Sun Identity Manager 8.1 Resources Reference

Installing and Configuring the Policy Agent

You must install the appropriate Access Manager Policy Agent on the Identity Manager server. The Policy Agent can be obtained from the following location:

Follow the installation instructions provided with the Policy Agent. Then perform the following tasks.

Edit the File

The file must be modified so that Identity Manager can be protected. It is located the following directory:

Be sure to use the files located the preceding directories. Do not use the copy located in the AgentInstallDir\config directory.

ProcedureEditing the File

  1. Locate the following lines in the file.

    com.sun.identity.agents.config.cookie.reset.enable = false[0] =
    com.sun.identity.agents.config.cookie.reset.domain[] =
    com.sun.identity.agents.config.cookie.reset.path[] =

    Edit these lines as follows.

    com.sun.identity.agents.config.cookie.reset.enable = true[0] = AMAuthCookie
    com.sun.identity.agents.config.cookie.reset.domain[0] =
    com.sun.identity.agents.config.cookie.reset.path[0] = /
  2. Add the following lines.[1] = iPlanetDirectoryPro
    com.sun.identity.agents.config.cookie.reset.domain[1] =
    com.sun.identity.agents.config.cookie.reset.path[1] = /
  3. Locate the following lines.

    com.sun.identity.agents.config.profile.attribute.fetch.mode = NONE
    com.sun.identity.agents.config.profile.attribute.mapping[] =

    Edit these lines as follows

    com.sun.identity.agents.config.profile.attribute.fetch.mode = HTTP_HEADER
    com.sun.identity.agents.config.profile.attribute.mapping[uid] = sois_user
  4. You must restart the web server for your changes to take effect.

ProcedureCreate a Policy in Access Manager

  1. From within the Access Manager application, create a new policy named IDMGR (or something similar) with the following rules:

    Service Type

    Resource Name


    URL Policy Agent 


    Allow GET and POST actions

    URL Policy Agent 


    Allow GET and POST actions 

  2. Assign one or more subjects to the IDMGR policy.