Access Management 7.3.1

Change host names

Changing AM host names involves the following high-level steps:

  • Add the new host name to the Realm/DNS Aliases list.

  • Export, edit, then import the configuration.

    This step relies on the ssoadm command, which you install separately from AM as described in Set up administration tools.

  • Stop AM and edit configuration files.

  • Remove the old host name from the Realm/DNS Aliases list.

Before you start, make sure you have an up to date backup of your installation. See Back up configurations for instructions.

Add the new host name as an alias

  1. In the AM admin UI, go to Realms > Realm Name and click Properties.

  2. Add the new host name to the Realm/DNS Aliases list, and save your work.

Export, edit, and import the service configuration

  1. Export the service configuration:

    $ ssoadm \
     export-svc-cfg \
     --adminid uid=amAdmin,ou=People,dc=openam,dc=forgerock,dc=org \
     --encryptsecret myEncryptSecretString1234 \
     --password-file /tmp/pwd.txt \
     --outfile config.xml
    Service Configuration was exported.

    AM uses the value entered in --encryptsecret to encrypt passwords stored in the backup file. It can be any value, and is required when restoring a configuration.

  2. Edit the service configuration file:

    • Change the fully qualified domain name, such as openam.example.com, throughout the file.

    • If you are changing the context path, such as /openam, make the following changes:

      • Change the value of com.iplanet.am.services.deploymentDescriptor.

      • Change contextPath in the value of the propertiesViewBeanURL="contextPath/auth/ACServiceInstanceList".

      • Change contextPath in the value of propertiesViewBeanURL="contextPath/auth/ACModuleList".

      • Change the context path in a <Value> element that is a child of an <AttributeValuePair> element.

      • Change the context path where it occurs throughout the file in the full URL to AM, such as http:&#47;&#47;openam.example.com:8080&#47;contextPath.

    • If you are changing the port number, change the value of com.iplanet.am.server.port.

      Also change the port number in host:port combinations throughout the file.

    • If you are changing the domain name, change the cookie domain, such as <Value>.example.com</Value>, throughout the file.

  3. Import the updated service configuration:

    $ ssoadm \
     import-svc-cfg \
     --adminid uid=amAdmin,ou=People,dc=openam,dc=forgerock,dc=org \
     --encryptsecret myEncryptSecretString1234 \
     --password-file /tmp/pwd.txt \
     --xmlfile config.xml
    Directory Service contains existing data. Do you want to delete it? [y\|N] y
    Please wait while we import the service configuration…​
    Service Configuration was imported.

Edit configuration files for the new host name

  1. Stop AM or the web container where it runs.

  2. Edit the boot properties file, such as /home/user/openam/boot.json, changing the fully qualified domain name (FQDN), port, and context path for AM as necessary.

  3. If you are changing the context path, move the folder containing AM configuration, such as /home/user/openam/, to match the new context path, such as /home/user/openam2/.

  4. If you are changing the location or context path, change the name of the file in the /home/user/.openamcfg folder, such as AMConfig_path_to_tomcat_webapps_openam_, to match the new location and context path.

    Also edit the path name in the file to match the change you made when moving the folder.

  5. Restart AM or the web container where it runs.

Remove the old host name alias

  1. In the AM admin UI, go to Realms > Realm Name, and click Properties.

  2. Remove the old host name from the Realm/DNS Aliases list, and save your work.

Copyright © 2010-2024 ForgeRock, all rights reserved.