Resource—based authentication contains the following limitations:
If the policies applicable to the resource have multiple authentication modules, the system will arbitrarily pick one authentication module.
Level and scheme are the only conditions that can be defined for this policy.
This feature does not work across different DNS domains.
Once both the Access Manager and a policy agent have been installed, resource—based authentication can be configured. To do this, it is necessary to point Access Manager to the Gateway servlet.
AMAgent.properties can be found (in a Solaris environment) in /etc/opt//SUNWam/agents/config/ .
Comment out the following line:
#com.sun.am.policy.am.loginURL = http://Access Manager_server_host.domain_name:port/amserver/UI/Login.
Add the following line to the file:
com.sun.am.policy.am.loginURL = http://AccessManager_host.domain_name:port/amserver/gateway
The gateway servlet is developed using the Policy Evaluation APIs and can be used to write a custom mechanism to accomplish resource-based authentication. See the Chapter 6, Using the Policy APIs, in Sun Java System Access Manager 7 2005Q4 Developer’s Guide in the Access Manager Developer's Guide.
Restart the agent.