Using an Agent Profile for Authentication
To authenticate to Access Manager, a J2EE Agent requires that you create an agent profile in the Access Manager Administration Console. A Web Agent can also use an agent profile, which allows each Web Agent to have a unique user name (agent ID) and password. For the steps to create an agent profile, see the Access Manager Console online Help.
An agent profile also allows you to change the password and user name (agent ID) for a Policy Agent, as required by your deployment. To change a password and user name (if required), follow these general steps:
-
Log in to the Access Manager Console as the Access Manager administrator (amadmin).
-
In the agent profile for the Policy Agent, change the password and user name (agent ID), if required. Save the profile.
-
Encrypt the new agent password from Step 2 using the crypt_util utility for Web Agents or the agentadmin utility with the --encrypt option for J2EE Agents.
-
Set the following properties in the Policy Agent's AMAgent.properties file:
-
For Web Agents: Set the com.sun.am.policy.am.password property to the new encrypted password from Step 3. If you also changed the user name (agent ID), set the com.sun.am.policy.am.username property to the new user name (agent ID) from Step 2.
-
For J2EE Agents: Set the com.iplanet.am.service.secret property to the new encrypted password from Step 3. If you also changed the user name (agent ID), set the com.sun.identity.agents.app.username property to the new user name (agent ID) from Step 2.
-
-
Restart the Web Agent web container for the new password (and user name if you changed it) to take effect.
For more detailed information about creating and configuring agent profiles and encrypting passwords, see the Access Manager Policy Agent 2.2 documentation collection:
- © 2010, Oracle Corporation and/or its affiliates