Installing and Configuring the Policy Agent (Sun Identity Manager 8.1 Resources Reference)

Sun Identity Manager 8.1 Resources Reference

Installing and Configuring the Policy Agent

You must install the appropriate Access Manager Policy Agent on the Identity Manager server. The Policy Agent can be obtained from the following location:

http://wwws.sun.com/software/download/inter_ecom.html#dirserv

Follow the installation instructions provided with the Policy Agent. Then perform the following tasks.

Edit the AMAgent.properties File

The AMAgent.properties file must be modified so that Identity Manager can be protected. It is located the following directory:

Windows: \AgentInstallDir\es6\config\_PathInstanceName\
UNIX: /etc/opt/SUNWam/agents/es6/config/_PathInstanceName/

Be sure to use the files located the preceding directories. Do not use the copy located in the AgentInstallDir\config directory.

Editing the AMAgent.properties File

Locate the following lines in the AMAgent.properties file.

com.sun.identity.agents.config.cookie.reset.enable = false
com.sun.identity.agents.config.cookie.reset.name[0] =
com.sun.identity.agents.config.cookie.reset.domain[] =
com.sun.identity.agents.config.cookie.reset.path[] =

Edit these lines as follows.

com.sun.identity.agents.config.cookie.reset.enable = true
com.sun.identity.agents.config.cookie.reset.name[0] = AMAuthCookie
com.sun.identity.agents.config.cookie.reset.domain[0] = .example.com
com.sun.identity.agents.config.cookie.reset.path[0] = /

Add the following lines.

com.sun.identity.agents.config.cookie.reset.name[1] = iPlanetDirectoryPro
com.sun.identity.agents.config.cookie.reset.domain[1] = .example.com
com.sun.identity.agents.config.cookie.reset.path[1] = /

Locate the following lines.

com.sun.identity.agents.config.profile.attribute.fetch.mode = NONE
com.sun.identity.agents.config.profile.attribute.mapping[] =

Edit these lines as follows

com.sun.identity.agents.config.profile.attribute.fetch.mode = HTTP_HEADER
com.sun.identity.agents.config.profile.attribute.mapping[uid] = sois_user

You must restart the web server for your changes to take effect.

Create a Policy in Access Manager

From within the Access Manager application, create a new policy named IDMGR (or something similar) with the following rules:

Service Type	Resource Name	Actions
URL Policy Agent	http://server:port/idm	Allow GET and POST actions
URL Policy Agent	http://server:port/idm/*	Allow GET and POST actions

Assign one or more subjects to the IDMGR policy.