To Verify that Web Policy Agent 1 Works Properly
-
Start a new browser and go to the Access Manager URL.
Example: https://loadbalancer-3.example.com:9443/amserver/console
-
Log in to the Access Manager console using the following information:
- Username
-
amadmin
- Password
-
4m4dmin1
-
Create a referral policy in the top-level realm.
-
On the Access Control tab, under Realms, click example.com.
-
Click the Policies tab.
-
On the Policies tab for example.com-Policies, click New Referral.
-
In the New Policy page, provide the following information:
- Name:
-
Referral URL Policy for users realm.
- Active:
-
Mark the Yes checkbox.
-
On the same page, in the Rules section, click New.
-
Select a Service Type.
On the page “Step 1 of 2: Select Service Type for the Rule,” select URL Policy Agent (with resource name)
-
Click Next.
-
On the page “Step 2 of 2: New Rule,” provide the following information:
- Name:
-
URL Rule for ProtectedResource-1
- Resource Name:
-
http://ProtectedResource-1.example.com:1080/*
-
Click Finish.
-
On the same page, in the Referrals section, click New.
-
In the New Referral — Sub Realm page, provide the following information:
- Name:
-
Sub-Realm users
- Filter:
-
Type an asterisk (*), and then click Search.
- Value:
-
In the list, choose users.
-
Click Finish.
-
On the New Policy page, click Create.
In the Policies tab for example.com — Policies, you should see the policy named “Referral URL Policy for users realm.”
-
-
Create a policy in the users realm.
-
Click Realms.
-
On the Access Control tab, under Realms, click the Realm Name users.
-
Click the Policies tab.
-
On the Policies tab for users-Policies, click New Policy.
-
In the New Policy page, provide the following information:
- Name:
-
URL Policy for ProtectedResource-1
- Active:
-
Mark the Yes checkbox.
-
On the same page, in the Rules section, click New.
-
On the page “Step 1 of 2: Select Service Type for the Rule,” click Next.
The Service Type “URL Policy Agent (with resource name) is the only choice.
-
On the page “Step 2 of 2: New Rule,” provide the following information:
- Name:
-
URL Rule for ProtectedResource-1
- Resource Name:
-
Click the URL listed in the Parent Resource Name list: http://ProtectedResource-1.example.com:1080/*
The URL is automatically added to the Resource Name field.
- GET:
-
Mark this checkbox, and select the Allow value.
- POST:
-
Mark this checkbox, and select the Allow value.
-
Click Finish.
-
-
Create a new subject.
On the New Policy page, in the Subjects section, click New.
-
Select the subject type and then click Next.
On the page “Step 1 of 2: Select Subject Type,” select the “Access Manager Identity Subject” type.
-
On the page “Step 2 of 2: New Subject — Access Manager Identity Subject,” provide the following information:
- Name:
-
Enter Test Subject.
- Filter:
-
Choose User, and then click Search. Four users are added to the Available list.
- Available:
-
In the list, selecttestuser1, and then click Add.
The user testuser1 is added to the Selected list.
-
Click Finish.
-
-
In the New Policy page, click Create.
On the Policies tab for users-Policies, the new policy “URL Policy for ProtectedResource-1” is now in the Policies list.
-
Log out of the console.
-
Verify that an authorized user can access the Web Server 1.
-
Go to the following URL:
http://ProtectedResource-1.example.com:1080
-
Log in to Access Manager using the following information:
- Username
-
testuser1
- Password
-
password
You should see the default index.html page for Web Server 1.
The user testuser1 was configured in the test policy to be allowed to access Protected Resource 1.
-
-
Verify that an unauthorized user cannot access the Web Server 1.
-
Go to the following URL:
http://ProtectedResource-1.example.com:1080
-
Log in to Access Manager using the following information:
- Username
-
testuser2
- Password
-
password
You should see the message, “You're not authorized to view this page.”
The user testuser2 was not included in the test policy tat allows access to Protected Resource 1.
-
- © 2010, Oracle Corporation and/or its affiliates