Thursday Jul 23, 2009

Change Amadmin Password

Someone might want to change the super user amadmin's password of Access Manager (AM) 7.0 or 7.1 for various reasons. Be careful. It is tricky. If you try to change it directly on Directory Server (DS), you would find that you can not login as amadmin any more.

[Read More]

Tuesday Dec 16, 2008

Removing Authentication Module From Auth Chain On Command Line

Someone asked me for help to correct an Access Manager 7.1 environment. The default auth chain "ldapService" was modified on this AM7.1 instance by adding anonymous module as required. However, the anonymous module was not configured right to include amadmin in the user list. After this change, amadmin can not login any more to the default auth chain.

[Read More]

Tuesday Jul 08, 2008

Sun Alert 201538

A new Sun alert 201538 was released June 26, 2008 - Access Manager Does not Securely Process XSLT Stylesheets contained in XML Signatures. It is actually a bug 6519471 in xml signing software bundled in AM. The fixed xmlsec.jar is now bundled in AM patches, 7.1p1, 7.0p6, 6.3p12, 6.2p15 and 6.1p22 in varies platform forms. To check out the alert, click
http://sunsolve.sun.com/search/document.do?assetkey=1-66-201538-1.

Monday Jun 09, 2008

Virtual Federation?

A new term Virtual Federation was invented recently in identity federation world. It is actually a new name for Secure Attribute Exchange (SAE), a key capability of the upcoming Sun Federated Access Manager 8.0. Virtual Federation will help enterprises to overwhelm challenges, like scalability, legacy applications, transient and transaction data, protocols when doing federation.

[Read More]

Friday Feb 08, 2008

Password With Multi-byte Characters

Though it is almost impossible to crack a password that is composed of randomly chosen ASCII characters, you might want to make it more secure to use multi-byte characters, like Cyrillic letters or East Asian characters like Chinese, Korean, Japanese.

[Read More]

Monday Nov 05, 2007

Configure Session Failover on Access Manager 6.3

When testing AM6.3 patch12, session failover feature was reported not working. There is a NPE when checking whether a server instance is up or not. The amsessiondb process never received any READ requests. After some debugging, it appeared that the server ID of the Load Balancer (03, suppose 2 AM servers 01 and 02 in the cluster) have to be added to make it working.

However, in Deployment Planing Guide of AM6.3, it clearly states "Do not include the server ID of load balancer." in "Session Cluster Server List".

The root cause is that the person who set up the environment modified the value of "com.iplanet.am.localserver.host" in configure file AMConfig.properties when changing other properties "com.iplanet.am.server.host", "com.iplanet.am.console.host", "com.iplanet.am.profile.host" and "com.iplanet.am.naming.url". Properties "com.iplanet.am.localserver.xxx" should never change unless you have to modify the host name of the box.

Actually with localserver.host changed to the host name of LB, adding server ID of LB to the "Session Cluster Server List" could help session failover to work, but it may cause some performance issue, some unnecessary internal session routings.

About

gc

Search

Categories
Archives
« April 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today