The sample programs operate in command-line mode and demonstrate the use of C APIs for authorization, authentication, single sign-on (SSO), and logging.
On the Solaris platform you can run the sample programs by launching the generated executables on the command line. Set the LD_LIBRARY_PATH environment variable to include the following /lib directories:
These directories contain libamsdk.so, libxml2.so , libssl3.so, libnss3.so, libplc4.so, libplds4.so, libnspr4.so, and libucb.so. Include the directory /usr/lib before /usr/ucblib so that common programs such as editors will continue to function.
On the Linux platform you can run the sample programs by launching the generated executables on the command line. Be sure to set the LD_LIBRARY_PATH environment variable to include the directory AccessManager-base/agent/lib, which contains the following: libamsdk.so, libxml2.so, libssl3.so, libnss3.so, libplc4.so, libplds4.so and libnspr4.so.
On the Windows platform you can run the sample programs by launching the generated executables on the command line You must have the ../sample/lib directory in your path before launching the sample programs. Alternatively, you can use the run.bat script to launch the sample programs. The run.bat script sets your path appropriately.
The sample program am_policy_test evaluates the policy for the given ssoToken, resource name, and action. Before you can run this program, you must have a policy defined for the specified resource in an Access Manager server.
To execute am_policy_test, use the following command:
am_policy_test initPropertyFile ssoToken resourceName action
The path to the AMAgent.properties file.
Valid SSO Token issued by Access Manager. You can get this value from your browser after logging into the Access Manager server. See the documentation for your browser for information about how to determine the cookie values. Once you have that information, you can use the cookie value for iPlanetDirectoryPro as the value for this argument.
If the browser you are using does not provide URL decoded cookie values, you may have to decode the value yourself before using it in this sample program. Alternatively, for test purposes, you can also use the SSO value displayed in the Access Manager debugging logs.
Name of a resource for which you want to evaluate a policy. Example:
The action name. For example GET or POST .
The sample program am_auth_test authenticates to the specified organization using the specified authentication module. You must have an Access Manager server with a user profile set up with the corresponding authentication module before running this program.
To execute am_auth_test, run the following command:
am_auth_test [-u user ] [-p password] [-f properties_file] [-r url ] [-n cert_nick_name] [-o org_name] [-m auth_module ]
The following variables are used:
Specify the Access Manager user name.
Specify the Access Manager user's password.
Specify the complete path of the AMAgent.properties file.
(Optional) Specify the authentication login URL.
(Optional) Specify the certificate nickname.
Specify the default organization name.
Specify the authentication module type. The default is LDAP.
If no options are supplied on the command line, login uses the org_name specified in the properties file and auth_module LDAP. The user can specify the org_name on the command line to override the value specified in the properties file. Example: dc=iplanet,dc=com . In either case, the user is prompted for User Name and Password.
For certificate—based login, the user specifies auth_module Cert on the command line. The user can specify the cert_nick_name on the command line to override the value specified in the properties files. Other values affecting certificate-based login are taken from the properties file. The default properties file is ../../config/AMAgent.properties. Check to be sure the appropriate properties and values are set in the properties file before calling this program. The following properties are specific to authentication:
The sample program am_sso_test logs into an Access Manager server using the specified user and password and the LDAP authentication module, and performs SSO Token operations on the session. Before running this program, you must have an Access Manager with a user profile set up with the LDAP authentication module.
To execute am_sso_test, run the following command:
am_sso_test -u user -p password [-f properties_file] [-s session_url ]
User to log in to the Access Manager server using the LDAP authentication module.
Password to log in to the Access Manager server using the LDAP authentication module.
The path to the properties file. If not set, the default properties file ../../config/AMAgent.properties is used. Check to be sure the appropriate values are set in the properties file before calling this program. See Sun Java System Access Manager Policy Agent 2.2 User’s Guidefor more information on the properties file.
The session URL of the Access Manager server if known. Example: https://myhost/amserver/sessionservice. If not set (the default is not set), the Naming Service specified in the properties file is used to obtain the session URL for the Token ID of the login session.
The sample program am_log_test logs a message to the specified log file on the Access Manager server, using the specified SSO Token.
To execute the am_log_test sample program, run this command:
am_log_test -n log_name -u logged_by_token_id -u user_token_id -m message [-d log_module] [-f properties_file]
Name of Log file on the Access Manager server.
SSO token ID with access to the Logging Service on the Access Manager server.
SSO token ID of a user for the log. Can be the logged_by_token_id or something else.
The log message.
The module name, if not specified, the default TestModule is used.
path to the properties file. If not set, the default properties file ../../config/AMAgent.properties is used. Check to make sure appropriate values are set in the properties file before calling this program. See the Agents documentation for more information on the properties file.
The apache_agent.c sample demonstrates how to implement a web agent plugin for the apache HTTP server. This is a sample only and should not be used as an actual web agent.