Policy Agents
Policy agents are an integral part of SSO and CDSSO sessions. They are programs that police the web server or application server that hosts protected resources. When a user requests access to a protected resource such as a server or an application, the policy agent intercepts the request and redirects it to the Access Manager Authentication Service for authentication. Following this, the policy agent will also enforce the authenticated user’s assigned policies. (A policy defines the rules that specify a user's access privileges to a protected resource.) Access Manager supports two types of policy agents:
-
The web agent enforces URL-based policy for C applications.
-
The J2EE/Java agent enforces URL-based policy and J2EE-based policy for Java applications on J2EE containers.
Both types of agents are available for you to install as programs separate from Access Manager. For an overview of the available policy agents and links to specific information on installation, see the Sun Java System Access Manager Policy Agent 2.2 User’s Guide.
Note –
When Access Manager policy agents are implemented, all HTTP requests are implicitly denied unless explicitly allowed by the presence of two things:
-
A valid session
-
A policy allowing access
You can modify this default configuration so that Access Manger implicitly allows access unless explicitly denied.
- © 2010, Oracle Corporation and/or its affiliates