isamcfg - appliance configuration worksheet
Use this worksheet for the isamcfg command-line tool to collect the information we need about the configuration properties before running the tool. If we are upgrading the Advanced Access Control (AAC) module, see the installation and configuration instructions.
- Select/deselect the capabilities to configure by typing its number.
By default, the tool selects context-based authorization, authentication service, and API protection. We can configure all of them at the same time. If we do not want to configure them all, clear the capability that we do not want to configure by selecting its corresponding number.
- Context-based Authorization
Configure if the environment requires the use of behavioral and contextual data analytics to calculate the risk of a transaction.
- Authentication service
Configure if the environment requires the use of a step-up authentication type of authentication.
- API Protection
Configure if the environment requires the use of an OAuth authentication type to protect your Application Programming Interface (API).
- AAC LMI hostname
- Enter the LMI hostname or IP address.
- AAC LMI port
Port number of the Local Management Interface. The tool displays a port number. Example value: 443
- AAC administrator user ID
Press Enter to use the displayed user ID or enter your preferred user ID.
- AAC administrator password
Enter the corresponding administrator password.
- SSL certificate data valid (y/n)
Press y to validate the displayed SSL certificate values are valid otherwise, press n.
- ISAM Appliance Local Management Interface hostname
Enter the ISAM Appliance LMI hostname or IP address. The tool might display a value. Press Enter to use the displayed value or enter your preferred hostname or IP address.
- ISAM Appliance Local Management Interface port
Port number of the LMI port. The tool displays a port number. Example: 443
Press Enter to use the port or enter your preferred port.
- ISAM Appliance administrator user ID
- Press Enter to use the user ID or enter your preferred user ID.
- ISAM Appliance administrator password
- Enter the corresponding administrator password.
- SSL certificate data valid (y/n)
Press y to validated the displayed SSL certificate values are valid otherwise, press n.
- Instance to configure
- The tool displays the available instances that we can configure in a list. Select the instance that to configure.
- Security Verify Access administrator user ID
Press Enter to use the displayed user ID or enter your preferred user ID.
- Security Verify Access administrator password
Enter the corresponding administrator password.
- ISAM domain name [Default]:
- Enter the corresponding domain name.
- AAC runtime listening interface hostname
Enter the hostname or IP address of the runtime listening interface for the appliance that has AAC activated. For example: 172.16.229.10
- AAC runtime listening interface port
Port number of the runtime listening interface for the appliance that has AAC activated. For example: 443
- Select the method for authentication between WebSEAL and the Advanced Access Control runtime listening interface
- Certificate authentication
- Use a certificate to authenticate between WebSEAL and the AAC runtime listening interface.
- User ID and password authentication
- Use credentials to authenticate between WebSEAL and the AAC runtime listening interface. The default username is easuser and the default password is passw0rd.
- AAC runtime listening interface user ID:
Press Enter to use the displayed user ID or enter your preferred user ID.
- AAC runtime listening interface password:
Enter the corresponding AAC runtime listening interface password.
- SSL certificate data valid (y/n):
Press y to validated the displayed SSL certificate values are valid otherwise, press n.
- Automatically add CA certificate to the key database (y/n)
- Press y if we want to automatically add the CA certificate to the key database, otherwise press n. web reverse proxy instance restarts if y is selected.
- The CA certificate already exists in the key database. Replace the CA certificate? (y/n)
- Press y if we want to automatically replace the CA certificate to the key database, otherwise press n.
- The following files are available on the ISAM Appliance.
Page Default 400 Bad Request response oauth_template_rsp_400_bad_request.html 401 Unauthorized response page oauth_template_rsp_401_unauthorized.html 502 Bad Gateway response oauth_template_rsp_502_bad_gateway.html
If we are not running the isamcfg tool on the appliance, we can choose Cancel to upload a local file.
If we are running the isamcfg tool on the appliance, we must upload the custom response file. Upload the file to the ISAM appliance first before running the isamcfg tool so the file is displayed as an option. See Uploading OAuth response files.
- The junction mga contains endpoints that require Authorization HTTP header to be forwarded to the backend server. Do we want to enable this feature? [y|n]?
- Press y to allow endpoints that require Authorization HTTP header to be forwarded to the backend server. Otherwise, press n.
Parent topic: isamcfg reference