Sun Java System Access Manager 7.1: Config and Custom (AM-3480)

Description:

Sun Java System Access Manager is a security foundation that helps organizations manage secure access to an enterprise web application both within the enterprise and across business-to-business value chains. It provides open, standards-based authentication and policy-based authorization with a single, unified framework. It secures the delivery of essential identity and application information to meet current needs and to scale with growing business needs, by offering single sign-on, as well as enabling federation across trusted networks of partners, suppliers, and customers. The Sun Java System Access Manager: Configuration and Customization course provides students with a description of the role of Access Manager in an identity management solution. Students learn to configure, manage, administer, and customize Access Manager services, authentication, authorization, and federated identity. This comprehensive course covers a number of identity management concepts and Access Manager functions that range in complexity from introductory to advanced. This course does not cover basic installation, Java technology programming, Extensible Markup Language (XML), Lightweight Directory Access Protocol (LDAP), and Sun Java System Directory Server (Directory Server) concepts. These topics are covered in other Sun courses. The hands-on labs offered in this course might involve accessing equipment that resides at a location other than where the training is delivered.

Students who can benefit from this course:
* System engineers, professional services consultants, application developers, architects, and other technical personnel. The course is designed for those who must implement Access Manager in an existing infrastructure and adapt the product appearance and functionality to suit the specific enterprise requirements.

Objectives:

• Define the role of Access Manager and list the features and functions of Access Manager that address key business challenges
• Configure Access Manager and Policy Agents
• Configure and customize authentication and SSO
• Configure, administer, personalize, and customize authorization
• Describe the Security Assertions Markup Language (SAML) and federated identity, and their implementation in Access Manager
• Implement advanced deployment scenarios, including high availability

Prerequisites:

Required Prerequisites:
Demonstrate proficiency with the Solaris Operating System (Solaris OS)
Navigate a directory information tree (DIT)
Install the Sun Java Enterprise System
Demonstrate proficiency with XML and interpret Document Type Definition (DTD) files

Suggested Prerequisites:
Demonstrate familiarity with Hypertext Markup Language (HTML
Demonstrate familiarity with Java programming and JavaServer
Demonstrate familiarity with Hypertext Markup Language (HTML
Demonstrate familiarity with Java programming and JavaServer

Topics:

Installing Sun Java System Access Manager
Define identity and federated identity
Describe the Sun Java System identity management framework
Identify Access Manager components
Describe Policy Agent software
Describe the hardware and pre-installed files on your lab system
Install the Sun Java System Directory Server Enterprise Edition and Sun Java System Web Server software
Install the Access Manager software

Configuring and Deploying Access Manager and Policy Agent Software
Identify deployment components and list basic deployment scenarios
Identify Java ES installation options that impact deployment and describe Access Manager configuration
Configure Policy Agent instances and the secure sockets layer (SSL) with Access Manager
Start and stop Access Manager and Policy Agent instances
Secure the Access Manager web container
Configure the Access Manager instance
Configure the Example Chocolates web site
Install and configure Policy Agent software

Configuring Access Manager Realms
Describe realm and legacy modes
Describe data store types
Configure data stores
Describe Access Manager management tools
Create and configure realms
Prepare the Example Chocolates user directory
Create a realm using the CLI
Create and configure realms using the console and the CLI

Configuring Access Manager Services
Describe Access Manager services
Configure Access Manager services using the console
Configure Access Manager services using the CLI
Describe service configuration for new realms
Locate service files
Configure the Session Service using the CLI
Configure the Session Service using the console
Describe the service configuration for a new realm

Logging, Debugging, and Monitoring
Locate, configure, and interpret Access Manager log files and database tables
Locate and configure debug files
Locate and configure Policy Agent log files
Monitor Access Manager instances using Java ES monitoring
Review Access Manager log files
Log on to a relational database
Enable message-level debugging
Monitor Java ES objects (optional)

Configuring Authentication
Describe the Access Manager authentication process
Configure Access Manager authentication and sessions
Describe SSO
Configure a customized authentication interface
Configure data store authentication
Configure an authentication chain with multiple authentication module instances
Configure account lockout for a realm

Configuring Policy
Describe policy, policy architecture, policy components and policy storage
Administer policy
Configure policies using the console
Delegate administration
Configure a different default login URL in the Policy Agent
Create policies for the Example Chocolates web site
Create a policy that uses realm authentication
Delegate administration to users

Exploring Policy Evaluation
Describe policy evaluation principles
Examine a policy evaluation example
Locate policy evaluation request and policy decision documents and review the Access Manager policy log files

Analyzing Federated Identity Scenarios
Define federated identity
Identify business scenarios addressed by federated identity
Describe basic federated identity technologies and how they solve business problems
Describe federation frameworks
Describe the Security Assertion Markup Language (SAML)
Analyze business problems addressed by federated identity and describe technologies that provide solutions

Configuring SAML Version 1 Single Sign-On
Describe SAML 1 assertions, protocols, and bindings
Describe SAML 1 profiles
Configure SAML 1 support on Access Manager
Sign SAML assertions
Configure SSO using SAML version 1.1

Examining Advanced Federation
Describe advanced federated identity technologies
Identify advanced identity federation frameworks
Describe framework implementation in Access Manager
Federate accounts on an identity provider and a service provider
Federate and defederate accounts

Deploying Access Manager for High Availability
Describe cross-domain single sign-on (CDSSO)
Describe and configure distributed authentication
Describe and configure high availability
Perform advanced configuration
Configure and secure new Web Server instances
Configure a second Access Manager instance
Configure the Policy Agent to fail over to the second Access Manager instance
Configure the Policy Agent to work with load-balanced Access Manager instances