Enhancements and Changes for Web Agents in the Policy Agent 3.0-01 Release

• CR 6891373: New Properties Support POST Data Preservation With Sticky Sessions

• CR 6903850: Wildcard (*) Support Added for Not-Enforced Client IP List

• CR 6947499: NSS_STRICT_NOFORK Must be Disabled for Version 3.0–01 Apache Agents

For more information about web agent properties, see the Sun OpenSSO Enterprise Policy Agent 3.0 User’s Guide for Web Agents.

CR 6891373: New Properties Support POST Data Preservation With Sticky Sessions

In the 3.0–01 release, new properties support POST data preservation with sticky sessions configured. If you are using POST data preservation with a load balancer deployed in front of the agent, set the following properties for sticky sessions:

• com.sun.am.policy.agents.config.postdata.preserve.stickysession.mode specifies the sticky session mode. The values can be COOKIE if the load balancer uses a cookie to get the sticky session or URL if the load balancer uses a query parameter in the URL to get the sticky session. For example:

  com.sun.am.policy.agents.config.postdata.preserve.stickysession.mode = URL

• com.sun.am.policy.agents.config.postdata.preserve.stickysession.value specifies the name and value of the cookie or query parameter used for the sticky session. For example:

  com.sun.am.policy.agents.config.postdata.preserve.stickysession.value = AgentID=01

Important: For a sticky session to be set, you must set both of these properties correctly (and not to null).

These new properties are in the OpenSSOAgentConfiguration.properties file. Set these properties depending on the location of your agent's configuration repository. If the repository is local to the agent's host server, edit the agent's OpenSSOAgentConfiguration.properties file.

If the agent's configuration repository is centralized, use the OpenSSO Console:

1. Log in to the OpenSSO Administration Console.

2. Click Access Control, realm-name, Agents, Web, web-agent-name, and then Advanced.

3. Under Custom Properties, add both new properties with their corresponding values.

4. Click Save.

CR 6903850: Wildcard (*) Support Added for Not-Enforced Client IP List

The policy agent com.sun.identity.agents.config.notenforced.ip property in the OpenSSOAgentConfiguration.properties file now allows the wildcard character (*) to define an IP address. For example:

com.sun.identity.agents.config.notenforced.ip[2] = 192.168.11.*
com.sun.identity.agents.config.notenforced.ip[3] = *.10.10.*

Set this agent property depending on the location of your agent configuration repository. If the repository is centralized on the OpenSSO server, use the OpenSSO Console. If the repository is local to the agent's host server, edit the agent's OpenSSOAgentConfiguration.properties file.

CR 6947499: NSS_STRICT_NOFORK Must be Disabled for Version 3.0–01 Apache Agents

The NSS and NSPR libraries used in the policy agent 3.0–01 release have changed since the version 3.0 agents were released. Therefore, to use the version 3.0–01 Apache HTTP Server 2.0.x or Apache HTTP Server 2.2.x policy agent on any platform, the NSS_STRICT_NOFORK environment variable must be set to DISABLED.