How do I set up Realm DNS Aliases in OpenAM 13.x?
The purpose of this article is to provide information on setting up Realm DNS Aliases in OpenAM.
1 reader recommends this article
Archived
This article has been archived and is no longer maintained by ForgeRock.
Setting up Realm DNS Aliases
Realm DNS aliases are an alternative to using Fully Qualified Domain Names (FQDNs) in OpenAM as they implicitly add the realm to the request. For example, http://host1.example.com:8080/openam/XUI/#login/ is interpreted as http://host1.example.com:8080/openam/XUI/#login/&realm=myrealm when realm DNS aliases are used.
Warning
Realm DNS aliases must be unique; you cannot have the same realm DNS alias configured in more than one realm, this can cause the server to become unresponsive.
AM 5 and later
See Setup and Maintenance Guide › To Configure DNS Aliases for Accessing a Realm for further information.
OpenAM 13
You can set up realm DNS aliases in sub-realms as follows:
- Specify the realm DNS alias in the sub-realm using either the console or ssoadm:
- Console: navigate to: Realms > [Realm Name] > Properties > Realm/DNS Aliases and ensure the appropriate DNS aliases are specified.
- ssoadm: enter the following command: $ ./ssoadm set-realm-attrs -s sunIdentityRepositoryService -e [realmname] -u [adminID] -f [passwordfile] -p -a sunOrganizationAliases=[DNSAlias] replacing [realmname], [adminID], [passwordfile] and [DNSAlias] with appropriate values.
- Map the FQDN to the realm DNS alias using either the console or ssoadm:
- OpenAM 13.5 console: navigate to Configure > Server Defaults > Advanced and add the com.sun.identity.server.fqdnMap[realmDNSalias] property with a value of realmDNSalias for each realm DNS alias. For example: property name: com.sun.identity.server.fqdnMap[host1.example.com] property value: host1.example.com
- OpenAM 13 console: navigate to Configuration > Servers and Sites > Default Server Settings > Advanced and add the com.sun.identity.server.fqdnMap[realmDNSalias] property with a value of realmDNSalias for each realm DNS alias.
- ssoadm: enter the following command: $ ./ssoadm update-server-cfg -u [adminID] -f [passwordfile] -s default -a com.sun.identity.server.fqdnMap[realmDNSalias1]=realmDNSalias1 com.sun.identity.server.fqdnMap[realmDNSalias2]=realmDNSalias2 replacing [adminID], [passwordfile] and realmDNSalias with appropriate values. The first instance of the realmDNSalias mapping must be contained within [ ]. For example: $ ./ssoadm update-server-cfg -u amadmin -f pwd.txt -s default -a com.sun.identity.server.fqdnMap[host1.example.com]=host1.example.com com.sun.identity.server.fqdnMap[openam.example.net]=openam.example.net
- Restart the web application container in which OpenAM runs to apply these configuration changes.
See Also
How do I set up Realm DNS Aliases in AM (All versions) when CDSSO is configured?
Administration Guide › Configuring Realms
Related Training
ForgeRock Access Management Core Concepts (AM-400)
Related Issue Tracker IDs
OPENAM-8836 (Realm alias in XUI Admin Console should be reflected in fqdnMap)
OPENAM-8416 (Matching DNS alias in realms breaks user authentication and locks out amadmin)
OPENAM-8207 (OpenAM allows creation of duplicate realm mappings - rendering logon impossible)
OPENAM-5892 (same Realm/DNS alias can be configured in two different realms)