Limitations
Resource—based authentication contains the following limitations:
-
If the policies applicable to the resource have multiple authentication modules, the system will arbitrarily pick one authentication module.
-
Level and scheme are the only conditions that can be defined for this policy.
-
This feature does not work across different DNS domains.
To Configure Resource—based Authentication
Once both the Access Manager and a policy agent have been installed, resource—based authentication can be configured. To do this, it is necessary to point Access Manager to the Gateway servlet.
-
Open AMAgent.properties.
AMAgent.properties can be found (in a Solaris environment) in /etc/opt//SUNWam/agents/config/ .
-
Comment out the following line:
#com.sun.am.policy.am.loginURL = http://Access Manager_server_host.domain_name:port/amserver/UI/Login.
-
Add the following line to the file:
com.sun.am.policy.am.loginURL = http://AccessManager_host.domain_name:port/amserver/gateway
Note –The gateway servlet is developed using the Policy Evaluation APIs and can be used to write a custom mechanism to accomplish resource-based authentication. See the Chapter 6, Using the Policy APIs, in Sun Java System Access Manager 7 2005Q4 Developer’s Guide in the Access Manager Developer's Guide.
-
Restart the agent.
- © 2010, Oracle Corporation and/or its affiliates