For production deployment, most customers prefer the OpenAM Administration Console not to be exposed to the Internet. Instead, they'll like the Admin Console to be accessible within the Intranet.
The solution is to deploy a OpenAM Core Only distribution in the Internet; while deploying a OpenAM Console Only distribution in the Intranet.
After deploying OpenAM Core Only, you'll still get the Login Page. There's no difference in behavior from the out-of-the-box installation.
The only difference is when you attempt to login. Once you have successfully authenticated, you'll be shown the following page.
The JSPs for the console pages have been stripped off. As such, the requested resource is not available.
This type of deployment is useful if the OpenAM Login Page is not utilized for end-users' authentication purpose.