To Enable the Agent Authenticator to Access Other Agent Instances

This task describes how to edit the bootstrap file of each agent instance that corresponds to an agent profile you added to the Selected list of the agent authenticator. Therefore, if you added four agents profiles (for example, a combination of J2EE agent and Web agent instances) to the agent authenticator, you must perform this task four times if you want each of those agent instances to be readable by the agent authenticator. In such a scenario, all four agent instances would then use the same user name and password to authenticate to OpenSSO Enterprise server.

Agents in Policy Agent 3.0 have the two following properties in the OpenSSOAgentBootstrap.properties file that enable the agent to communicate with OpenSSO Enterprise server:

• com.sun.identity.agents.app.username

• com.sun.identity.agents.config.profilename

The first property, the user name property, enables the agent to authenticate with the OpenSSO Enterprise server. The second property, the profile name property, enables the agent to retrieve its configuration data from the OpenSSO Enterprise server. By default, the value assigned to these two properties is the same. However, for the agent authenticator, these properties should have different values. Therefore, the user name property must be changed as indicated in this task.

1. Stop the agent container.

2. Edit the OpenSSOAgentBootstrap.properties file as described in the substeps that follow.

   The bootstrap file is located at the following location:

   PolicyAgent-base/AgentInstance-Dir/config
   

   For information about this location, see Table P–6

   1. Using your text editor of choice, open the OpenSSOAgentBootstrap.properties file.

   2. Change the value for the property named com.sun.identity.agents.app.username to the agent authenticator name.

      Therefore, the setting would be as such:

      com.sun.identity.agents.app.username = AgentAuthenticatorName
      

      where AgentAuthenticatorName represents the name provided for the agent authenticator.

   3. Change the value for the property named com.iplanet.am.service.secret to the agent authenticator password.

      Therefore, the setting would be as such:

      com.iplanet.am.service.secret = EncryptedAgentAuthenticatorPassword
      

      where EncryptedAgentAuthenticatorPassword represents the encrypted version of the password provided for the agent authenticator as demonstrated previously in this task.

      ---

      Note –

      To encrypt the password, use the agentadmin --encrypt command as described in agentadmin --encrypt.

      ---

   4. Save and close the bootstrap file.

3. Restart the agent container.