Previous     Contents     Index     Next     
iPlanet Directory Server Access Management Edition Installation and Configuration Guide



Chapter 6   Installing URL Policy Agents


iPlanet Directory Server Access Management Edition (DSAME) provides URL policy agents to enforce the access policies you create. The agents work with DSAME to grant or deny access over HTTPS to the content stored on Web Servers in your enterprise. This chapter explains how to install and enable URL policy agents.

Topics in this chapter include:



How URL Policy Agents Work

DSAME URL policy agents protect content on your web servers from unauthorized intrusions. When URL policy agents are installed, and a user points a browser to a particular URL on a protected web server, four things happen:

  1. The agent interrupts the request and causes the appropriate DSAME authentication service to present a login page. The login page prompts the user for credentials such as username and password.

  2. The authentication service verifies that the username and password are valid. In Figure 6-1, the default LDAP authentication service verifies that the username and password are stored in Directory Server. (You might use other authentication modules such as RADIUS or Certificate modules. In such cases, credentials are not verified by Directory Server; they are verified in a RADIUS or certificate database.)

  3. If the user's credentials are properly authenticated, the Policy service examines all the roles assigned to the user.

  4. Based on the aggregate of all policies assigned to the user, the individual is either allowed or denied access to the URL.

Figure 6-1    URL policy agent allows or denies access over HTTPS to files on your Web Server.


When you run the DSAME installation program, you're given the opportunity to install a URL policy agent on the Web Server that runs the DSAME policy and management services. When you install an agent on this Web Server, you can restrict users from accessing pages on the server over HTTPS. You can install additional URL policy agents to protect access to pages on other servers in your enterprise, too.

Figure 6-2    URL policy agents protect web server content.

In Figure 6-2, URL policy agents are installed on additional web servers for a variety of reasons. For example, the agent on the Human Resources server prevents non-Human Resource personnel from viewing confidential salary information and other sensitive data. The agent on the Operations web server allows only network administrators to view network status reports or to modify network administration records. The Engineering server allows authorized personnel from many parts of the company to publish and share research and development information, while restricting access to external partners who have access to the company's enterprise.

In each of these situations, a system administrator has set up policies which allow or deny users access to content on a web server. For information on setting policies and for assigning roles and policies to users, see the Administrator's Guide.

This chapter explains how to install URL policy agents to meet three different objectives:

  • To protect content on the Web Server running DSAME services.

  • To protect content on any other (remote) Web Server.

  • To provide failover protection if the Web Server running DSAME Policy and Management services becomes unavailable.



Protecting the Web Server That Runs DSAME Services

When you install a URL Policy agent on the Web Server that runs the Policy and Management services, you ensure that only authorized users can access content on the server over HTTP. If the user is not authorized, the agent will display an "Access Denied" message.

To protect the Web Server which runs the DSAME services, you must run the DSAME installation program. You can install the agent when you first install the Policy and Management services, or you can run the installation program any time afterward and install the agent as a stand-alone entity.


To Install a Policy Agent with the Policy and Management Services

  1. Run the DSAME installation program. Follow the instructions in Chapter 4 "Simple Installations with No Existing Directory Server" or in Chapter 5 "Using an Existing Directory Server," as appropriate. During installation, when prompted, provide the following information:

    Do you want to install the Agents on this host? enter y for Yes.

    What is the deployment URI prefix for the DSAME Agents? The Universal Resource Indicator (URI) prefix tells the Web Server where to look for HTML pages the agent needs to display. For example, when a user attempts to access a URL, but cannot provide proper credentials, the agent must display an "Access denied" message. The URI prefix tells the Web Server where to look for the HTML page that contains the message.

    The default URI prefix is amagent. You can enter a different name.

  2. When the installation program finishes installing the Agent, exit the program.

  3. Restart the Web Server that runs the DSAME Policy and Management Services. At the command line, enter the following command:

         # /etc/init.d/amserver start

You can configure the agent to run in SSL mode. For detailed instructions, see "Step 3: (Optional) Install and Configure a URL Policy Agent for SSL".



Protecting Content on Remote Web Servers


A remote Web Server in a DSAME deployment is any Web Server that is not the one dedicated to running DSAME Policy and Management services. It is "remote" relative to the DSAME-dedicated Web Server. You can install agents on any number of remote Web Servers in your enterprise.
Note You can only use the DSAME installation program to install one agent per computer system. If you have more than one Web Server instance installed on a computer, you must manually install the additional agents. See "Installing Multiple Policy Agents on the Same Computer System."



Providing Failover Protection for DSAME Agents

When you install a URL Policy agent, you can specify a failover or backup Web Server for running the DSAME Policy and Management services. This ensures that when the primary Web Server becomes unavailable, the agent can still process access requests through the secondary or failover Web Server. Figure 6-3 illustrates how the agent failover works.

Figure 6-3    Policy Agent failover.


To Set Up Failover Protection for the URL Policy Agent

  1. Install two different instances of DSAME on two separate Web Servers. Follow the instructions in Chapter 4 "Simple Installations with No Existing Directory Server" on page 115, or in Chapter 5 "Using an Existing Directory Server" on page 115 as appropriate.

  2. Follow the instructions in the next section, "To Install the Policy Agent on a Remote Web Server".


To Install the Policy Agent on a Remote Web Server

You must have root permissions when you run the DSAME installation program. Be sure all web browsers are closed before starting the installation program.

  1. If you're installing DSAME from the product CD, insert the CD into the drive of the system on which you want to install the software.

    If you've downloaded the product, unpack the product binaries file using the following command:

# gunzip -dc dsame-5.0-domestic-us.sparc-sun-solaris2.8.tar.gz | tar -xvof -

  1. Run the aminstall program. On the product CD, you'll find the program in the directory /cdrom/DSAME_50. If you've downloaded the product binariers, you'll find the program in the directory where you untarred the binary files.

    At the command line, enter aminstall.

    The aminstall command accepts the following -v [verbose] option. The verbose option gives brief progress messages as the actions of the install program take place. Otherwise, installation messages are written to log files in the following directory:

      /var/opt/SUNWam/install

  2. Read the License Agreement. When prompted, Do you agree to the license terms? Enter y for Yes.

  3. If the following message does not display, then skip to the step 5.
    One or more components that are part of DSAME 5.0 have been detected on this system.

    If you are going to install components which already exist, you must uninstall them first.

    What would you like to do?
    1)Remove existing components, then continue installation.
    2)Continue installation without removing existing components.
    3)Exit

    • If the message (above) is displayed, and you want to re-install an agent listed in the message, then enter 1 to remove the existing agent. After uninstallation, the installation program will automatically start again from the beginning.

    • If the message (above) is displayed, and an agent is not listed, then enter 2 to proceed to the next step.

  4. The following options are displayed.
    Select which option to install:

    1) DSAME Services
    2) DSAME Agent only
    3) iPlanet Directory Server 5.1
    4) iPlanet Directory Server Configuration for DSAME
    5) Exit

    When prompted, provide the following information:

    Select which component to install: Enter 2.

    Do you want to install the agent on a Proxy Server? If you want to install the URL policy agent on iPlanet Proxy Server 3.6, enter y for Yes. Then provide information about the Proxy Server installation path, host name, and port number as prompted. If you enter n for No, the installation program continues skips to the following question.

    What directory do you want to install the Agent in? Enter a full path to the directory on the remote Web Server host computer where the agent will be installed.

    What directory is the Web Server installed in which will contain the agent? Enter a full path to the directory where the remote Web Server is installed. This is the Web Server that the agent will protect.

    What is the host name of the machine running the DSAME Agent? Enter the name of the computer system where the remote Web Server is installed. In the name mycomputer.organization_name.madisonparc.com, the host name is mycomputer.

    What is the sub-domain name ("." for none)? For example, in the name mycomputer.organization_name.madisonparc.com, the sub-domain name is organiation_name. If your host computer does not have a sub-domain, enter a period (.).

    What is the domain name? For example, in the name mycomputer.organization_name.madisonparc.com, the domain name is madisonparc.com

    What is the Web Server Instance? Enter the Server ID for the instance of Web Server the agent will protect. To determine the Server ID, look in the directory where Web Server is installed. You'll see a subdirectory with a name formed by the prefix "https-" and Server ID for Web Server.

    For example, the directory named https-WebServer1.mycompany.com was created for the instance named WebServer1.mycompany.com.

    What port is the Web Server containing the DSAME Agent running on? Enter the port number for the remote Web Server. This is the server that will be protected by the agent.

    What is the Agent Web Server protocol?

    • If the Web Agent will communicate with Web Server via HTTP, enter HTTP.

    • If the Web Agent will communicate over SSL, enter HTTPS.

    Do you want to setup a Failover DSAME Server for the agent? See "Providing Failover Protection for DSAME Agents" for more information. If you enter y for Yes, you'll be prompted for the following:

    What is the host name of the machine? Enter the name of the computer system on which the primary DSAME Policy and Management services are installed. For example, in the fully qualified domain name, mymachine.org_name.madisonpak.com, the host machine name is mymachine.

    What is the Failover DSAME Server? Enter the name of the computer system on which the secondary DSAME Policy and Management services are installed. For example, in the fully qualified domain name, mymachine.org_name.madisonpak.com, the host machine name is mymachine.

    What is the sub-domain name ("." for none)? For example, in the name mycomputer.organization_name.madisonparc.com, the sub-domain name is organiation_name. If your host computer does not have a sub-domain, enter a period (.).

    What is the domain name? For example, in the name mycomputer.organization_name.madisonparc.com, the domain name is madisonparc.com

    What is the Failover DSAME Server port? Enter the port number of the secondary Web Server.

    What is the deployment URI prefix for the DSAME Agents? The Universal Resource Indicator (URI) prefix tells the Web Server where to look for HTML pages the agent needs to display. For example, when a user attempts to access a URL, but cannot provide proper credentials, the agent must display an "Access denied" message. The URI prefix tells the Web Server where to look for the HTML page that contains the message.

    The default URI prefix is amagent. You can enter a different name.

    Failover Server Port. Enter the port number of the secondary Web Server.

    The Super Administrator user id is: Enter amAdmin. This is the Super Administrator for DSAME.

    Admin password: Enter the password for the user amAdmin.

    Are all settings correct? If the settings displayed are not correct, enter n for No and the installation program will start again from close to the beginning. If the settings are correct, enter y for Yes to continue with the installation.

  5. When the following message displays, enter 5 to exit the program.
    Select which component to install:

    1) DSAME Services
    2) DSAME Agent only
    3) iPlanet Directory Server 5.1
    4) iPlanet Directory Server Configuration for DSAME
    5) Exit

You can configure the agent to run in SSL mode. For detailed instructions, see "Step 3: (Optional) Install and Configure a URL Policy Agent for SSL".



Installing Multiple Policy Agents on the Same Computer System


The URL policy agent is bundled in the SUNWamagt package. The DSAME installation program can install only one instance of this Solaris package per computer system. If multiple Web Server instances are installed on one computer system, you can use the installation program to install one agent for one Web Server instance. But you cannot use the installation program to install an additional agent on a second Web Server instance. You must manually perform some steps to install the second agent.
Note If the second instance of Web Server uses Web Server 4.1, the steps are slightly different from the steps for Web Server 6.x.


The procedures in this section are useful if you have multiple instances of Web Server installed on a remote computer system, or on the Web Server that runs DSAME Management and Policy services. For example, a Human Resources computer system may have one instance of Web Server for benefits information that is accessible to all employees in a company. The same computer system may have a separate instance of Web Server for compensation information that is accessible only to managers in the company.

You can use the same instructions for installing multiple agents on the Web Server that runs DSAME services. However, in most cases, iPlanet recommends that only one instance of Web Server is installed on the computer system where DSAME services are installed.


To Install a Second Agent on the Same Computer (Using iPlanet Web Server 6.x)

The examples in these steps assume the following:

    • WebServer1 and WebServer2 are installed on the same computer system..

    • DSAME Policy and Management Services are installed on a different computer system..

    • WebServer1 is installed in the directory /WebServer1_root.

    • The policy agent for this Web Server will be installed in the directory /WebServer1_root/agent.

    • WebServer2 uses Web Server 6x, and is installed in the directory /WebServer2_root

    • The policy agent for this Web Server will be installed in the directory /WebServer2_root/agent

  1. Run the DSAME installation program to install the first URL policy agent on WebServer1. Follow the instructions in "Protecting Content on Remote Web Servers".

    The following files are installed in the directory you specified for installing the agent:

    • /WebServer1_root/agent/SUNWam/web-apps/agent/WEB-INF/lib/libamUrlAccessAgentversion.so

    • /WebServer1_root/agent/SUNWam/web-apps/agent/WEB-INF/lib/am_agent.jar

    • /WebServer1_root/agent/SUNWam/web-apps/agent/WEB-INF/config/AMConfig.properties

    • /WebServer1_root/agent/SUNWam/web-apps/agent/html/URLAccessDenied.html

  2. Create a subdirectory in the directory where WebServer2 is installed. For example: /WebServer2_root/agent

  3. In the directory /WebServer2_root/agent, copy the following three files from /WebServer1_root/agent:

    • WebServer1_root/SUNWam/web-apps/agent/WEB-INF/lib/libamUrlAccessAgentversion.so

    • /WebServer1_root/SUNWam/web-apps/agent/WEB-INF/lib/am_agent.jar

    • /WebServer1_root/SUNWam/web-apps/agent/WEB-INF/config/AMConfig.properties

  4. In the directory /WebServer2_root/docs, create a subdirectory. For example: /WebServer2_root/docs/am_agent.

  5. In the directory /WebServer2_root/docs/am_agent, copy the following file:

    • /WebServer1_root/SUNWam/web-apps/agent/html/URLAccessDenied.html

  6. Edit the file jvm12.conf.

    1. Make a backup copy of the file /WebServer2_root/https-server_id/config/jvm12.conf.

    2. In the file /WebServer2_root/https-server_id/config/jvm12.conf, add /WebServer2_root/agent/am_agent.jar to the jvm.classpath.    

      Example:

      [JVMConfig]
      #jvm.minHeapSize=1048576
      #jvm.maxHeapSize=16777216
      #jvm.enableClassGC=0
      #jvm.verboseMode=1
      #jvm.enableDebug=1
      #jvm.printErrors=0
      #jvm.option=-Xrunoii
      #jvm.profiler=optimizeit
      #jvm.disableThreadRecycling=0
      #jvm.serializeAttach=0
      #jvm.stickyAttach=0
      #jvm.trace=5
      #jvm.allowExit=0
      #jvm.option=-Xrunjdwp:transport=dt_socket,
      #jvm.option=-Xnoagent
      #jvm.option=-classic
      #java.compiler=NONE
      #OPTITDIR=D:/App/IntuitiveSystems/OptimizeIt30D
      #nes.jsp.enabledebug=1
      #jvm.include.CLASSPATH=0
      #nes.jsp.forkjavac=0
      #jvm.serializeFirstRequest=0
      jvm.option=-Xrs
      #jvm.option=-server
      jvm.classpath=/export3/plugins/servlets/examples/legacy/beans.10 /SDKBeans10.jar:/WebServer2_root/agent/am_agent.jar
      #jvm.option=-Xbootclasspath:<JAVA_HOME>/lib/tools.jar:<JAVA_HOME >/jre/lib/rt.jar

  7. Edit the file magnus.conf.

    1. Make a backup copy of the file WebServer2_root/https-server_id/config/magnus.conf

    2. In the file WebServer2_root/https-server_id/config/, after the last Init directive, insert the following lines:

      Init fn="load-modules" shlib="/WebServer2_root/SUNWam/web-apps/agent/WEB-INF/lib/libamU rlAccessAgentversion.so" funcs="web_agent_init,validate_session_policy"
      Init fn="web_agent_init" dsameconfdir="/WebServer2_root/SUNWam/web-apps/agent/WEB-INF/con fig" LateInit="yes"
      Init fn="pool-init" disable="false"

  8. Edit the file obj.conf.

    1. Make a backup copy of the file /WebServer2_root/https-server_id/config/obj.conf.

    2. In the file /WebServer2_root/https-server_id/config/obj.conf , after the last PathCheck in the file, insert this line:

      PathCheck fn=validate_session_policy

    Example:
    <Object name="default">
    NameTrans fn="admin-uri2path" root="/export3/https-admserv/config"
    NameTrans fn="NSServletNameTrans" name="servlet"
    NameTrans fn="pfx2dir" from="/servlet" dir="/export3/docs/servlet" name="ServletByExt"
    PathCheck fn="admin-check-admpw" admpwfile="/export3/https-admserv/config/admpw" admdns="*.iplanet.com" admip="*" final=true
    PathCheck fn=find-pathinfo
    PathCheck fn="unix-uri-clean"
    PathCheck fn=find-index index-names="index.html"
    PathCheck fn=validate_session_policy

    ObjectType fn="type-by-extension"
    ObjectType fn="force-type" type="magnus-internal/cgi"
    Service fn="send-cgi" type="magnus-internal/cgi"
    Service fn="NSServletService" type="magnus-internal/jsp"
    Service fn="imagemap" method="GET" type="magnus-internal/imagemap"
    Service fn="send-file" method="GET"
    Error fn="admin-error" reason="server error"
    AddLog fn="flex-log" name="access"
    </Object>
    ...

  9. Edit the file web.xml.

    1. Make a backup copy of /WebServer2_root/bin/https/webapps/instance-app/WEB-INF/web.xml

    2. At the end of the file, insert these lines:
      <servlet-name>UpdateAgentCacheServlet</servlet-name>
      <servlet-class>com.iplanet.dpro.agents.UpdateAgentCacheServlet</ servlet-class>
      </servlet>
      <servlet-mapping>
      <servlet-name>UpdateAgentCacheServlet</servlet-name>
      <url-pattern>/UpdateAgentCacheServlet</url-pattern>
      </servlet-mapping>

  10. If you want the agents installed on this computer system to point to different instances of DSAME, then for each agent edit the file WebServerX_root/SUNWam/web-apps/agent/WEB-INF/config/AMConfig.properties. In the following properties, provide information about the Web Server that runs DSAME Policy and Management service:

    • com.iplanet.am.server.host

    • com.iplanet.am.server.port

    • com.iplanet.am.server.protocol

    • com.iplanet.am.namimg.url

    • com.iplanet.am.policy.agent.url.port

  11. Restart both WebServer1 and WebServer2. For each server, at the command line, enter the following command:

    # Web_Server_root/https-host_identifier/restart


To Install a Second Agent on the Same Computer (Using iPlanet Web Server 4.x)

The examples in these steps assume the following:

    • WebServer1 and WebServer2 are installed on the same computer system.

    • DSAME Policy and Management Services are installed on a different computer system.

    • WebServer1 is installed in the directory /WebServer1_root.

    • The policy agent for this Web Server will be installed in the directory /WebServer1_root/agent.

    • WebServer2 uses Web Server 4.x, and is installed in the directory /WebServer2_root.

    • The policy agent for this Web Server will be installed in the directory /WebServer2_root/agent.

  1. Run the DSAME installation program to install the first URL policy agent on WebServer1. Follow the instructions in "Protecting Content on Remote Web Servers".

    The following files are installed in the directory you specified for installing the agent:

    • /WebServer1_root/SUNWam/web-apps/agent/WEB-INF/lib/libamUrlAccessAgentversion.so

    • /WebServer1_root/SUNWam/web-apps/agent/WEB-INF/lib/am_agent.jar

    • /WebServer1_root/SUNWam/web-apps/agent/WEB-INF/config/AMConfig.properties

    • /WebServer1_root/SUNWam/web-apps/agent/html/URLAccessDenied.html

  2. Create a subdirectory in the directory where WebServer2 is installed. For example: /WebServer2_root/agent

  3. In the directory /WebServer2_root/agent, copy the following three files from /WebServer1_root/agent:

    • WebServer1_root/SUNWam/web-apps/agent/WEB-INF/lib/libamUrlAccessAgentversion.so

    • /WebServer1_root/SUNWam/web-apps/agent/WEB-INF/lib/am_agent.jar

    • /WebServer1_root/SUNWam/web-apps/agent/WEB-INF/config/AMConfig.properties

  4. In the directory /WebServer2_root/docs, create a subdirectory. For example: /WebServer2_root/docs/am_agent/html.

  5. In the directory /WebServer2_root/docs/am_agent/htm, copy the following file from /WebServer1_root/agent:

    • /WebServer1_root/SUNWam/web-apps/agent/html/URLAccessDenied.html

  6. Edit the file jvm12.conf.

    1. Make a backup copy of the file /WebServer2_root/https-server_id/config/jvm12.conf.

    2. In the file /WebServer2_root/https-server_id/config/jvm12.conf, add /WebServer2_root/agent/am_agent.jar to the jvm.classpath.    

      Example:

      [JVMConfig]
      #jvm.minHeapSize=1048576
      #jvm.maxHeapSize=16777216
      #jvm.enableClassGC=0
      #jvm.verboseMode=1
      #jvm.enableDebug=1
      #jvm.printErrors=0
      #jvm.option=-Xrunoii
      #jvm.profiler=optimizeit
      #jvm.disableThreadRecycling=0
      #jvm.serializeAttach=0
      #jvm.stickyAttach=0
      #jvm.trace=5
      #jvm.allowExit=0
      #jvm.option=-Xrunjdwp:transport=dt_socket,
      #jvm.option=-Xnoagent
      #jvm.option=-classic
      #java.compiler=NONE
      #OPTITDIR=D:/App/IntuitiveSystems/OptimizeIt30D
      #nes.jsp.enabledebug=1
      #jvm.include.CLASSPATH=0
      #nes.jsp.forkjavac=0
      #jvm.serializeFirstRequest=0
      jvm.option=-Xrs
      #jvm.option=-server
      jvm.classpath=/export3/plugins/servlets/examples/legacy/beans.10 /SDKBeans10.jar:/WebServer2_root/agent/am_agent.jar
      #jvm.option=-Xbootclasspath:<JAVA_HOME>/lib/tools.jar:<JAVA_HOME >/jre/lib/rt.jar

  7. Edit the file obj.conf.

    1. Make a backup copy of the file /WebServer2_root/https-server_id/config/ obj.conf.

    2. In the file /WebServer2_root/https-server_id/config/, after the last Init directive, insert the following lines:

      Init fn="load-modules" shlib="/WebServer2_root/SUNWam/web-apps/agent/WEB-INF/lib/libamU rlAccessAgentversion.so" funcs="web_agent_init,validate_session_policy"
      Init fn="web_agent_init" dsameconfdir="/WebServer2_root/SUNWam/web-apps/agent/WEB-INF/con fig" LateInit="yes"
      Init fn="pool-init" disable="false"

  8. Edit the file obj.conf.

    1. Make a backup copy of the file /WebServer2_root/https-server_id/config/obj.conf.

    2. In the file /WebServer2_root/https-server_id/config/obj.conf, after the last PathCheck in the file, insert this line:

        PathCheck fn=validate_session_policy

    Example:
    <Object name="default">
    NameTrans fn="admin-uri2path" root="/export3/https-admserv/config"
    NameTrans fn="NSServletNameTrans" name="servlet"
    NameTrans fn="pfx2dir" from="/servlet" dir="/export3/docs/servlet" name="ServletByExt"
    PathCheck fn="admin-check-admpw" admpwfile="/export3/https-admserv/config/admpw" admdns="*.iplanet.com" admip="*" final=true
    PathCheck fn=find-pathinfo
    PathCheck fn="unix-uri-clean"
    PathCheck fn=find-index index-names="index.html"
    PathCheck fn=validate_session_policy

    ObjectType fn="type-by-extension"
    ObjectType fn="force-type" type="magnus-internal/cgi"
    Service fn="send-cgi" type="magnus-internal/cgi"
    Service fn="NSServletService" type="magnus-internal/jsp"
    Service fn="imagemap" method="GET" type="magnus-internal/imagemap"
    Service fn="send-file" method="GET"
    Error fn="admin-error" reason="server error"
    AddLog fn="flex-log" name="access"
    </Object>
    ...

  9. In rules.properties file, add an entry, /UpdateAgentCacheServlet=UpdateAgentCacheServlet

  10. In servlets.properties file, add an entry:

      servlet.UpdateAgentCacheServlet.code=com.iplanet.dpro.agents.
         UpdateAgentCacheServlet

  11. If you want the agents installed on this computer system to point to different instances of DSAME, then for each agent, edit the file WebServerX_root/SUNWam/web-apps/agent/WEB-INF/config/AMConfig.properties. In the following properties, provide information about the Web Server that runs DSAME Policy and Management service:

    • com.iplanet.am.server.host

    • com.iplanet.am.server.port

    • com.iplanet.am.server.protocol

    • com.iplanet.am.namimg.url

    • com.iplanet.am.policy.agents.url.port
      Enter the new port number of WebServer2.

  12. Restart both WebServer1 and WebServer2. For each server, at the command line, enter the following command:

      Web_Server_root/https-host_identifier/restart



Disabling URL Policy Agents

If you don't want to use a URL policy agent, you can uninstall it or disable it. To uninstall an agent, run the DSAME installation program. "To Uninstall DSAME Components".

You can disable the URL access policy agent by modifying the Web Server configuration files.


To Disable a URL Policy Agent Installed on Web Server 6.x

In the file obj.conf, remove or comment out lines containing the following strings:

    • web_agent_init

    • validate_session_policy


To Disable a URL Policy Agent Installed on Web Server 4.x

In the file magnus.conf, remove or comment out lines containing the following strings:

    • web_agent_init

    • validate_session_policy


Previous     Contents     Index     Next     
Copyright 2002 Sun Microsystems, Inc. All rights reserved.

Last Updated March 27, 2002