Contents

About This Guide

What You Are Expected to Know

Identity Server’s Documentation Set

Documentation Conventions Used in This Manual

Typographic Conventions

Terminology

Related Third-Party Web Site References

Related Information

Chapter 1   Read This First

Web Policy Agents

Uses for Web Policy Agents

How an Agent Interacts With Sun ONE Identity Server

Supported Servers

Before You Begin Installation

Java Runtime Environment 1.3.1 or Higher

Remote Web Servers

Configuring the Agent for Multiple Web Server Instances on the Same Computer

Providing Failover Protection for Agents

Updating the Agent Cache

Not-Enforced URL List

Not-Enforced IP Address List

Enforcing Authentication Only

Forwarding LDAP User Attributes via HTTP Headers

The Agent Properties File

Setting the Fully Qualified Domain Name

Cookie Reset Feature

Configuring CDSSO

Verifying a Successful Installation

Chapter 2   Policy Agents on Solaris and HP-UX

Before You Begin

Installing the Agent

Installation Using the GUI

Installing From the Command Line

Post-installation Tasks

Configuring the Domino DSAPI Filter

Setting File Ownership and Permissions

Configuring the Agent for Multiple Web Server Instances

Configuring the Agent for Multiple Web Server Instances on the Same Computer

Deploying the Agent with Multiple Instances of Sun ONE Identity Server

Using Secure Sockets Layer (SSL) With an Agent

Configuring the IBM HTTP Server

Web or Web Proxy Server Running in SSL Mode

The Agent’s Default Trust Behavior

Disabling the Agent’s Default Trust Behavior

Installing the Root CA Certificate on the Remote Web Server

Setting the REMOTE_USER Server Variable

Validating Client IP Addresses

POST Data Preservation

Shared Secret Encryption Utility

Uninstalling a Policy Agent

Unconfiguring a Policy Agent

Before Uninstalling the Policy Agent for Lotus Domino

Uninstalling Using the GUI

Uninstalling From the Command-Line

Troubleshooting

Known Problems

Chapter 3   Policy Agents on Microsoft Windows

Before You Begin

Overview of Policy Agents for Microsoft Windows

Supported Servers for Microsoft Windows

The Agent Installation Types

Preparing for Agent Installation on Microsoft IIS Web Servers

Installing and Configuring the Installation Type I Agents

Configuring the Domino DSAPI Filter

Installing Any Agent from the Command Line

Installing the Installation Type II Agents

Configuring the Installation Type II Agents

Creating the Microsoft IIS 6.0 Agent Configuration File

Creating the Apache 2.0.50 Agent Configuration File

Configuring the Agent for Microsoft IIS 6.0 for a Web Site

Configuring the Agent for Apache 2.0.50 for a Web Site

Using Secure Sockets Layer (SSL) with an Agent

The Agent’s Default Trust Behavior

Disabling the Agent’s Default Trust Behavior

Installing the Identity Server Root CA Certificate on the Agent Web Server

Setting the REMOTE_USER Server Variable

Validating Client IP Addresses

POST Data Preservation

Shared Secret Encryption Utility

Disabling, Uninstalling, and Unconfiguring Microsoft Windows Policy Agents

Disabling Microsoft Windows Policy Agents

Uninstalling Installation Type I Policy Agents

Uninstalling Any Agent from the Command-Line

Unconfiguring and Uninstalling Installation Type II Policy Agents

Troubleshooting

Microsoft IIS 5.0 Policy Agent

Known Problems

Chapter 4   Policy Agents on Red Hat, Suse, and Debian Linux

Before You Begin

Pre-installation Tasks

Policy Agent for Apache 1.3.27

Policy Agent for Apache 2.0.48

Policy Agents for IBM Lotus Domino 6.0.2 and 6.5

Policy Agents for Apache 1.3.29 and 2.0.52 on SuSE Linux

Policy Agent for Apache 2.0.52 on Debian Linux

Installing the Agent

Installing using the GUI

Installing from the Command-Line

Post-installation Tasks

Agent for IBM Lotus Domino 6.5

Configuring the Domino DSAPI Filter

Configuring the Agent for Multiple Web Server Instances

Configuring the Agent for Multiple Web Server Instances on the Same Computer

Using Secure Sockets Layer (SSL) with an Agent

The Agent’s Default Trust Behavior

Disabling the Agent’s Default Trust Behavior

Installing the Root CA Certificate on the Remote Web Server

Setting the REMOTE_USER Server Variable

Validating Client IP Addresses

Shared Secret Encryption Utility

Uninstalling the Policy Agent

Removing an Agent using the unconfig Script

Uninstalling using the GUI

Uninstalling from the Command Line

Troubleshooting

Chapter 5   Single Sign-on Solution for Oracle Application Servers

Introduction

Integration with Sun ONE Identity Server

Software Requirements

For Oracle9iAS R1

For Oracle Application Server 10g

Deploying the Integrated SSO Solution

Deploying the Solution for Oracle9iAS R1

Deploying the Solution for Oracle Application Server 10g

Configuring the Agent

Policy Agent for Oracle9iAS R1

Policy Agent for Oracle Application Server 10g

Verifying the Deployment

Troubleshooting Tips

Chapter 6   Single Sign-On Solution for SAP Internet Transaction Server 2.0

Introduction

Architecture Details

Prerequisites

Installing PAS

Configuring the SAP Systems

Configuring SAP R/3 System and the ITS instance

Configuring the System to Issue SSO2 Logon Tickets

Configuring Systems to Accept SSO2 Logon Tickets

Installing and Configuring the Policy Agent

SAP Template Files

Template file login.html

Template file extautherror.html

Template file redirect.html

Appendix A   AMAgent Properties

com.sun.am.cookieName

com.sun.am.namingURL

com.sun.am.policy.am.loginURL

com.sun.am.policy.am.library.loginURL

com.sun.am.logFile

com.sun.am.serverLogFile

com.sun.am.logLevels

com.sun.am.policy.am.username

com.sun.am.policy.am.password

com.sun.am.certDbPrefix

com.sun.am.trustServerCerts

com.sun.am.notificationEnabled

com.sun.am.notificationURL

com.sun.am.policy.am.urlComparison.caseIgnore

com.sun.am.policy.am.cacheEntryLifeTime

com.sun.am.policy.am.userIdParam

com.sun.am.policy.am.fetchHeaders

com.sun.am.policy.am.headerAttributes

com.sun.am.policy.am.loadBalancer_enable

com.sun.am.policy.agents.version

com.sun.am.policy.agents.logAccessType

com.sun.am.policy.agents.agenturiprefix

com.sun.am.policy.agents.locale

com.sun.am.policy.agents.instanceName

com.sun.am.policy.agents.do_sso_only

com.sun.am.policy.agents.accessDeniedURL

com.sun.am.policy.agents.urlRedirectParam=goto

com.sun.am.policy.agents.fqdnDefault

com.sun.am.policy.agents.fqdnMap

com.sun.am.policy.agents.cookie_reset_ enabled

com.sun.am.policy.agents.cookie_reset_list

com.sun.am.policy.agents.cookieDomainList

com.sun.am.policy.agents.unauthenticatedUser

com.sun.am.policy.agents.anonRemoteUserEnabled

com.sun.am.policy.agents.notenforcedList

com.sun.am.policy.agents.reverse_the_meaning_of_notenforcedList

com.sun.am.policy.agents.notenforced_client_IP_address_list

com.sun.am.policy.agents.is_postdatapreserve_enabled

com.sun.am.policy.agents. postcacheentrylifetime

com.sun.am.policy.agents.cdsso-enabled

com.sun.am.policy.agents.cdcservletURL

com.sun.am.policy.agents.client_ip_validation_ enable

com.sun.am.policy.agents.logout.url

com.sun.am.policy.agents.logout.cookie_reset_ list

com.sun.am.policy.am.ldapattribute.cookiePrefix

com.sun.am.policy.am.ldapattribute.cookieMax Age

com.sun.am.policy.agents.getClientHostname

com.sun.am.policy.am.ldapattribute.mode

com.sun.am.policy.am.fetchFromRootResource

Appendix B   Error Codes

Index

Copyright      Index      Next

---

Copyright 2004 Sun Microsystems, Inc. All rights reserved.