Resource Configuration Notes (Sun Identity Manager 8.1 Resources Reference)

Sun Identity Manager 8.1 Resources Reference

Resource Configuration Notes

You can configure only one Access Manager server (whether in Realm mode or in Legacy mode). You can define multiple resources if you provision to different realms.

The Identity Server Policy Agent is an optional module that you can use to enable single sign-on (SSO). You can obtain this Policy Agent from the following location:

http://wwws.sun.com/software/download/inter_ecom.html#dirserv

Note –

Do not attempt to follow the Policy Agent installation or configuration procedures if this product is not being used in your environment.

For more information about Policy Agents, see:

http://docs.sun.com/app/docs/coll/1322.1

You must install the Identity Server Policy Agent on the same server where Identity Manager is installed.

To install the Policy Agent, follow the installation instructions provided with the Policy Agent, and then perform the following tasks:

Setting Up Policy Agent

Edit the AMAgent.properties file.

Create a policy in Sun Java System Access Manager.

Editing the AMAgent.properties File

You must modify the AMAgent.properties file to protect Identity Manager. This file is located in the AgentInstallDir/config directory.

To Edit the AMAgent.properties File

Locate the following lines in the AMAgent.properties file.

com.sun.identity.agents.config.cookie.reset.enable = false
com.sun.identity.agents.config.cookie.reset.name[0] =
com.sun.identity.agents.config.cookie.reset.domain[] =
com.sun.identity.agents.config.cookie.reset.path[] =

Edit these lines as follows.

com.sun.identity.agents.config.cookie.reset.enable = true
com.sun.identity.agents.config.cookie.reset.name[0] = AMAuthCookie
com.sun.identity.agents.config.cookie.reset.domain[0] = .example.com
com.sun.identity.agents.config.cookie.reset.path[0] = /

Add the following lines.

com.sun.identity.agents.config.cookie.reset.name[1] = iPlanetDirectoryPro
com.sun.identity.agents.config.cookie.reset.domain[1] = .example.com
com.sun.identity.agents.config.cookie.reset.path[1] = /

Locate the following lines.

com.sun.identity.agents.config.profile.attribute.fetch.mode = NONE
com.sun.identity.agents.config.profile.attribute.mapping[] =

Edit these lines as follows

com.sun.identity.agents.config.profile.attribute.fetch.mode = HTTP_HEADER
com.sun.identity.agents.config.profile.attribute.mapping[uid] = sois_user

You must restart the web server for your changes to take effect.

Creating a Policy in Sun Java System Access Manager

To Create a Policy

From within the Sun Java System Access Manager application, create a new policy named IDMGR (or something similar) with the following rules:

Service Type	Resource Name	Actions
URL Policy Agent	http:`//server:port/`idm	Allow `GET` and `POST` actions
URL Policy Agent	http:`//server:port/`idm/*	Allow `GET` and `POST` actions

Assign one or more subjects to the IDMGR policy.