test

Deployment Example 1: Access Manager 7.1 Load Balancing, Distributed Authentication UI, and Session Failover

ProcedureTo Configure Properties for the J2EE Policy Agent 2 Sample Application

Modify AMAgent.properties.

  1. Log in as a root user to the ProtectedResource–2 host machine.

  2. Change to the config directory.


    # cd /export/J2EEPA2/j2ee_agents/am_wl92_agent/agent_001/config
    Tip –

    Backup AMAgent.properties before you modify it.

  3. Modify these properties in AMAgent.properties as follows.


    com.sun.identity.agents.config.notenforced.uri[0] =
   /agentsample/public/*
com.sun.identity.agents.config.notenforced.uri[1] =
   /agentsample/images/*
com.sun.identity.agents.config.notenforced.uri[2] =
   /agentsample/styles/*
com.sun.identity.agents.config.notenforced.uri[3] =
   /agentsample/index.html
com.sun.identity.agents.config.notenforced.uri[4] = 
   /agentsample
com.sun.identity.agents.config.access.denied.uri =
   /agentsample/authentication/accessdenied.html
com.sun.identity.agents.config.login.form[0] =
   /agentsample/authentication/login.html
com.sun.identity.agents.config.login.url[0] = 
   http://LoadBalancer-3.example.com:7070/
   amserver/UI/Login?realm=users
com.sun.identity.agents.config.privileged.attribute.
   type[0] = group
com.sun.identity.agents.config.privileged.attribute.
   tolowercase[group] = false

  4. Set these remaining properties as follows.

    Note –

    This is specific to this deployment example. For more information see The agentadmin -getUuid command fails for amadmin user on Access Manager 7 with various agents (6452713) in Sun Java System Access Manager Policy Agent 2.2 Release Notes.

    1. Retrieve the Universal IDs.

      They were saved in To Create Manager and Employee Groups Using Access Manager for J2EE Policy Agent Test.

    2. Convert all uppercase to lowercase and append a back slash (\) in front of each equal sign (=).

      • Change id=Manager-Group,ou=group,o=users,ou=services,dc=example,dc=com to id\=manager-group,ou\=group,o\=users,ou\=services,dc\=example,dc\=com.

      • Change id=Employee-Group,ou=group,o=users,ou=services,dc=example,dc=com to id\=employee-group,ou\=group,o\=users,ou\=services,dc\=example,dc\=com.

    3. Set the properties.


      com.sun.identity.agents.config.privileged.attribute.
   mapping[id\=manager-group,ou\=group,o\=users,ou\=services,
   dc\=example,dc\=com] = am_manager_role
com.sun.identity.agents.config.privileged.attribute.
   mapping[id\=employee-group,ou\=group,o\=users,ou\=services,
   dc\=example,dc\=com] = am_employee_role

  5. Save AMAgent.properties and close the file.

  6. Restart the Application Server 2 administration server and managed server.

    1. Change to the bin directory.


      # cd /usr/local/bea/user_projects/domains/ProtectedResource-2/bin

    2. Stop the managed server.


      # ./stopManagedWebLogic.sh ApplicationsServer-2 t3://localhost:7001

    3. Stop the administration server.


      # ./stopWebLogic.sh

    4. Start the administration server.


      # ./startWebLogic.sh &

    5. Start the managed server.


      # ./startManagedWebLogic.sh ApplicationServer-2 t3://localhost:7001 &

  7. Log out of the ProtectedResource–2 host machine.