OpenAM install notes

Did a trial install on an old workstation at home. Notes follow.

Steps followed:

1. Created tomcat user. Moved home directory to /opt/apache/tomcat (note that I used the latest stable binary tomcat tarball and the Sun/Oracle JDK for Linux x86_64 on this project — choices I hope to explain in a future post).

Modified /opt/apache/tomcat/bin/ to put these variables at the top:

CATALINA_OPTS="-server -Xmx1024m -XX:MaxPermSize=256m"

(All the above except for CATALINA_OPTS are also written to the top of

Re $CATALINA_OPTS: On my anemic system setting $CATALINA_OPTS to reserve 1 Gb for JVM heap and a permanent gen size of 256 Mb was necessary to even run the installer.

2. Installed Tomcat 7 to /opt/apache/tomcat. Created /etc/init.d/tomcat script and ran chkconfig to provide for startup on reboot.

3. Configured manager account with all roles (manager-gui, manager-script, manager-jmx, admin-gui, admin-script).

4. Unzipped and then drilled down to deployable-war and renamed opensso.war to openam.war, copied to $CATALINA_HOME/webapps.

5. Create an OpenAM server config directory, /opt/openam/server. Make tomcat the owner.

6. Went to OpenAM url, Selected “Custom Configuration”.

7. Enter the Default User [amAdmin] password.

8. Accept the default OpenAM Config Data Store (this is actually an embedded OpenDS LDAP server — replaced by ForgeRock’s very impressive OpenDJ fork of OpenDJ in the next major version — more on OpenDJ in a future post). Enter /opt/openam/server as the OpenAM config directory.

9. Enter configuration details for your own LDAP directory, if using 389 Directory or a legacy Sun Directory (this includes the latest DSEE re-branded by Oracle), choose “Sun Directory with OpenAM Schema” (the installer will update the directory schema and index some of the new attributes over LDAP).

10. Enter the default Policy Agent [UrlAccessAgent] password.

11. Confirm the config details in the summary screen and then initiate configuration.

12. After installer configuration completed, logged in with amAdmin account.