Command-line reference
install-openam - install Access Management
Description
Command to install and setup an AM instance.
The following parameters are required:
--adminPwd amAdmin-password
-
Specifies the password of the
amAdmin
user. If the--cfgStoreDirMgrPwd
option is not specified, this value is also the password of the configuration store’s directory manager user.The password must be at least 8 characters in length.
--serverUrl protocol://FQDN:port/URI
-
Specifies the protocol, URL, port, and deployment URI of the AM instance. For example,
https://openam.example.com:8443/openam
.
The following options are available:
--acceptLicense
-
Specifies that the user accepts Amster usage terms and conditions.
--authorizedKey
path-
Specifies the path to an SSH public key file. The content of this file is appended to the
authorized_keys
file of the newly-installed AM instance, allowing users to connect to it with Amster after the install completes.For more information about connecting to AM with Amster, refer to Connect to AM.
--cfgDir
path-
Specifies the configuration directory where AM stores files. It also stores the embedded directory server, when applicable.
Default:
$HOME/openam
--cfgStore
embedded|dirServer-
Specifies the type of the configuration data store. Possible values are:
-
embedded
: Amster installs AM with an embedded DS server to act as the configuration, identity, and CTS stores.For evaluation deployments only.
-
dirServer
: Amster installs AM on an external DS server to act as the configuration store.When you install AM with an external configuration store, you must also use an external identity store. By default, identities are stored in the same directory server instance as the configuration store.
Default:
embedded
-
--cfgStoreAdminPort
port-
Specifies the administration port number for the configuration store.
Default:
4444
--cfgStoreDirMgr
username-
Specifies the distinguished name of the directory manager user for the configuration store.
Default:
uid=admin
--cfgStoreDirMgrPwd
password-
Specifies the password of the directory manager user for the configuration store.
Default: If not set, it takes the password defined for the
--adminPwd
option. --cfgStoreHost
FQDN-
Specifies the FQDN of the configuration store, for example,
config.example.com
Default:
localhost
--cfgStoreJmxPort
port-
Specifies the Java Management eXtension port number for the configuration store.
Default:
1689
--cfgStorePort
port-
Specifies the LDAP or LDAPS port number for the configuration store.
Default:
50636
--cfgStoreRootSuffix
DN-
Specifies the root suffix DN for the configuration store.
Default:
dc=openam,dc=forgerock,dc=org
--cfgStoreSsl [SIMPLE|SSL]
-
Specifies whether AM should connect to the configuration store over SSL. Possible values are
SIMPLE
, for non-secure connections, andSSL
, for secure connections.Default:
SSL
--cookieDomain
domain-
Specifies the name of the trusted DNS domain AM returns to a browser when it grants a session ID to a user.
Default: FQDN used in the
--serverUrl
option --installLocale
locale-
Specifies the locale to use during the install process.
Default:
en_US
--lbPrimaryUrl
URL-
Specifies the load balancer URL of the site, such as
https://lb.example.com:443/openam
--lbSiteName
name-
Specifies the name of the site to create, if any.
--platformLocale
locale-
Specifies the default locale for the AM installation.
Default:
en_US
--pwdEncKey
key-
Specifies the encryption key value used to encrypt passwords in the AM instance. For example
O6QWwHPO4os+zEz3Nqn/2daAYWyiFE32
.If you’re installing an AM instance that will use existing data, you must provide the same encryption key value originally used to encrypt the passwords in those data stores.
To locate the encryption key value in an AM instance, navigate to Deployment > Servers > Server Name > Security > Encryption.
If you are installing a new AM instance that will not be using existing data in a data store, you can leave this property empty. AM will generate a random encryption key during installation to encrypt the data that will be added to the data store.
This option is required when configuring an AM instance into a site, and must be set to the encryption key configured for the rest of the servers in the site. Failure to set this option to the appropriate value will cause the original encryption key to be overwritten, which will render the site unable to read the configuration, and the user stores.
Default: No value; a random encryption key is generated during installation
--userStoreDirMgr
username-
Specifies the distinguished name of the directory superuser for the user store, for example,
uid=admin
.Default: Not set
--userStoreDirMgrPwd
password-
Specifies the password of the directory manager user for the user store.
Default: Not set
--userStoreDomainName
FQDN-
Specifies the Active Directory Domain Name, such as
ad.example.com
, when the--userStoreType
option is set toLDAPv3ForADDC
.Default: Not set
--userStoreHost
FQDN-
Specifies the FQDN of the configuration store, for example,
opendj.example.com
Default: Not set
--userStorePort
port-
Specifies the LDAP or LDAPS port number for the configuration store.
Default: Not set
--userStoreRootSuffix
DN-
Specifies the root suffix DN for the user store.
Default: Not set
--userStoreSsl [SIMPLE|SSL]
-
Specifies whether AM should connect to the user store over SSL. Possible values are
SIMPLE
, for non-secure connections, andSSL
, for secure connections.Default: Not set
--userStoreType
type-
Specifies the type of user store to use when installing AM with an external configuration store. Possible values for type are:
-
LDAPv3ForOpenDS
, for DS stores. -
LDAPv3ForAD
, for Active Directory with host and port settings. -
LDAPv3ForADDC
, for Active Directory with domain name setting. -
LDAPv3ForADAM
, for Active Directory Application Mode. -
LDAPv3ForODSEE
, for Sun/Oracle DSEE. -
LDAPv3ForTivoli
, for IBM Tivoli Directory Server.
When using the
LDAPv3ForADDC
store type, set up the--userStoreDomainName
option to the Active Directory Domain Name, for examplead.example.com
. Default: Not set -