Command-Line Reference

install-openam - Install Access Management

Synopsis

install-openam [options]

Description

Command to install and setup an AM instance.

The following parameters are required:

--adminPwd amAdmin-password

Specifies the password of the amAdmin user. If the --cfgStoreDirMgrPwd option is not specified, this value is also the password of the configuration store’s directory manager user.

The password must be at least 8 characters in length.

--serverUrl protocol://FQDN:port/URI

Specifies the protocol, URL, port, and deployment URI of the AM instance. For example, https://openam.example.com:8443/openam.

The following options are available:

--acceptLicense

Specifies that the user accepts Amster usage terms and conditions.

--authorizedKey path

Specifies the path to an SSH public key file. The content of this file is appended to the authorized_keys file of the newly-installed AM instance, allowing users to connect to it with Amster after the install completes.

For more information about connecting to AM with Amster, see Connect to AM.

--cfgDir path

Specifies the configuration directory where AM stores files. It also stores the embedded directory server, when applicable.

Default: $HOME/openam

--cfgStore embedded|dirServer

Specifies the type of the configuration data store. Possible values are:

  • embedded: Amster installs AM with an embedded DS server to act as the configuration, identity, and CTS stores.

    For evaluation deployments only.

  • dirServer: Amster installs AM on an external DS server to act as the configuration store.

    When you install AM with an external configuration store, you must also use an external identity store. By default, identities are stored in the same directory server instance as the configuration store.

    Default: embedded

--cfgStoreAdminPort port

Specifies the administration port number for the configuration store.

Default: 4444

--cfgStoreDirMgr username

Specifies the distinguished name of the directory manager user for the configuration store.

Default: uid=admin

--cfgStoreDirMgrPwd password

Specifies the password of the directory manager user for the configuration store.

Default: If not set, it takes the password defined for the --adminPwd option.

--cfgStoreHost FQDN

Specifies the FQDN of the configuration store, for example, config.example.com

Default: localhost

--cfgStoreJmxPort port

Specifies the Java Management eXtension port number for the configuration store.

Default: 1689

--cfgStorePort port

Specifies the LDAP or LDAPS port number for the configuration store.

Default: 50389

--cfgStoreRootSuffix DN

Specifies the root suffix DN for the configuration store.

Default: dc=openam,dc=forgerock,dc=org

--cfgStoreSsl [SIMPLE|SSL]

Specifies whether AM should connect to the configuration store over SSL. Possible values are SIMPLE, for non-secure connections, and SSL, for secure connections.

Default:SIMPLE

--cookieDomain domain

Specifies the name of the trusted DNS domain AM returns to a browser when it grants a session ID to a user.

Default: FQDN used in the --serverUrl option

--installLocale locale

Specifies the locale to use during the install process.

Default: en_US

--lbPrimaryUrl URL

Specifies the load balancer URL of the site, such as https://lb.example.com:443/openam

--lbSiteName name

Specifies the name of the site to create, if any.

--platformLocale locale

Specifies the default locale for the AM installation.

Default: en_US

--pwdEncKey key

Specifies the encryption key value that is used to encrypt passwords in the AM instance. For example O6QWwHPO4os+zEz3Nqn/2daAYWyiFE32.

If you are installing an AM instance that will be making use of exiting data in a data store, you must provide the same encryption key value originally used to encrypt the passwords in those stores.

To locate the encryption key value in an AM instance, navigate to Deployment > Servers > Server Name > Security > Encryption.

If you are installing a new AM instance that will not be using existing data in a data store, you can leave this property empty. AM will generate a random encryption key during installation to encrypt the data that will be added to the data store.

This option is required when configuring an AM instance into a site, and must be set to the encryption key configured for the rest of the servers in the site. Failure to set this option to the appropriate value will cause the original encryption key to be overwritten, which will render the site unable to read the configuration, and the user stores.

Default: No value; a random encryption key is generated during installation

--userStoreDirMgr username

Specifies the distinguished name of the directory superuser for the user store, for example, uid=admin.

Default: Not set

--userStoreDirMgrPwd password

Specifies the password of the directory manager user for the user store.

Default: Not set

--userStoreDomainName FQDN

Specifies the Active Directory Domain Name, such as ad.example.com, when the --userStoreType option is set to LDAPv3ForADDC.

Default: Not set

--userStoreHost FQDN

Specifies the FQDN of the configuration store, for example, opendj.example.com

Default: Not set

--userStorePort port

Specifies the LDAP or LDAPS port number for the configuration store.

Default: Not set

--userStoreRootSuffix DN

Specifies the root suffix DN for the user store.

Default: Not set

--userStoreSsl [SIMPLE|SSL]

Specifies whether AM should connect to the user store over SSL. Possible values are SIMPLE, for non-secure connections, and SSL, for secure connections.

Default: Not set

--userStoreType type

Specifies the type of user store to use when installing AM with an external configuration store. Possible values for type are:

  • LDAPv3ForOpenDS, for DS stores.

  • LDAPv3ForAD, for Active Directory with host and port settings.

  • LDAPv3ForADDC, for Active Directory with domain name setting.

  • LDAPv3ForADAM, for Active Directory Application Mode.

  • LDAPv3ForODSEE, for Sun/Oracle DSEE.

  • LDAPv3ForTivoli, for IBM Tivoli Directory Server.

When using the LDAPv3ForADDC store type, set up the --userStoreDomainName option to the Active Directory Domain Name, for example ad.example.com. Default: Not set