Enhancements and Changes for Java EE Agents in the Policy Agent 3.0-01 Release

• Support is added for GlassFish v3

• Issue 5633: New property is added to reset session idle time for not-enforced URLs

• Issue 6107: JBoss Application Server agent supports custom principal feature

• Issue 6108: JBoss Application Server agent redirects to the client's requested URI

Version 3.0 and later Java EE agents require JDK 1.5 or later on the server where you plan to install the agent. Although some web containers such as JBoss Application Server 4.x and Application Server 8.x can run using JDK 1.4, JDK 1.5 or later is required for both the agent web container and the agentadmin program.

Support is added for GlassFish v3

The version 3.0–01 Java EE agent for Sun Java System Application Server and GlassFish v2 also supports GlassFish v3. See also Patch IDs for Java EE Agents in the Policy Agent 3.0-01 Release.

Issue 5633: New property is added to reset session idle time for not-enforced URLs

Version 3.0–01 Java EE agents include the following new property to specify whether the session idle timeout should be reset after a user with a valid session accesses a URL in the not-enforced list:

com.sun.identity.agents.config.notenforced.refresh.session.idletime

Values for this property can be:

• true: The session idle time is reset after a user with a valid session accesses a URL in the not-enforced list.

• false (default): The session idle time is not reset.

Set this property depending on the location of the agent's configuration repository. If the repository is local to the agent's host server, add the property to the agent's OpenSSOAgentConfiguration.properties file and restart the OpenSSO server instance.

If the agent's configuration repository is centralized, use the OpenSSO Administration Console as follows:

1. Log in to the OpenSSO Administration Console.

2. Click Access Control, realm-name, Agents, J2EE, j2ee-agent-name, and then Advanced.

3. Under Custom Properties, add the new property with its corresponding value.

4. Click Save.

Issue 6107: JBoss Application Server agent supports custom principal feature

JBoss Application Server 4.x and 5.x login modules support the custom principal feature, which allows users to specify a custom principal in the JBoss AS configuration. The version 3.0–01 agent for JBoss AS 4.x and 5.x also supports the custom principal feature.

To use this feature, add the following line to the <login-module> element in the JBOSS_HOME/server/default/conf/am-login-config.xml file:

<module-option name = "principalClass">com.sample.CustomPrincipal</module-option>

For example, the <login-module> element should then be as follows:

<login-module code = "com.sun.identity.agents.jboss.v40.AmJBossLoginModule" 
                  flag = "required">
    <module-option name = "unauthenticatedIdentity">anonymous</module-option>
    <module-option name = "principalClass">com.sample.CustomPrincipal</module-option>
</login-module>

In this example, com.sample.CustomPrincipal is the custom principal implementation class name. This class must be in the JBoss AS classpath.

Issue 6108: JBoss Application Server agent redirects to the client's requested URI

If the requested URI is using J2EE_POLICY or ALL filter mode and a user accesses a resource protected with J2EE policies by the version 3.0–01 JBoss AS 4.x and 5.x agent, the user is redirected to the client's requested resource after authentication by OpenSSO 8.0 server. Previously, the user was redirected to the client's home page.