The Access Manager User Self-Service Console is a web-based application that allows users to change or reset their passwords and update other attributes, such as first name, e-mail, and other custom properties without any intervention from an administrator.
Steps in Deploying Self Service Application :
1. Set up your application server environment as described in the documentation from the application server vendor.
2. Install the Lockbox dependencies. Self-Service Console uses Lockbox to retrieve the encryption key, for which the Lockbox dependencies must be installed on that machine.
3. Deploy the User Self-Service Console WAR file in your application server environment.
4. Configure the User Self-Service Console by editing its configuration file.
5. Access the User Self-Service Console through your client browser.
Generate Lockbox file:
Use below steps to generate lockbox. Create a lockbox file, if it was not generated while installing access manager servers (OR) Update the existing lockbox file with key item and key values.
lockbox-tool -passphrase <phrase> -lockbox <filepath>] -create <item-name> <value> -addhost <hosts>
e.g.
lockbox-tool -passphrase Password -lockbox "C:\Program Files\RSA\Access Manager Servers
6.2\conf\selfsrv.clb" -create selfsrv Password -addhost 10.10.10.10
Install the Lockbox file dependencies for Self-Service Console
This section is not required if you are installing the self-service on host other than access manager servers.
Else, copy lockbox files to the host where you intend to host self-service console.
3. Deploy WAR file on Apache Tomcat
Copy selfservice.conf from AXM_HOME/webapps to any other folder outside AXM_HOME
Create a folder axm-selfservice-gui-6.2.2 in Apache Tomcat webapps folder
copy axm-selfservice-gui-6.2.2.war from AXM_HOME/webapps and extract it to above folder created in Apache Tomcat webapps
update selfervice.conf_location in web.xm file with the location of selfservice.conf file
Update the selfservice.conf file for below values,
-Entitlement Server hostname/IP
-Entitlement Server Port
-Entitlement Server Admin username**
-Entitlement Server Admin Password**
-Lockbox filepath
-Key Item Name
**These values must be encrypted using EncryptUtil Tool, Please follow the below steps.
Open a cmd shell and navigate to AXM_HOME/bin
Run, EncryptUtil tool, Type:
encryptutil mode lockbox_file_path lockboxkeyitem param1=value1 param2=value2
e.g: encryptutil nonfips "C:\Program Files\RSA\Access Manager Servers 6.2\conf\lockbox.clb" selfservice userid=Administrator password=axm#00Dev
Copy the above encrypted values and update the selfervice file,
Define User Self-Service Properties using RSA Access Manager Administrative Console
ctscPasswordResetAttempts
ctscSecretQuestionAnswer
Configure Anonymous SSL
SelfService-EntitlementServer (selfservice.conf and aserver.conf file)
com.rsa.axm.selfservice.adapi.ssl=anon
cleartrust.eserver.api_port.use_ssl=anon
SelfService-Authorization server (selfservice.conf and aserver.conf file)
com.rsa.axm.selfservice.rtapi.ssl=anon
cleartrust.net.ssl.use=anon
Enable User Self-Service Console for Administrator
com.rsa.axm.selfservice.allow_admin=TRUE|FALSE
Configure Self-Service for New User Self Registration
com.rsa.axm.selfservice.user.registration.enabled=TRUE|FALSE
Edit other parameters as desired. Save the file and restart Application server, dispatcher/key server and entitlement server.
Point the browser to the user self-service console application URL.
http://localhost:8080/axm-selfservice-gui-6.2.2/
References : RSA Access Manager Servers Installation and Configuration Guide
No comments:
Post a Comment