Generate the Authentication Manager Configuration File

You must configure communication between the authentication agents and AM. To do this, use the Security Console to generate a zip file (AM_Config.zip) that contains the AM configuration file, sdconf.rec. To configure communication, you copy sdconf.recto each agent host. The sdconf.rec file contains a snapshot of the server topology as it was when the file was generated. The agent uses the data in the sdconf.rec file as a backup.

The generated zip file also contains a failover.dat file that can be configured on the agent. The failover.dat file allows agent auto-registration to complete when the primary instance is unavailable or separated from the agent host by a firewall that uses Network Address Translation (NAT). This file includes a list of the primary and replica instances, and their alias IP addresses.

Before you begin 

• Make sure an agent is connected to AM.
• Review the configuration settings. See Configure Agent Settings.

Procedure 

1. In the Security Console, click Access > Authentication Agents > Generate Configuration File.
   
   
2. In the Maximum Retries drop-down list, select the number of times you want the authentication agent or identity router to attempt to establish communication with AM before returning the message Cannot initialize agent - server communications.
3. In the Maximum Time Between Each Retry drop-down list, select the number of seconds that you want to set between attempts by the authentication agent or identity router to establish communications with AM.
4. Click Generate Config File.
5. Click Download Now, and save AM_Config.zip to your local machine.

After you finish 

If you are configuring an agent:

• Copy AM_Config.zip, containing the sdconf.rec file and the failover.dat file, to each agent host. The agent uses the data in the sdconf.rec file as a backup.
• Configure the agent with the new sdconf.rec file and if necessary, the failover.dat file. For instructions, see your agent documentation.