Sun Java System Access Manager Policy Agent 2.2 Guide for IBM WebSphere Portal Server

Creating a J2EE Agent Profile

Caution – Caution –

Creating a J2EE agent profile in Access Manager Console is a required task that you should perform prior to installing the J2EE agent. Though the installation of the J2EE agent actually succeeds without performing this task, the lack of a valid agent profile in Access Manager prevents the J2EE agent from authenticating or having any further communication with Access Manager.

J2EE agents work with Access Manager to protect resources. However, for security purposes these two software pieces can only interact with each other to maintain a session after the J2EE agent authenticates with Access Manager by supplying an agent profile name and password. During the installation of the J2EE agent, you must provide a valid agent profile name and the respective password to enable authentication attempts to succeed.

You create agent profiles in Access Manager Console, not by configuring J2EE agent software. Creating the agent profile is a required security-related task.

The agent profile is created and modified in Access Manager Console. Therefore, tasks related to the agent profile are discussed in Access Manager documentation. Nonetheless, tasks related to the agent profile are also described in this Policy Agent guide, specifically in this section. For related information about defining the Policy Agent profile in Access Manager Console, see the following section of the respective document: Agents in Sun Java System Access Manager 7 2005Q4 Administration Guide.

ProcedureTo Create an Agent Profile

Perform the following tasks in Access Manager Console. The key steps of this task involve creating an agent ID and an agent password.

  1. With the Access Control tab selected click the name of the realm for which you would like to create an agent profile.

  2. Select the Subjects tab.

  3. Select the Agent tab.

  4. Click New.

  5. Enter values for the following fields:

    ID. Enter the name or identity of the agent. This is the agent profile name, which is the name the agent uses to log into Access Manager. Multi-byte names are not accepted.

    Password. Enter the agent password. This password must be different than the password used by the agent during LDAP authentication.

    Password (confirm). Confirm the password.

    Device Status. Select the device status of the agent. The default status is Active. If set to Active, the agent will be able to authenticate to and communicate with Access Manager. If set to Inactive, the agent will not be able to authenticate to Access Manager.

  6. Click Create.

    The list of agents appears.

  7. (Optional) If you desire, add a description to the newly created agent profile:

    1. Click the name of the newly created agent profile from the agent list.

    2. In the Description field, enter a brief description of the agent.

      For example, you can enter the agent instance name or the name of the application it is protecting.

    3. Click Save.