| Main Page Makefile  and SSL Configuration  for running samplesThis Readme contains instructions on how to setup the client machine
and SSL configurationinformation to run the samples in SSL mode.
 
 
 API_SAMPLES_DIR
on different platforms:
        Solaris Sparc/x86 : <install_root>/SUNWam/samples/authenitcation/api 
        Linux          
  : <install_root>/sun/identity/samples/authentication/api 
        W2K               : <install_root>\samples\authentication\api 
 CONFIG_DIR setting on different
Platforms: 
        Solaris Sparc/x86 :  /etc/opt/SUNWam/config 
        Linux          
  :  /etc/opt/sun/identity/config 
 PRODUCT_DIR setting on
different Platforms:Steps to run compile and execute the SampleSolaris
Sparc/x86
, Linux,Windows:
        To run the sample program you will need to
modify/verify  the following in Makefile:
           
              
                
                  | BASE_DIR | where Access manager is installed |  
                  | JAVA_HOME | where Java compiler is installed |  
                  | DOMAIN 
 | organization to login to 
 |  
                  | SHARE_LIB 
 | location of Access
Manager jars 
 |  
                  | JSS_JAR_PATH 
 | location of 
JSS jars 
 |  
                  | JSSPATH 
 | location of JSS
libraries 
 |  
                  | Following applies to Cert Sample
 only: 
 | 
 |  
                  | CERTNICKNAME 
 | Certificate nick name 
 |  
                  | URL 
 | Access Manger Server  URL in
https://<host>.<domain>:<port> format 
 |  
                  | PASSWORD 
 | Client Certificate DB Password 
 | Copy AMConfig.propertiesfrom Access Manager
server installation machine location CONFIG_DIR  to the
client
machine. (Note: For SSL check SSL
Configuration Setup , step 2).
Update the classpath in Makefile to include location of
AMConfig.properties.
Create directory "locale " and copy all the property files
from
Access Manager server installation machine's  "locale"
 directory  to the client machine. The locale directory on
the server machine can be found under the PRODUCT_DIR.Update the classpath in Makefile to include location
of  "locale" files.
Include jaas.jar in your classpath
if you are using JDK version less than JDK1.4 To compile, 
          Solaris Sparc/x86 , Linux  -  gmake W2K            
 
     
               
-  make To run the sample program, execute
          Solaris Sparc/x86,Linux  -  gmake runW2K                                   
-  make run
 
       Common Configuration
for all SSL SetupSSL Configuration
Setup
  Following applies to LDAP and JCDI Samples :
        Common
Configuration for all JSSE Based Protocol Handler Setup
          com.iplanet.am.server.protocoltohttpscom.iplanet.am.server.portto the
appropriate port on the server machine  (Note: To use JSSE Based protocol handler, JDK1.5 or
later has to be used.)Using JSS Based
Protocol HandlerImport trust CA certificate that issued the server certificate into jdk
trust store :
 1.  Enable a SSL for Cert
authentication as per Cert.txt
 2.  Get the CA certificate in base64 encoded
format and save as text file
 3.  Use java keytool to import this
certificate into "default" trust store under
$JAVA_HOME/jre/lib/security/cacerts or user defined trust store.
 4.  If user defined trust store is
used for the sample, following property has to be set :
 -Djavax.net.ssl.trustStore=your-trust-store
 5.  For details, please reference Keytool
docs.  and Configuring
Access Manager in SSL Mode.
 
         
        Using JSSE
Based Protocol Handler with JKS Keystore
          Enable a SSL port for Cert Authentication as per the
            Cert readme file
instructions (if not already done).
Add this JVM property to the  Makefile in the "run"
target
            -D
"java.protocol.handler.pkgs=com.iplanet.services.comm" Copy AMConfig.propertiesfrom Access
Manager
server installation machine location CONFIG_DIR 
to the
client
machine.Edit the following properties inAMConfig.properties.
            com.iplanet.am.admin.cli.certdb.dir=<certificate
database directory>com.iplanet.am.admin.cli.certdb.prefix=<certificate
database prefix> 
          Create or copy certificate database file to  the
certificate db directory (directory name  in " com.iplanet.am.admin.cli.certdb.dir)Rename the file to have the prefix  specified in
 " com.iplanet.am.admin.cli.certdb.prefix" 
        Using JSSE
Based Protocol Handler with PKCS#12 Keystore
          Do
common configuration for all SSL setup 
Do
Common Configuration for all JSSE Based Protocol Handler Setup 
Add this JVM property to the  Makefile in the "run"
target
            -Djava.protocol.handler.pkgs=com.sun.identity.protocol-Djavax.net.ssl.keyStoreType=JKS-Djavax.net.ssl.keyStore=your-jks-keystore If the ssl server port is client auth enabled, add this
JVM property to the  Makefile in the "run"
targetor, application will prompt for password.
            -Djavax.net.ssl.keyStorePassword=your-passwdOr, -Djavax.net.ssl.keyStorePasswordFile=passwdfile 
          Create or copy jks keystore file to  the
keystore directory (directory name  in " javax.net.ssl.keyStore) 
        Using JSSE
Based Protocol Handler with PKCS#11 Keystore
          Do
common configuration for all SSL setup 
Do
Common Configuration for all JSSE Based Protocol Handler Setup 
Add this JVM property to the  Makefile in the "run"
target
            -Djava.protocol.handler.pkgs=com.sun.identity.protocol-Djavax.net.ssl.keyStoreType=PKCS12-Djavax.net.ssl.keyStore=your-keystore.p12 If the ssl server port is client auth enabled, add this
JVM property to the  Makefile in the "run"
targetor, application will prompt for password.
            -Djavax.net.ssl.keyStorePassword=your-passwdOr, -Djavax.net.ssl.keyStorePasswordFile=passwdfile 
          Create or copy pkcs#12 keystore file to  the
keystore directory (directory name  in " javax.net.ssl.keyStore) 
        For the details, please reference the Remote Client API
Java Docs.
          Do
common configuration for all SSL setup 
Do
Common Configuration for all JSSE Based Protocol Handler Setup 
Create pkcs#11 configuration fileExample :
name = NSS
 slot = 2
 library =
/usr/lib/mps/secv1/libsoftokn3.so
 nssArgs =
"configdir='dir-to-certdb' certPrefix='' keyPrefix=''
secmod='secmod.db' flags=readOnly"
 disabledMechanisms = {
 CKM_DSA_SHA1
 }
 
 Add this pkcs#11 provider to the  java.security fileExample :
security.provider.1=sun.security.pkcs11.SunPKCS11
/path-to-my-pkcs11/mypkcs11.cfg
 Add this JVM property to the 
Makefile in the "run"
target
            -Djava.protocol.handler.pkgs=com.sun.identity.protocol-Djavax.net.ssl.keyStoreType=PKCS11-Djavax.net.ssl.keyStore=NONE If the ssl server port is client auth enabled, add this
JVM property to the  Makefile in the "run"
targetor, application will prompt for password.
            -Djavax.net.ssl.keyStorePassword=your-passwdOr, -Djavax.net.ssl.keyStorePasswordFile=passwdfile Copy AMConfig.propertiesfrom Access
Manager
server installation machine location CONFIG_DIR 
to the
client
machine.Edit the following properties inAMConfig.properties.
            com.iplanet.am.admin.cli.certdb.dir=<certificate
database directory>com.iplanet.am.admin.cli.certdb.prefix=<certificate
database prefix> 
          Create or copy certificate database file to  the
certificate db directory (directory name  in " com.iplanet.am.admin.cli.certdb.dir)Rename the file to have the prefix  specified in
 " com.iplanet.am.admin.cli.certdb.prefix" |