You can configure only one Access Manager server (whether in Realm mode or in Legacy mode). You can define multiple resources if you provision to different realms.
The Identity Server Policy Agent is an optional module that you can use to enable single sign-on (SSO). You can obtain this Policy Agent from the following location:
http://wwws.sun.com/software/download/inter_ecom.html#dirserv
Do not attempt to follow the Policy Agent installation or configuration procedures if this product is not being used in your environment.
For more information about Policy Agents, see:
http://docs.sun.com/app/docs/coll/1322.1
You must install the Identity Server Policy Agent on the same server where Waveset is installed.
To install the Policy Agent, follow the installation instructions provided with the Policy Agent, and then perform the following tasks:
You must modify the AMAgent.properties file to protect Waveset. This file is located in the AgentInstallDir/config directory.
Locate the following lines in the AMAgent.properties file.
com.sun.identity.agents.config.cookie.reset.enable = false com.sun.identity.agents.config.cookie.reset.name[0] = com.sun.identity.agents.config.cookie.reset.domain[] = com.sun.identity.agents.config.cookie.reset.path[] = |
Edit these lines as follows.
com.sun.identity.agents.config.cookie.reset.enable = true com.sun.identity.agents.config.cookie.reset.name[0] = AMAuthCookie com.sun.identity.agents.config.cookie.reset.domain[0] = .example.com com.sun.identity.agents.config.cookie.reset.path[0] = / |
Add the following lines.
com.sun.identity.agents.config.cookie.reset.name[1] = iPlanetDirectoryPro com.sun.identity.agents.config.cookie.reset.domain[1] = .example.com com.sun.identity.agents.config.cookie.reset.path[1] = / |
Locate the following lines.
com.sun.identity.agents.config.profile.attribute.fetch.mode = NONE com.sun.identity.agents.config.profile.attribute.mapping[] = |
Edit these lines as follows
com.sun.identity.agents.config.profile.attribute.fetch.mode = HTTP_HEADER com.sun.identity.agents.config.profile.attribute.mapping[uid] = sois_user |
You must restart the web server for your changes to take effect.
From within the Sun Java System Access Manager application, create a new policy named IDMGR (or something similar) with the following rules:
Service Type |
Resource Name |
Actions |
---|---|---|
URL Policy Agent |
http://server:port/idm |
Allow GET and POST actions |
URL Policy Agent |
http://server:port/idm/* |
Allow GET and POST actions |
Assign one or more subjects to the IDMGR policy.