Sun logo      Copyright      Index      Next     

J2EE Policy Agents Guide

Contents


About This Guide
What You Are Expected to Know
Sun ONE Identity Server Documentation Set
Documentation Conventions Used in This Manual
Typographic Conventions
Terminology
Related Third-Party Web Site References
Related Information

Chapter 1   Read This First
Uses of J2EE Policy Agents
General Usage Examples
Specialized Agent Usage Examples
How J2EE Policy Agents Work
PeopleSoft 8.3/8.4/8.8 Agent Architecture
Supported Servers
What’s New in J2EE Policy Agents
URL Policy Support
Web-Tier Declarative Security Support
Other Features
Differences Between J2EE Policy Agents and Web Policy Agents
Differences in Protected Resources
Default Scope of Protection
Modes of Operation
Different Configuration Properties

Chapter 2   Installing the Agent
Pre-Installation Tasks
Common Tasks
Agent for Sun ONE Application Server 7.0
Agent for BEA WebLogic 6.1 SP2
Agent for BEA WebLogic Server 7.0 SP2 or BEA WebLogic Server 8.1
Agent for IBM WebSphere 5.0/5.1
Agent for PeopleSoft 8.3/8.4/8.8
Agent for Apache Tomcat Server 4.1.27
Agent for Oracle 9iAS R2 and Oracle 10g
Agent for SAP Enterprise Portal 6.0 SP2
Agent for Macromedia JRun 4
Agent for SAP Enterprise Portal 6.0 SP2 and Web Application Server 6.20 SP1
Agent for BEA WebLogic 8.1 SP2/SP3 Server/Portal
Agent for Sun Java System Application Server 8.1
Launching the Installation Program
Launching the Installation Program on Solaris, HP-UX, AIX, and Linux
Launching the Installation Program on Windows
Using the Installation Program
Using the GUI Installation Program
Using the Command-Line Installation Program
Post-Installation Tasks
Agent for Sun ONE Application Server 7.0
Agent for BEA WebLogic Server 6.1 SP2
Agent for IBM WebSphere Application Server 5.0/5.1
Agent for BEA WebLogic Server 7.0 SP2 or BEA WebLogic Server 8.1
Agent for PeopleSoft 8.3/8.4/8.8
Agent for Apache Tomcat Server 4.1.27
Agent for Oracle 9iAS R2 and Oracle 10g
Agent for SAP Enterprise Portal 6.0 SP2
Agent for Macromedia JRun 4
Agent for SAP Enterprise Portal 6.0 SP2 and Web Application Server 6.20 SP1
Agent for BEA WebLogic 8.1 SP2/SP3 Server/Portal
Agent for Sun Java System Application Server 8.1
Common Tasks
Customizing the Agent Installation

Chapter 3   Agent Configuration
General Notes on the Agent Configuration File
Hot-Swap Mechanism
List Constructs in the Configuration File
Map Constructs in the Configuration File
Agent Filter Modes
Agent Filter Mode - NONE
Agent Filter Mode - SSO_ONLY
Agent Filter Mode - J2EE_POLICY
Agent Filter Mode - URL_POLICY
Agent Filter Mode - ALL
Disabling the Agent Realm
Agent for Sun ONE Application Server 7.0
Agent for BEA WebLogic Server 6.1 SP2
Agent for IBM WebSphere Application Server 5.0/5.1
Agent for Oracle 9iAS and Oracle 10g
Agent for Sun Java System Application Server 8.1
Hot-Swap Configuration
Enabling Web-Tier Declarative Security
Web-Tier Security Details
Customizing Agent Response for Form Login
Enabling Failover
Login Attempt Limit
Redirect Attempt Limit
Not-Enforced List
Inverting the Not-Enforced List
Enabling LDAP Attributes
LDAP Attributes as HTTP Headers
LDAP Attributes as Request Attributes
LDAP Attributes as Cookies
Configuring FQDN Handling
Using Cookie Reset Functionality
Enabling Port Check Functionality
AMAgent.properties Reference
Agent Filter Mode
Configuration Reload Interval
Language Code
Country Code
Registered Module List
Login URL
Counter Cookie Name
Login Attempt Limit
URL Decode SSO Token Flag
Goto Parameter Name
Session Binding Flag
Not-Enforced List
Not-Enforced List Inversion Flag
Not-Enforced-List Cache Enable Flag
Not-Enforced-List Cache Size
Not-Enforced-List Cache Expiration Time
Access Denied URI
LDAP Date Header Attribute Format String
LDAP Attribute Map
LDAP Attribute Fetch Mode
LDAP Attribute Cookie Separator Character
LDAP Attribute Cookie Encode
FQDN Default
FQDN Map
J2EE Authentication Handler
J2EE Logout Handler
Login Form List
Form Login Use Internal Flag
Form Login Content File Name
Preserve Referer for Form Login Flag
Default Referer Map for Form Login
Cookie Reset Enable Flag
Cookie Reset List
Cookie Reset Domain Map
Cookie Reset Path Map
Audit Log Level
Redirect Counter Cookie Name
Redirect Attempt Limit
Legacy User Agent Support Flag
Legacy User Agent List
Legacy User-Agent Intermediate Redirect URI
Port Check Enable Flag
Port Check Map
Port Check Content File Name
Fetch All Operation Flag
People Container Level
Organization DN
Audit Log Disposition
Audit Log Local File Name
Audit Log Local File Rotate Flag
Audit Log Local File Rotation Size
Audit Log Remote File Name
Bypass Principal List
PeopleSoft User Mapping
User Attribute Containing PeopleSoft User
Validate SSO Token in PeopleCode flag
URL Decode SSO Token Flag
Authentication Module
Goto URL
Display Resource Root
Default Display Resource File Name
Display Resource Map
CDSSO Enable Flag
CDC Servlet URL
CDSSO Intermediate Redirect URI
CDSSO Request Cookie Name
CDSSO Liberty Assertion Validity Clock Skew Factor
Login Form Error List
Agent Operation Mode Map
Enable Filtered Roles
SAP User Mapping
User Attribute Containing SAP User-ID
Logon Frontend Tracking Cookie Name
Goto URL
Error Content File Name
User Mapping
User Mapping Mode
User Attribute Containing Agent User
Logout Parameter Map
Logout URI Map
Application Authentication Handler Map
Verification Handler Map
Global Verification Handler
HTTP Request Body Introspect Flag
Application Local Logout Handler Map

Chapter 4   Tools and APIs
Agent Tools
Using Tools to Encrypt Strings
Configuring the Agent for an Application Server Instance
Unconfiguring the Agent for an Application Server Instance
Agent APIs
Class AmFilterManager
Class AmSSOCache

Chapter 5   Uninstalling the Agent
Pre-Uninstallation Tasks
Agent for Sun ONE Application Server 7.0
Agent for BEA WebLogic Server 6.1 SP2
Agent for BEA WebLogic Server 7.0 SP2/8.1
Agent for IBM WebSphere 5.0/5.1
Agent for PeopleSoft 8.3/8.4/8.8
Agents for Oracle 9iAS R2 and Oracle 10g
Agent for Tomcat Server 4.1.27
Agent for SAP Enterprise Portal 6.0 SP2
Agent for Macromedia JRun 4
Agent for SAP Enterprise Portal 6.0 SP2 and Web Application Server 6.20 SP1
Agent for BEA WebLogic 8.1 SP2/SP3 Server/Portal
Agent for Sun Java System Application Server 8.1
Launching the Uninstallation Program
Launching the Uninstallation Program on Solaris, HP-UX, AIX and Linux
Launching the Uninstallation Program on Windows 2000
Using the Uninstallation Program
Using the GUI Uninstallation Program
Using the Command Line Uninstallation Program
Post-Uninstallation Tasks
Agent for SAP Enterprise Portal 6.0SP2
Agent for SAP Enterprise Portal 6.0 SP2 and Web Application Server 6.20 SP1

Chapter 6   Securing Identity Manager Software With a Policy Agent
Deployment Facts and Considerations
The Policy Agent Installation
Configuring the Agent
Configuring the Identity Manager Software
Adding the Resource Adapter
Configuring the Resource Instance
Creating a Login Module Group
Assigning the Login Module Group to Login Applications
Provisioning Users Using Identity Manager Software
Testing SSO Integration With Identity Server
Protecting Identity Manager Using URL Policies
How to Troubleshoot the Agent Configuration

Appendix A   Silent Installation
About Silent Installation/Uninstallation
Generating a State File for Installation
Using the State File for Silent Installation
Generating a State File for Uninstallation
Using the State File for Silent Uninstallation

Appendix B   Sample Application Scenario
Standard Deployment Descriptors
web.xml
ejb-jar.xml
application.xml
Assembly Descriptors
Sun ONE Application Server 7.0
BEA WebLogic 6.1 SP2
IBM WebSphere Application Server 5.0/5.1
BEA WebLogic Server 7.0 SP2 and BEA WebLogic Server 8.1
Apache Tomcat Server 4.1.27
Macromedia JRun 4
Oracle 9iAS R2 and Oracle 10g
Sun Java System Application Server 8.1

Appendix C   Troubleshooting the Agent Deployment
Index


Copyright      Index      Next     

Copyright 2004 Sun Microsystems, Inc. All rights reserved.