Amster

Command-line reference

install-openam - install PingAM

Synopsis

install-openam [options]

Description

Command to install and setup an AM instance.

The following parameters are required:

--adminPwd amAdmin-password

Specifies the password of the amAdmin user. If the --cfgStoreDirMgrPwd option is not specified, this value is also the password of the configuration store’s directory manager user.

The password must be at least 8 characters in length.

--serverUrl protocol://FQDN:port/URI

Specifies the protocol, URL, port, and deployment URI of the AM instance. For example, https://am.example.com:8443/am.

The following options are available:

--acceptLicense

Indicates the user accepts Amster usage terms and conditions.

--authorizedKey path

The path to an SSH public key file. The content of this file is appended to the authorized_keys file of the newly-installed AM instance, allowing users to connect to it with Amster after the install completes.

Find more information about connecting to AM with Amster in Connect to AM.

--cfgDir path

The configuration directory where AM stores files, such as $HOME/am

--cfgStore dirServer

Set this to dirServer to install AM with an external DS server as the configuration store.

When you install AM with an external configuration store, you must also use an external identity store. By default, identities are stored in the same directory server instance as the configuration store.

You must use an external directory server for the configuration store. If you try to install AM with the --cfgStore embedded option, the installation fails with the following exception From AM 8, embedded DS configuration is not supported.

--cfgStoreAdminPort port

The administration port number for the configuration store, such as 4444.

--cfgStoreDirMgr username

The bind DN of the configuration store user account, such as uid=am-config,ou=admins,ou=am-config.

--cfgStoreDirMgrPwd password

The password for the bind DN. If not set, it takes the password defined for the --adminPwd option.

--cfgStoreHost FQDN

The FQDN of the configuration store directory server host, for example, ds.example.com.

--cfgStorePort port

The LDAPS or LDAP port number for the configuration store directory server, such as 1636 or 1389.

--cfgStoreRootSuffix DN

The root suffix DN for the configuration store, such as ou=am-config.

--cfgStoreSsl [SIMPLE|SSL]

Set this to SSL to use LDAP with SSL. DS is configured for LDAPS by default. To use LDAP without SSL, set this to SIMPLE.

--cookieDomain domain

The name of the trusted DNS domain AM returns to a browser when it grants a session ID to a user.

Default: FQDN used in the --serverUrl option

--installLocale locale

The locale to use during the install process.

Default: en_US

--lbPrimaryUrl URL

The load balancer URL of the site, such as https://lb.example.com:443/am

--lbSiteName name

The name of the site to create, if any.

--platformLocale locale

The default locale for the AM installation.

Default: en_US

--pwdEncKey key

The encryption key value used to encrypt passwords in the AM instance. For example O6QWwHPO4os+zEz3Nqn/2daAYWyiFE32.

If you’re installing an AM instance that will use existing data, you must provide the same encryption key value originally used to encrypt the passwords in those data stores.

To locate the encryption key value in an AM instance, navigate to Deployment > Servers > Server Name > Security > Encryption.

If you are installing a new AM instance that won’t use existing data in a data store, you can leave this property empty. AM generates a random encryption key during installation to encrypt the data that will be added to the data store.

This option is required when configuring an AM instance into a site, and must be set to the encryption key configured for the rest of the servers in the site. Failure to set this option to the appropriate value will cause the original encryption key to be overwritten, which will render the site unable to read the configuration, and the identity stores.

Default: No value; a random encryption key is generated during installation

--userStoreDirMgr username

The bind DN of the identity store user account, such as uid=am-identity-bind-account,ou=admins,ou=identities.

--userStoreDirMgrPwd password

The password for the bind DN.

--userStoreDomainName FQDN

The Active Directory Domain Name, such as ad.example.com, when the --userStoreType option is set to LDAPv3ForADDC.

--userStoreHost FQDN

The FQDN of the identity store directory server, such as ds.example.com.

--userStorePort port

The LDAPS or LDAP port number for the identity store. Default for LDAPS is 636 and for LDAP is 389.

--userStoreRootSuffix DN

The root suffix DN for the identity store, such as ou=identities.

--userStoreSsl [SIMPLE|SSL]

Set this to SSL to use LDAP with SSL. DS is configured for LDAPS by default. To use LDAP without SSL, set this to SIMPLE.

--userStoreType type

The type of directory server used for the identity store. Possible values for type are:

  • LDAPv3ForOpenDS, for DS stores.

  • LDAPv3ForAD, for Active Directory with host and port settings.

  • LDAPv3ForADDC, for Active Directory with domain name setting.

  • LDAPv3ForADAM, for Active Directory Application Mode.

When using the LDAPv3ForADDC store type, set up the --userStoreDomainName option to the Active Directory Domain Name, for example ad.example.com. Default: Not set