To Configure the Application Server 9.1 / GlassFish 2.1 Agent in the Cluster

1. Start the DAS instance (but not the cluster instances).

2. Login to the DAS server (Host A).

3. Copy the agents configuration and library files from the DAS instance to the cluster configuration directory so that these files will be available to the remote instances:

   1. Change to the <BASE_DIR>/j2ee_agents/appserver_v9_agent directory, where <BASE_DIR> is where you unzipped the agent distribution file.

   2. Copy the config, lib, and locale directories to the cluster configuration directory. For example:

      /bin/cp -r Agent_001 config lib locale 
      ${com.sun.aas.instanceRoot}/config/agents30config/

   Agent_001 is the agent instance created by the agent installer (agentadmin).

   Now, you can manage the policy agent configuration files from the centralized location (in this case from the DAS). Any subsequent changes that you make in these directories must also be copied to the above location; otherwise, the cluster will not get the updates you make in the agent configuration files.

4. Create a text file named P_FILE containing the GlassFish administrator and master passwords. For example:

   P_FILE=/tmp/.gfpass
   echo 'AS_ADMIN_ADMINPASSWORD=adminpassword' > $P_FILE
   echo 'AS_ADMIN_PASSWORD=adminpassword' >> $P_FILE
   echo 'AS_ADMIN_MASTERPASSWORD=masterpassword' >> $P_FILE

5. Set the logging properties. For example:

   ./asadmin create-jvm-options --port 34848 --user admin --passwordfile $P_FILE 
   --target agents30config 
   "-Djava.util.logging.config.file=\${com.sun.aas.instanceRoot}
   /config/agents30config/config/OpenSSOAgentLogConfig.properties"

6. Set the compatibility mode to OFF. For example:

   ./asadmin create-jvm-options --port 34848 --user admin --passwordfile $P_FILE 
   --target agents30config "-DLOG_COMPATMODE=Off"

7. Create the agent authentication realm.

   ./asadmin create-auth-realm --port 34848 --user admin --passwordfile $P_FILE 
   --classname com.sun.identity.agents.appserver.v81.AmASRealm 
   --property jaas-context=agentRealm --target agents30-config agentRealm

8. Set the default realm to the agents realm. For example:

   ./asadmin set agents30-config.security-service.default-realm=agentRealm

9. Add the Classpath suffix. For example:

   ./asadmin set agents30-config.java-config.classpath-suffix="\${path.separator}/\$ 
   {com.sun.aas.instanceRoot}/config/agents30-config/lib/agent.jar\${path.separator}\$ 
   {com.sun.aas.instanceRoot}/config/agents30-config/lib/openssoclientsdk.jar\${path.separator}/\$ 
   {com.sun.aas.instanceRoot}/config/agents30-config/locale\${path.separator}\$ 
   {com.sun.aas.instanceRoot}/config/agents30-config/Agent_001/config"

   Note: The $ character is escaped with a backslash (\), which is required when the command is executed in the shell environment.

10. If you have enabled the Java Security Manager (that is, you have the -Djava.security.manager JVM option) for the cluster, you must allow permission to read the agent's JAR files located in the {com.sun.aas.instanceRoot}/config/agents30-config/lib directory.

    Edit the {com.sun.aas.instanceRoot}/config/server.policy file and append the following lines:

    grant codeBase "file:${com.sun.aas.instanceRoot}/config/agents30-config/lib/-" { 
    permission java.security.AllPermission; 
    }; 

11. Deploy the agent application (agentapp.war) on the cluster. For example:

    ./asadmin deploy --target agents30 --host hostA.example.com --port 34848 
    --availabilityenabled=true 
    /export/sun/j2ee_agents/appserver_v9_agent/etc/agentapp.war

    The agent application is required for the agent to receive notifications and to perform Cross Domain Single Sign-on (CDSSO).

12. Restart the DAS instance and then start the cluster instances.