Web agents in Policy Agent 2.2 have the ability to forward user profile attribute values via HTTP headers to end-web applications. The user profile attribute values come from the server side of Access Manager. The web agent behaves like a broker to obtain and relay user attribute values to the destination servlets, CGI scripts, or ASP pages. These applications can in turn use the attribute values to personalize page content.
This feature is configurable through two properties in the web agent AMAgent.properties configuration file. To turn this feature on and off, use the following property from the web agent AMAgent.properties configuration file:
This property can be set to one of the following values:
When set to NONE, the web agent does not fetch LDAP attributes from the server and ignores the com.sun.am.policy.agents.config.profile.attribute.map property. In the other two cases, the web agent fetches the attribute.
To configure the attributes that are to be forwarded in the HTTP headers, use the following property:
Below is an example section from the web agent AMAgent.properties configuration file, which shows how this feature is used:
# # The policy attributes to be added to the HTTP header. The # specification is of the format # ldap_attribute_name|http_header_name[,...]. ldap_attribute_name # is the attribute in data store to be fetched and # http_header_name is the name of the header to which the value # needs to be assigned. # # NOTE: In most cases, in a destination application where a # "http_header_name" shows up as a request header, it will be # prefixed by HTTP_, and all lower case letters will become upper # case, and any - will become _; For example, "common-name" would # become "HTTP_COMMON_NAME" # com.sun.am.policy.agents.config.profile.attribute.map = cn|common-name,ou| organizational-unit, o|organization,mail|email,employeenumber|employee-number,c|country
By default, some LDAP user attribute names and HTTP header names are set to sample values.
To find the appropriate LDAP user attribute names, check the following XML file on the machine where Access Manager is installed:
The attributes in this file could be either Access Manager user attributes or Access Manager dynamic attributes. For an explanation of these two types of user attributes, see Sun Java System Access Manager 7 2005Q4 Administration Guide.
The attribute and HTTP header names that need to be forwarded must be determined by the end-user applications on the deployment container that the web agent is protecting. Basically, these applications are the consumers of the forwarded header values (the forwarded information is used for the customization and personalization of web pages).