...
Default User Password
User = amAdminamadmin
Pass = Adam's password+
Server Settings
...
Originally I wanted to use OpenDJ but there's some issues all over the place so instead I willl will use their internal data store for the Configuration Data Store settings.
First Instance = selected
Data Store = OpenDS or Sun Java System Directory Server
SSL/TLS Enabled = no
Host Name = opendj.tin-pham.com
Port = 1389 (or whatever you chose for you directory server)
Root Suffix = dc=opensso,dc=tin-pham,dc=com
Login ID = cn=Directory Manager
Password = Adam's password+
Also,
| Panel |
|---|
ForgeRock also recommends using the embedded LDAP server as the configuration store when you have four or fewer instances of OpenAM in production. |
| Warning |
|---|
Due to a bug, hostname with a single . will not work. For example, kyrypton.com will not work but www.krypton.com or opendj.krypton.com will work. |
| Note |
|---|
Regarding the Root Suffix, I wonder if we need to use a different one for the config data versus user data. |
If you really want to use an external data store for the Configuration read https://wikis...forgerock.org/confluence/display/openam/Configure+an+external+OpenDJ+or+OpenDS+as+the+configuration+store
User Data Store Settings
The OpenAM data store is not supported in the production environment per the wizard.
...
But no instructions on how to do this or even why we need to do this.
Ah, I figured it out. By default OpenAM selects the user running the web container's home directory as the location for the OpenAM configuration files. It is saying to set permissions up so other users can not modify it. In our case, we are using serveradmin as the user running the web container, but then we choose a more explicit directory /opt/openam-config and is already configured to only allow staff and svradm.