Sun Identity Manager 8.1 Resources Reference

Resource Configuration Notes

You can configure only one Access Manager server (whether in Realm mode or in Legacy mode). You can define multiple resources if you provision to different realms.

The Identity Server Policy Agent is an optional module that you can use to enable single sign-on (SSO). You can obtain this Policy Agent from the following location:

Note –

Do not attempt to follow the Policy Agent installation or configuration procedures if this product is not being used in your environment.

For more information about Policy Agents, see:

You must install the Identity Server Policy Agent on the same server where Identity Manager is installed.

To install the Policy Agent, follow the installation instructions provided with the Policy Agent, and then perform the following tasks:

ProcedureSetting Up Policy Agent

  1. Edit the file.

  2. Create a policy in Sun Java System Access Manager.

Editing the File

You must modify the file to protect Identity Manager. This file is located in the AgentInstallDir/config directory.

ProcedureTo Edit the File

  1. Locate the following lines in the file.

    com.sun.identity.agents.config.cookie.reset.enable = false[0] =
    com.sun.identity.agents.config.cookie.reset.domain[] =
    com.sun.identity.agents.config.cookie.reset.path[] =

    Edit these lines as follows.

    com.sun.identity.agents.config.cookie.reset.enable = true[0] = AMAuthCookie
    com.sun.identity.agents.config.cookie.reset.domain[0] =
    com.sun.identity.agents.config.cookie.reset.path[0] = /
  2. Add the following lines.[1] = iPlanetDirectoryPro
    com.sun.identity.agents.config.cookie.reset.domain[1] =
    com.sun.identity.agents.config.cookie.reset.path[1] = /
  3. Locate the following lines.

    com.sun.identity.agents.config.profile.attribute.fetch.mode = NONE
    com.sun.identity.agents.config.profile.attribute.mapping[] =

    Edit these lines as follows

    com.sun.identity.agents.config.profile.attribute.fetch.mode = HTTP_HEADER
    com.sun.identity.agents.config.profile.attribute.mapping[uid] = sois_user
  4. You must restart the web server for your changes to take effect.

Creating a Policy in Sun Java System Access Manager

ProcedureTo Create a Policy

  1. From within the Sun Java System Access Manager application, create a new policy named IDMGR (or something similar) with the following rules:

    Service Type  

    Resource Name  


    URL Policy Agent 


    Allow GET and POST actions

    URL Policy Agent 


    Allow GET and POST actions

  2. Assign one or more subjects to the IDMGR policy.