isamcfg Security Access Manager appliance configuration worksheet

Use the worksheet for the isamcfg command-line tool to collect the information you need about the configuration properties before you run the tool.

Description of properties

Note: If you are upgrading the Advanced Access Control module, see the installation and configuration instructions.
Select/deselect the capabilities you would like to configure by typing its number.

By default, the tool selects context-based authorization, authentication service, and API protection. You can configure all of them at the same time. If you do not want to configure them all, clear the capability that you do not want to configure by selecting its corresponding number.

Context-based Authorization

Configure this capability if your environment requires the use of behavioral and contextual data analytics to calculate the risk of a transaction.

Authentication service

Configure this capability if your environment requires the use of a step-up authentication type of authentication.

API Protection

Configure this capability if your environment requires the use of an OAuth authentication type to protect your Application Programming Interface (API).

Advanced Access Control Local Management Interface hostname
Enter the Local Management Interface hostname or IP address.
Advanced Access Control Local Management Interface port

Specify the port number of the Local Management Interface. The tool displays a port number.

Example value: 443

Press Enter to use the displayed port or enter your preferred port.

Advanced Access Control administrator user ID

Press Enter to use the displayed user ID or enter your preferred user ID.

Advanced Access Control administrator password

Enter the corresponding administrator password.

SSL certificate data valid (y/n)

Press y to validate that the displayed SSL certificate values are valid otherwise, press n.

Security Access Manager Appliance Local Management Interface hostname

Enter the Security Access Manager Appliance Local Management Interface hostname or IP address. The tool might display a value. Press Enter to use the displayed value or enter your preferred hostname or IP address.

Security Access Manager Appliance Local Management Interface port

Specify the port number of the Local Management Interface port. The tool displays a port number.

Example value: 443

Press Enter to use the port or enter your preferred port.

Security Access Manager Appliance administrator user ID
Press Enter to use the user ID or enter your preferred user ID.
Security Access Manager Appliance administrator password
Enter the corresponding administrator password.
SSL certificate data valid (y/n)

Press y to validated that the displayed SSL certificate values are valid otherwise, press n.

Instance to configure
The tool displays the available instances that you can configure in a list. Select the instance that you would like to configure.
Security Access Manager administrator user ID

Press Enter to use the displayed user ID or enter your preferred user ID.

Security Access Manager administrator password

Enter the corresponding administrator password.

Security Access Manager domain name [Default]:
Enter the corresponding domain name.
Advanced Access Control runtime listening interface hostname

Enter the hostname or IP address of the runtime listening interface for the appliance that has Advanced Access Control activated.

Example value: 172.16.229.10

Advanced Access Control runtime listening interface port

Specify the port number of the runtime listening interface for the appliance that has Advanced Access Control activated.

Example value: 443

Select the method for authentication between WebSEAL and the Advanced Access Control runtime listening interface
Certificate authentication
Use a certificate to authenticate between WebSEAL and the Advanced Access Control runtime listening interface.
User ID and password authentication
Use credentials to authenticate between WebSEAL and the Advanced Access Control runtime listening interface.

The default username is easuser and the default password is passw0rd.

Advanced Access Control runtime listening interface user ID:

Press Enter to use the displayed user ID or enter your preferred user ID.

Advanced Access Control runtime listening interface password:

Enter the corresponding Advanced Access Control runtime listening interface password.

SSL certificate data valid (y/n):

Press y to validated that the displayed SSL certificate values are valid otherwise, press n.

Automatically add CA certificate to the key database (y/n)
Press y if you want to automatically add the CA certificate to the key database, otherwise press n.
Note: Web Reverse Proxy instance restarts if y is selected.
The CA certificate already exists in the key database. Replace the CA certificate? (y/n)
Press y if you want to automatically replace the CA certificate to the key database, otherwise press n.
The following files are available on the Security Access Manager Appliance.
Choose one file for the following pages:
  • The 400 Bad Request response page. The default page is oauth_template_rsp_400_bad_request.html.
  • The 401 Unauthorized response page. The default page is oauth_template_rsp_401_unauthorized.html.
  • The 502 Bad Gateway response page. The default page is oauth_template_rsp_502_bad_gateway.html.

If you are not running theisamcfg tool on the appliance, you can choose Cancel to upload a local file.

If you are running theisamcfg tool on the appliance, you must upload your custom response file. Upload the file to the Security Access Manager appliance first before you run the isamcfg tool so that the file is displayed as an option. See Uploading OAuth response files.

The junction mga contains endpoints that require Authorization HTTP header to be forwarded to the backend server. Do you want to enable this feature? [y|n]?
Press y to allow endpoints that require Authorization HTTP header to be forwarded to the backend server. Otherwise, press n.