To Create Policies for the Agent Resources (Deployment Example 1: Access Manager 7.0 Load Balancing, Distributed Authentication UI, and Session Failover)

Deployment Example 1: Access Manager 7.0 Load Balancing, Distributed Authentication UI, and Session Failover

To Create Policies for the Agent Resources

The policies you create here are used in a the subsequent verification procedure.

Create a referral policy for Load Balancer 5.
1. Go to the Access Manager URL:
  
  https://loadbalancer-3.example.com:9443/amserver/UI/Login
2. Log in to the Access Manager console using the following information:
  
  Username
  
  amadmin
  
  Password
  
  4m4dmin1
3. On the Access Control tab, click the realm name example.com.
4. Click the Policies tab.
5. Click the “Referral URL Policy for users realm” link.
6. In the Edit Policy page, under Rules, click New.
7. In the page “Step 1 of 2: Select Service Type for the Rule,” select “URL Policy Agent (with resource name), and then click Next.
8. In the page “Step 2 of 2: New Rule,” provide the following information:
  
  Name:
  
  URL Rule for LoadBalancer-5
  
  Resource Name:
  
  http://LoadBalancer-5.example.com:90/*
9. Click Finish, and then click Save.
  
  The new rules you added are now contained in the Rules list.

Create a policy in the users realm.
1. In the Edit Policy page, click the Realms link.
2. On the Access Control tab, click the users link.
3. Click the Policies tab, and then click New Policy.
  
  In the Name field, enter URL Policy for LoadBalancer-5.
4. Under Rules, click NEW.
5. In the page “Step 1 of 2: Select Service Type for the Rule,” click Next.
6. In the page “Step 2 of 2: New Rule,” provide the following information:
  
  Name:
  
  Enter LoadBalancer-5.
  
  Parent Resource Name:
  
  Click http://LoadBalancer-5.example.com:90/* to select it.
  
  The Parent Resource Name you selected is now contained in the Resource Name field.
  
  GET
  
  Mark the checkbox, and verify that the Allow option is selected.
  
  POST
  
  Mark the checkbox, and verify that the Allow option is selected.
7. Click Finish.
8. In the New Policy page, in the Subjects section, click New.
9. In the “Step 1 of 2: Select Subject Type” page, be sure that Access Manager Identity Subject is selected, and then click Next.
10. In the “Step 2 of 2: New Subject — Access Manager Identity Subject” page, provide the following information:
  
  Name:
  
  LoadBalancer-5_Roles
  
  Filter:
  
  In the drop-down list, select Role. Then click Search. The search returns a list of available roles.
11. In the Available: list, select manager and employee, and then click Add.
  
  The roles manager and employee are now contained in the Selected List.
12. Click Finish.
13. On the Policy page, click Create.
The policy you just created is now included in the list of Policies.

Log out of the Access Manager console and close the browser.