you'll be going along and suddenly be blocked from accessing the good stuff.
You can join forums from SDN. Of course, I"m focusing on Access Manager here, but there are lot of other things.

Access Manager and Policy Agent Related Forums

Access Sun Blogs

For Sun Microsystem's employees to write almost anything they want.
Truth is you probably know as much as I about Sun blogs. Chances are that my blog isn't the first Sun Blog you've read. Blog info is the most cutting edge at Sun. It's also the most likely to be inaccurate. So it's give and take, give and take.
You can search the page for blogs related to Access Manager software and Policy Agent software. Below, I'll list one very Access Manager related blog. From that one person's blog, you should be able to become one with everything, or something like that. Like I've already implied, if your into Access Manager, you probably know all about this person's blog:

Pat Patterson's Blog

The Link

Okay, so that's probably more info than you know what to do with. Let me mention Sun Java Enterprise System Training. There, I mentioned it. I'm sure there are many other things to mention. Maybe I'll mention them later.

Friday Oct 20, 2006

Where?! Where?! Sun Java System Access Manager Related Info???

There's a great "document???" out there (and right here in this blog).

This "document" shows where stuff is. "What stuff?" you ask. Good question and it's about time you asked it. The answer is Sun JavaTM System Access Manager, Sun Java  TM System Federation Manager, and Sun JavaTM System Access Manager Policy Agent stuff.

The information is actually in various different documents strewn across the universe. The "document" in question that brings it all together is a documentation center that lists the info in topics and provides links to those topics. Sometimes the link is to a full guide, sometimes it's to a small section of one  guide or another. This doc center has a title:

Sun JavaTM System Access Manager 7 2005Q4 documentation collection

My question is, "Can I just cut and paste that whole doc center right here into my blog?"
You should know the answer since you're looking at the end result, but what about me?
Here's the link, for future reference, to this "Documentation Center:"

Here's the official intro:

"This page contains links to commonly referenced information in the Sun JavaTM System Access Manager 7 2005Q4 documentation collection."'s the

Documentation Center

Getting Started

Planning Your Access Manager Deployment

Configuring Access Manager After Installation

Implementing Access Manager Deployment Design

Administering Realms

Administering Data Stores

Configuring and Developing Access Manager Authentication

Configuring and Developing Access Manager Policies

Installing and Using Access Manager Policy Agents

Managing User Sessions and Single Sign-On

Configuring and Managing Access Manager Federation

Using Federation Manager

Using Access Manager Authentication Web Services

Using Access Manager Data Web Services

Using the Access Manager Discovery Service

Using the Access Manager SOAP Binding Service

Administering SAML

Using the SAML v2 Plug-in for Federation Services

Using the Access Manager Logging Feature

Using the Client SDK

Customizing Access Manager

Using Access Manager Code Samples

Using Access Manager Command Line Utilities

Tuning Access Manager and Components


How does tha t look? This blogging thing! I'm trying to get used to it. I just figured out that I could write in the blog with an HTML editor. I was doing everything through my vague memory of HTML. I actually had to read the manual to figure out how to edit the settings to change the writing mode to an HTML editor. The manual is a bit lengthy. These technical writers, what's up with them? I still had to view the source from time to time to manually add an edit. Why? I don't know. Some edits didn't take in the HTML editor. Or at least the editor puts up a fight before accepting the change. It seems I have to present my argument to the HTML editor, explaining why the change is necessary; after two or three minutes, it might or might not concede.

Anyway, that's the Documentation Center story. I hope to have another story soon.

Disclaimer: I work at Sun Microsystems. The opinions expressed here are my own, and neither Sun nor any other party necessarily agrees with them. In fact, I would expect a fair number of people to disagree with them. Sometimes, I wonder if anyone, anywhere agrees with me ever. But that's another story.

What does this box do?


« July 2016