test

Sun Java System Access Manager 7.1 Developer's Guide

ProcedureTo Add a New Policy-Enabled Service to Access Manager

  1. Run the amadmin command to load the policy-enabled service.


    AccessManager-base/bin/amadmin
     --runasdn "uid=amAdmin,ou=People,default_org,root_suffix"
			--password password
			--schema AccessManager-base/samples/policy/SampleWebService.xml

  2. Copy the properties file to the locale directory of the Access Manager installation.

    cp SampleWebService.properties AccessManager-base/locale

  3. Create a service XML file that conforms to AccessManager-base/dtd/sms.dtd, and contains the <Policy> element. See example below.

  4. Create and copy locale properties file to AccessManager-base/locale.

  5. Use amadmin to load the service into Access Manager.

    Once the new service is added, you can define rules for the new service in policy definitions.

Example 3–3 XML for Policy-Enabled Service

/etc/opt/SUNWam/config/xml/amWebAgent.xml (Solaris) /etc/opt/sun/identity/config/xml/amWebAgent.xml(Linux and HP-UX) 


AccessManager-base\AccessManager\identity\config\xml\amWebAgent.xml

(Windows)

<!DOCTYPE ServicesConfiguration
    PUBLIC "=//iPlanet//Service Management Services (SMS) 1.0 DTD//EN"
    "jar://com/sun/identity/sm/sms.dtd">

<ServicesConfiguration>
    <Service name="iPlanetAMWebAgentService" version="1.0">
	<Schema
            i18nFileName="amWebAgent"
            i18nKey="iplanet-am-web-agent-service-description">
	<Global>
		<AttributeSchema name="serviceObjectClasses"
                    type="list"
                    syntax="string"
	i18nKey="">
                    <DefaultValues>
			<Value>iplanet-am-web-agent-service</Value>
	</DefaultValues>
		</AttributeSchema>
            </Global>

            <Policy>
		<AttributeSchema name="GET"
                    type="single"
	syntax="boolean"
                    uitype="radio"
                    i18nKey="GET">
	<IsResourceNameAllowed/>
                    <BooleanValues>
			<BooleanTrueValue i18nKey="allow">allow</BooleanTrueValue>
			<BooleanFalseValue i18nKey="deny">deny</BooleanFalseValue>
                    </BooleanValues>
		</AttributeSchema>
		<AttributeSchema name="POST"
                    type="single"
	syntax="boolean"
                    uitype="radio"
                    i18nKey="POST">
	<IsResourceNameAllowed/>
                    <BooleanValues>
       			<BooleanTrueValue i18nKey="allow">allow</BooleanTrueValue>
			<BooleanFalseValue i18nKey="deny">deny</BooleanFalseValue>
                    </BooleanValues>
		</AttributeSchema>
            </Policy>
	</Schema>
    </Service>
</ServicesConfiguration>