You must install the appropriate Access Manager Policy Agent on the Waveset server. The Policy Agent can be obtained from the following location:
http://wwws.sun.com/software/download/inter_ecom.html#dirserv
Follow the installation instructions provided with the Policy Agent. Then perform the following tasks.
The AMAgent.properties file must be modified so that Waveset can be protected. It is located the following directory:
Windows: \AgentInstallDir\es6\config\_PathInstanceName\
UNIX: /etc/opt/SUNWam/agents/es6/config/_PathInstanceName/
Be sure to use the files located the preceding directories. Do not use the copy located in the AgentInstallDir\config directory.
Locate the following lines in the AMAgent.properties file.
com.sun.identity.agents.config.cookie.reset.enable = false com.sun.identity.agents.config.cookie.reset.name[0] = com.sun.identity.agents.config.cookie.reset.domain[] = com.sun.identity.agents.config.cookie.reset.path[] = |
Edit these lines as follows.
com.sun.identity.agents.config.cookie.reset.enable = true com.sun.identity.agents.config.cookie.reset.name[0] = AMAuthCookie com.sun.identity.agents.config.cookie.reset.domain[0] = .example.com com.sun.identity.agents.config.cookie.reset.path[0] = / |
Add the following lines.
com.sun.identity.agents.config.cookie.reset.name[1] = iPlanetDirectoryPro com.sun.identity.agents.config.cookie.reset.domain[1] = .example.com com.sun.identity.agents.config.cookie.reset.path[1] = / |
Locate the following lines.
com.sun.identity.agents.config.profile.attribute.fetch.mode = NONE com.sun.identity.agents.config.profile.attribute.mapping[] = |
Edit these lines as follows
com.sun.identity.agents.config.profile.attribute.fetch.mode = HTTP_HEADER com.sun.identity.agents.config.profile.attribute.mapping[uid] = sois_user |
You must restart the web server for your changes to take effect.
From within the Access Manager application, create a new policy named IDMGR (or something similar) with the following rules:
Service Type |
Resource Name |
Actions |
---|---|---|
URL Policy Agent |
http://server:port/idm |
Allow GET and POST actions |
URL Policy Agent |
http://server:port/idm/* |
Allow GET and POST actions |
Assign one or more subjects to the IDMGR policy.