Installing the Agent Filter for the WebSphere Application Server 6.1/7.0 Administration Console (Sun OpenSSO Enterprise Policy Agent 3.0 Guide for IBM WebSphere Application Server 6.1/7.0 and WebSphere Portal Server 6.1)

Sun OpenSSO Enterprise Policy Agent 3.0 Guide for IBM WebSphere Application Server 6.1/7.0 and WebSphere Portal Server 6.1

Installing the Agent Filter for the WebSphere Application Server 6.1/7.0 Administration Console

The procedures that you have performed up to this point enable the Trust Association Interceptor to protect the Administration Console while users log in and establish the correct principal. However, the Trust Association Interceptor cannot trap logout events or enforce URL policies. The agent filter allows the enforcement of coarse grained URL policies defined within OpenSSO Enterprise to further control the access to protected resources on the WebSphere Application Server 6.1/7.0 Administration Console.

Therefore, you must add the agent filter to the web.xml file, as described in the following steps to protect the Administration Console. Without the filter element, you can log in to the Administration Console and perform normal operations, but the logout button will not function.

Note –

The agent filter should be the last filter executed in sequence. Therefore, ensure that you insert the agent filter after all other filters in the web.xml file.

To Install the Agent Filter for the WebSphere Application Server 6.1/7.0 Administration Console

Locate the web.xml file for the WebSphere Application Server 6.1/7.0 instance.

For example:
```
DeployContainer-base/profiles/profile name/config/cells/cell
name/applications/isclite.ear/deployments/isclite/isclite.war/WEB-INF/
```
where DeployContainer-base represents the directory where the WebSphere Application Server 6.1/7.0 instance was installed.

Back up the web.xml file.

Add the agent filter to the web.xml file.

Ensure that the agent filter you add is the last filter to be executed in sequence. The example shows an excerpt of the web.xml file before the agent filter is added:

<filter>
     <filter-name>WSCUrlFilter</filter-name>
     <filter-class>com.ibm.ws.console.core.servlet.WSCUrlFilter</filter-class>
</filter>
<filter-mapping>
     <filter-name>WSCUrlFilter</filter-name>
     <servlet-name>action</servlet-name>
</filter-mapping>
<filter-mapping>
	<filter-name>WSCUrlFilter</filter-name>
     <url-pattern>/federatedlogoff</url-pattern>
</filter-mapping>

The example shows the agent filter in bold text:

<filter>
     <filter-name>WSCUrlFilter</filter-name>
     <filter-class>com.ibm.ws.console.core.servlet.WSCUrlFilter</filter-class>
</filter>
<filter>
     <filter-name>Agent</filter-name>
     <filter-class>com.sun.identity.agents.filter.AmAgentFilter</filter-class>
</filter>

<filter-mapping>
     <filter-name>WSCUrlFilter</filter-name>
     <servlet-name>action</servlet-name>
</filter-mapping>
<filter-mapping>
	<filter-name>WSCUrlFilter</filter-name>
     <url-pattern>/federatedlogoff</url-pattern>
</filter-mapping>

<filter-mapping>
    <filter-name>Agent</filter-name>
    <url-pattern>/*</url-pattern>
 </filter-mapping>

Restart the WebSphere Application Server 6.1/7.0 web container instance.