To Verify that Web Policy Agent 2 Works Properly

1. Start a new browser and go to the Access Manager URL.

   Example: https://loadbalancer-3.example.com:9443/amserver/console

2. Log in to Access Manager using the following information:

   Username

   amadmin

   Password

   4m4dmin1

3. Create a referral policy in the top-level realm.

   1. On the Access Control tab, under Realms, click example.com.

   2. Click the Policies tab.

   3. On the Policies tab for example.com-Policies, click the “Referral URL Policy for users realm” link.

   4. In the Edit Policy page, under Rules, click New.

   5. In the Edit Rule page, provide the following information.

   6. On the same page, in the Rules section, click New.

   7. Select a Service Type.

      On the page “Step 1 of 2: Select Service Type for the Rule,” select URL Policy Agent (with resource name)

   8. Click Next.

   9. On the page “Step 2 of 2: New Rule,” provide the following information:

      Name:

      URL Rule for ProtectedResource-2

      Resource Name:

      http://ProtectedResource-2.example.com:1080/*

   10. Click Finish.

   11. On the Edit Policy page, click Save.

       In the Policies tab for example.com — Policies, you should see the policy named Referral URL Policy for users realm.

4. Create a policy in the users realm.

   1. Click Realms.

   2. On the Access Control tab, under Realms, click the Realm Name users.

   3. Click the Policies tab.

   4. On the Policies tab for users-Policies, click New Policy.

   5. In the New Policy page, provide the following information:

      Name:

      URL Policy for ProtectedResource-2

      Active:

      Verify that the checkbox is marked.

   6. On the same page, in the Rules section, click New.

   7. On the page “Step 1 of 2: Select Service Type for the Rule,” click Next.

      The Service Type “URL Policy Agent (with resource name) is the only choice.

   8. On the page “Step 2 of 2: New Rule,” provide the following information:

      Name:

      URL Rule for ProtectedResource-2

      Resource Name:

      Click the URL listed in the Parent Resource Name list: http://ProtectedResource-2.example.com:1080/*

      The URL is automatically added to the Resource Name field.

      GET:

      Mark this checkbox, and select the Allow value.

      POST:

      Mark this checkbox, and select the Allow value.

   9. Click Finish.

   10. On the Policy page, in the Subjects section, click New.

       1. Select the subject type.

          On the page “Step 1 of 2: Select Subject Type,” select the Access Manager Identity Subject type.

       2. On the page “Step 2 of 2: New Subject — Access Manager Identity Subject,” provide the following information:

          Name:

          Test Subject

          Filter:

          Choose User, and then click Search. Four users are added to the Available list.

          Available:

          In the list, select testuser1, and then click Add.

          The user testuser1 is added to the Selected list.

       3. Click Finish.

   11. In the New Policy page, click Create.

       On the Policies tab for users-Policies, the new policy “URL Policy for ProtectedResource-2” is now in the Policies list.

5. Verify that the new policy works with Web Policy Agent 2.

   1. Verify that an authorized user can access the Web Server 2.

      1. Go to the following URL:

         http://ProtectedResource-2.example.com:1080

      2. Log in to Access Manager using the following information:

         Username

         testuser1

         Password

         password

         You should see the default index.html page for Web Server 2.

   2. Verify that an unauthorized user cannot access the Web Server 2.

      1. Go to the following URL:

         http://ProtectedResource-2.example.com:1080

      2. Log in to Access Manager using the following information:

         Username

         testuser2

         Password

         password

         You should see the message, “You're not authorized to view this page.”