Setting Up AM

This section contains procedures for setting up items in AM that you can use in many of the tutorials in this guide. For more information about setting up AM, see the Access Management Docs.

Set Up a Sample User in AM

Follow these steps to add an example user to the AM configuration:

In the AM console, select the top-level realm, and then select  Identities.
Click Add Identity and add a user with the following values:
- ID/username: george
- First name: george
- Last name: costanza
- Password: C0stanza
- Email Address: george@example.com
- Employee number: 123

Set Up an IG Agent in AM

In AM 7, follow these steps to set up an agent that acts on behalf of IG in the same domain. In AM 6.5 or earlier, follow the steps in "Set Up an IG Agent in AM 6.5 and Earlier". After the agent is authenticated, the token can be used to get the user profile, evaluate policies, and to connect to the AM notification endpoint:

In the AM console, select the top-level realm, and then select Applications > Agents > Identity Gateway.
Add an agent with the following values:
- Agent ID: ig_agent
- Password: password

Set Up an IG Agent in AM 6.5 and Earlier

In AM 6.5 and earlier versions, follow these steps to set up an agent that acts on behalf of IG. After the agent is authenticated, the token can be used to get the user profile, evaluate policies, and to connect to the AM notification endpoint:

In the AM console, select the top-level realm, and then select Applications > Agents > Java (or J2EE).
Add an agent with the following values:
- Agent ID: ig_agent for SSO, ig_agent_cdsso for CDSSO
- Agent URL: http://openig.example.com:8080/agentapp for SSO, http://openig.ext.com:8080/agentapp for CDSSO
- Server URL: http://openam.example.com:8088/openam
- Password: password
On the Global tab, deselect Agent Configuration Change Notification.
This option stops IG from being notified about agent configuration changes in AM, because they are not required by IG.
(For SSO in different domains) On the SSO tab, select the following values:
- Cross Domain SSO: Deselect this option
- CDSSO Redirect URI: /home/cdsso/redirect
(For enforcing AM policy decisions in different domains) On the SSO tab, select the following values:
- Cross Domain SSO: Deselect this option
- CDSSO Redirect URI: /home/pep-cdsso/redirect

Find the Name of Your AM Session Cookie

The procedures in this guide assume you are using the default AM session cookie, iPlanetDirectoryPro. If not, find your session cookie name, and substitute its value in the procedures.

In a terminal, access the AM serverinfo endpoint to find the session cookie name:

$ curl http://openam.example.com:8088/openam/json/serverinfo/*
     
      ...
      "cookieName": "iPlanetDirectoryPro"

Setting Up AM

Paul Bryan

Mark Craig

Jamie Nelson

Guillaume Sauthier

Joanne Henry