Sun OpenSSO Enterprise Policy Agent 3.0 User's Guide for Web Agents

Setting the Fully Qualified Domain Name

To ensure appropriate user experience, it is necessary that users access resources protected by the web agent using valid URLs. The property labeled FQDN Default (Tab: Global, Name: com.sun.identity.agents.config.fqdn.default) provides the necessary information needed by the web agent to identify if the user is using a valid URL to access the protected resource. If the web agent determines that the incoming request does not have a valid hostname in the URL, it redirects the user to the corresponding URL with a valid hostname. The difference between the redirect URL and the URL originally used by the user is only the hostname, which is changed by the web agent to a fully qualified domain name (FQDN) as per the value specified in this property.

This is a required configuration property without which the deployment container may not start up correctly. This property is set during the web agent installation and must not be modified unless absolutely necessary to accommodate deployment requirements. An invalid value for this property can result in the deployment container becoming unusable or the resources becoming inaccessible.

The property labeled FQDN Virtual Host Map (Tab: Global, Name: com.sun.identity.agents.config.fqdn.mapping) provides another way by which the web agent can resolve partial or malformed access URLs and take corrective action. The web agent gives precedence to the entries defined in this property over the value defined in the FQDN Default property. If none of the entries in this property matches the hostname specified in the user request, the agent uses the value specified for the FQDN Default property.

The FQDN Virtual Host Map property can be used for creating a mapping for more than one hostname. This may be the case when the deployment container protected by this agent is accessible by more than one hostname. However, this feature must be used with caution as it can lead to the deployment container resources becoming inaccessible.

This property can also be used to override the behavior of the web agent in cases where necessary. The format for assigning a value to the FQDN Virtual Host Map property is as follows:

Map Key

invalid_hostname

Corresponding Map Value

valid_hostname

where:

The invalid_hostname value is a possible invalid hostname such as partial hostname or an IP address that the user may provide .

The valid_hostname value is the corresponding valid hostname that is fully qualified. For example, the following are possible values assigned to the FQDN Virtual Host Map property in OpenSSO Enterprise Console for xyz.domain1.com:

Map Key

xyz

Corresponding Map Value

xyz.domain1.com

Map Key

xyz.domain1

Corresponding Map Value

xyz.domain1.com

When you are done setting the FQDN Virtual Host Map property as described in this example, it appears in OpenSSO Enterprise Console with the following format:

[xyz]=xyz.domain1.com

[xyz.domain1]=xyz.domain1.com

This property can also be used in such a way that the web agent uses the name specified in this map instead of the deployment container’s actual name.

If you want your server to be addressed as xyz.hostname.com whereas the actual name of the server is abc.hostname.com. The browser only knows xyz.hostname.com and you have specified policies using xyz.hostname.com in OpenSSO Enterprise Console. Set the FQDN Virtual Host Map property as such:

Map Key

valid

Corresponding Map Value

xyz.hostname.com