Some OpenSSO Enterprise components (such as SAML, user management, and policy) require an identity to be authenticated before the client application can read configuration data. The client can provide either a username and password that can be authenticated, or an implementation of the com.sun.identity.security.AppSSOTokenProvider interface. Either option will return a session token which the client can then use to access OpenSSO Enterprise configuration data.
The following properties in AMConfig.properties can be used to set the username and password. The authenticated username should have permission to read the OpenSSO Enterprise configuration data.
The property to provide the user name is com.sun.identity.agents.app.username.
The property to provide the plain text password is com.iplanet.am.service.password.
If a plain text password is a security concern, an encrypted password can be provided as the value of com.iplanet.am.service.secret. If an encrypted password is provided, the encryption key must also be provided as the value of am.encryption.pwd.
Add the com.sun.identity.security.AdminToken property to AMConfig.properties with a value equal to the name of the implementation of the com.sun.identity.security.AppSSOTokenProvider interface.