Adding a Policy Enabled Service

You can define policies for resources of a given service only if the service schema has the <Policy> element configures to sms.dtd .

By default, Access Manager provides the URL Policy Agent service ( iPlanetAMWebAgentService). This service is defined in an XML file located in the following directory:

/etc/opt/SUNWam/config/xml/

You can, however add additional policy services to Access Manager. Once the policy service is created, you add it to Access Manager through the amadmin command line utility.

To Add a New Policy Enabled Service

1. Develop the new policy service in an XML file based on the sms.dtd. Access Manager provides two policy service XML files that you may wish to use as the basis for the new policy service file:

   amWebAgent.xml - This the XML file for the default URL Policy Agent service. It is located in /etc/opt/SUNWam/config/xml/.

   SampleWebService.xml . - This is the sample policy service file located inAccessManager-base/samples/policy .

2. Save the XML file to the directory from which you will load the new policy service. For example:

   /config/xml/newPolicyService.xml

3. Load the new policy service with the amadmin command line utility. For example:

   AccessManager-base/SUNWam/bin/amadmin --runasdn “uid=amAdmin,ou=People,default_org, root_suffix --password password --schema /config/xml/newPolicyService.xml

4. After you load the new policy service, you can define rules for the policy definitions through the Access Manager console or by loading a new policy through amadmin.