To Create a Unique Policy Agent Identity

1. Use the Access Manager administration console to make an entry for each agent.

2. Run the following command on the password that was entered during the creation of the agent. This command should be invoked on the host where the agent is installed.

   AccessManager-base/SUNWam/agents/bin/crypt_util agent123

   This will give the following output:

   WnmKUCg/y3l404ivWY6HPQ==

3. Change AMAgent.properties to reflect the new value, and then and restart the agent. Example:

   # The username and password to use for the Application 
   authentication module.
   
   com.sun.am.policy.am.username = agent123
   com.sun.am.policy.am.password = WnmKUCg/y3l404ivWY6HPQ==
   
   # Cross-Domain Single Sign On URL
   # Is CDSSO enabled.
   com.sun.am.policy.agents.cdsso-enabled=true
   
   # This is the URL the user will be redirected to after successful login
   # in a CDSSO Scenario.
   com.sun.am.policy.agents.cdcservletURL = http://server.example.com:port
   /amserver/cdcservlet

4. Change AMConfig.properties where Access Manager is installed to reflect the new values, and then and restart Access Manager. Example:

   com.sun.identity.enableUniqueSSOTokenCookie=true
   com.sun.identity.authentication.uniqueCookieName=sunIdentityServerAuthNServer
    
   com.sun.identity.authentication.uniqueCookieDomain=.example.com

5. In the Access Manager console, choose Configuration>Platform.

6. In the Cookie Domains list, change the cookie domain name:

   1. Select the default iplanet.com domain, and then click Remove.

   2. Enter the host name of the Access Manager installation, and then click Add.

      Example: server.example.com

      You should see two cookies set on the browser:

      • iPlanetDirectoryPro – server.example.com (hostname)

      • sunIdentityServerAuthNServer – example.com (hostname)