Monday, December 21, 2015

CA SiteMinder Admins Guide to ForgeRock OpenAM: Part 3- Install and configure OpenAM

Recently I joined ForgeRock as a senior consultant. After almost 15 years in the ops and integration world, working with SiteMinder, a bunch of peers have been asking me how SiteMinder compares to OpenAM and how they differ. So, now as a fully biased ForgeRock employee, I am documenting the process of translating that SiteMinder suite knowledge into OpenAM.

In a series of blogs I will describe OpenAM from the viewpoint of a SiteMinder Admin, mainly myself, learning the similarities and differences as one with such background wishes to quickly come up to speed with ForgeRock’s OpenAM platform. The scope will not be to compare point by point every single feature of SiteMinder and OpenAM, but will be an introduction to OpenAM by deployment and integration of a sample app. 

Part 3 - The Basics - Installing OpenAM

Instructions can be found here for linux based install: 

Prerequisites: Apache or IIS, Tomcat App server, and JDK 7 or higher.
If using Apache, download from here:
Download Tomcat from here:
Download the OpenAM war file from here:
Download the OpenAM Web Policy Agent from here:

For  this example i will setup on Windows since Linux is fully documented. I’ll be using IIS instead of apache. 
After installing JDK, install tomcat. For windows, it would be recommended to install the 64-bit Windows Service Installer. This simplifies the start/stop via services. 

After installing Tomcat, update some Java settings. From start menu->Apache Tomcat 7.0 Tomcat7->Configure Tomcat

Click on the Java tab. Update the Options section by adding -XX:MaxPermSize=256m. Next update the Maximum memory pool to 2048. 

Start Tomcat to validate the app server is working. Once confirmed, shutdown tomcat to deploy OpenAM.

Take the downloaded OpenAM-12.0.0.war and copy it to \Tomcat7.0\webapps\. Rename the file to open.war. 
Start Tomcat. Once the war file is deployed and tomcat fully started, browse to where it is deployed in tomcat. In my example, its

Click on Create New Configuration. Agree to License and continue.

Step1 - enter a password for amAdmin, the root account for OpenAM.

Step2 - Server Settings. I like to change the Configuration Directory by adding “cfg” for config at the end of the folder name. On Linux, i don’t like having it on /home// but instead prefer to have it on some dedicated file system similar to where tomcat is deployed. 

Step3 - Configuration Data Store Settings. This is an ldap instance that is created and used to store the OpenAM configurations. Default settings are fine. 

Step4 - User Data Store. This is your LDAP instance which contains your users. 

Step5 - Site Configuration. Since this is just a single node lab setup, this can be skipped. 

Step6 - Default Policy Agent User. Set password for the default Policy Agent. This is similar to the ‘hostadmin’ account on SiteMinder. It is used for not just registration of the agent but also on-going communication. 

Step7. Summary of configurations. Click on Create Configuration to complete install. 

Once complete, proceed to login screen and login.


Now On to Part 4 to install the agent. 


  1. UEFA BET , or UFABET, is a comprehensive online betting service website without any agents or agents. Which has a wide variety of games and sports to choose from Including many types of online casinos, UFABET can be considered as an online gambling site that most people prefer to use. Because with a website design that is easy to use and does not need to understand a lot In addition, this website also supports many languages, including Chinese, Hong Kong, Thai, English, so most users, both new and old, choose to switch to the service with สมัคร ufa Bet more. The best online gambling sites in Asia.