To Complete the Installation of the Policy Agent 2.2 for Sun Java System Application Server 9.0 / Web Services

Before You Begin

The initial step in installing the Policy Agent 2.2 for Sun Java System Application Server 9.0 / Web Services is to deploy the Access Manager WAR as a web application using the Application Server administration console. See Installing Access Manager if this has not been done.

javaee.home is a variable that should be replaced with the installation directory of the Java EE 5 SDK.

1. Note the directory name and the path to the directory into which the following files are placed:

   • amWebServicesProvider.jar

   • amclientsdk.jar

   • AMConfig.properties

   • amclientkeystore.jks

   • .storepass

   • .keypass

   If you used one of the installers, the files were put in a particular directory: /javaee.home/addons/accessmanager for installations of Java Application Platform SDK (when Download or Download with JDK is selected), and /javaee.home/addons/amserver for installations of Java Application Platform SDK or Java EE 5 SDK Update 1 (when Download with Tools is selected), and NetBeans Enterprise Pack 5.5. Be sure to make a note of this directory and path. Otherwise, put the files in a directory and make a note of the directory and path in which they were placed.

2. Modify the global Java Virtual Machine (JVM) settings in Application Server by adding the following to the classpath suffix:

   • amwebServiceProvider.jar (including the complete path)

   • amclientsdk.jar (including the complete path)

   • The complete path to the directory which contains the client's AMConfig.properties:

     • /javaee.home/domains/domain_name/config for installations of Java Application Platform SDK (when Download or Download with JDK is selected).

     • /javaee.home/addons/amserver for installations of Java Application Platform SDK or Java EE 5 SDK Update 1 (when Download with Tools is selected) and NetBeans Enterprise Pack 5.5.

3. Add the following web services security providers configurations to the domain.xml file as per Application Server guidelines.

   domain.xml is located in the /ApplicationServer-install/domains/domain1/config directory and contains most of the Application Server configuration information.

   ---

   Note –

   More information can be found in Chapter 1, The domain.xml File, in Sun Java System Application Server Platform Edition 9 Administration Reference.

   ---

   The following provider code fragment needs to be added under the <message-security-config auth-layer="HttpServlet"> tag:

   <provider-config class-name="com.sun.identity.agents.jsr196.as9soap.AMHttpAuthModule" provider-id="AMHttpProvider" provider-type="server"> <request-policy auth-source="content"/> <response-policy auth-source="content"/> </provider-config>

   The following provider code fragments need to be added under the <message-security-config auth-layer="SOAP"> tag:

   <provider-config class-name="com.sun.identity.agents.jsr196.as9soap.AMServerAuthModule" provider-id="AMServerProvider-SAML-HolderOfKey" provider-type="server"> <request-policy auth-source="content"/> <response-policy auth-source="content"/> <property name="providername" value="SAML-HolderOfKey"/> </provider-config>

   <provider-config class-name="com.sun.identity.agents.jsr196.as9soap.AMServerAuthModule" provider-id="AMServerProvider-SAML-SenderVouches" provider-type="server"> <request-policy auth-source="content"/> <response-policy auth-source="content"/> <property name="providername" value="SAML-SenderVouches"/> </provider-config>

   <provider-config class-name="com.sun.identity.agents.jsr196.as9soap.AMServerAuthModule" provider-id="AMServerProvider-X509Token" provider-type="server"> <request-policy auth-source="content"/> <response-policy auth-source="content"/> <property name="providername" value="X509Token"/> </provider-config>

   <provider-config class-name="com.sun.identity.agents.jsr196.as9soap.AMServerAuthModule" provider-id="AMServerProvider-LibertySAMLToken" provider-type="server"> <request-policy auth-source="content"/> <response-policy auth-source="content"/> <property name="providername" value="LibertySAMLToken"/> </provider-config>

   <provider-config class-name="com.sun.identity.agents.jsr196.as9soap.AMClientAuthModule" provider-id="AMClientProvider" provider-type="client"> <request-policy auth-source="content"/> <response-policy auth-source="content"/> <property name="providername" value="wsc"/> </provider-config>

   <provider-config class-name="com.sun.identity.agents.jsr196.as9soap.AMServerAuthModule" provider-id="AMServerProvider-UserNameToken" provider-type="server"> <request-policy auth-source="content"/> <response-policy auth-source="content"/> <property name="providername" value="UserNameToken"/> </provider-config>

   <provider-config class-name="com.sun.identity.agents.jsr196.as9soap.AMServerAuthModule" provider-id="AMServerProvider-LibertyX509Token" provider-type="server"> <request-policy auth-source="content"/> <response-policy auth-source="content"/> <property name="providername" value="LibertyX509Token"/> </provider-config>

   <provider-config class-name="com.sun.identity.agents.jsr196.as9soap.AMServerAuthModule" provider-id="AMServerProvider-LibertyBearerToken" provider-type="server"> <request-policy auth-source="content"/> <response-policy auth-source="content"/> <property name="providername" value="LibertyBearerToken"/> </provider-config>

   <provider-config class-name="com.sun.identity.agents.jsr196.as9soap.AMServerAuthModule" provider-id="AMServerProvider" provider-type="server"> <request-policy auth-source="content"/> <response-policy auth-source="content"/> <property name="providername" value="wsp"/> </provider-config>

4. Modify AMConfig.properties as follows:

   JAVA_HOME=/usr/java
   
   # AM Server Information
   # Protocol can be either http or https
   SERVER_PROTOCOL=amserver_protocol
   SERVER_HOSTNAME=amserver_host
   SERVER_PORT=amserver_port
   
   # Application username and password
   APPLICATION_USERNAME=amadmin
   APPLICATION_PASSWORD=admin123
   
   NAMING_URL=amserver_protocol://amserver_host:amserver_port/amserver/namingservice
   
   # Debug information
   DEBUG_LEVEL=error
   DEBUG_DIR=/tmp/amclient
   
   # Cookie information
   AM_COOKIE_NAME=iPlanetDirectoryPro
   
   # SAML xml signature keystore file, keystore password file,
   # key password file and Liberty trusted CA aliases.
   # path_to_file should be replaced by the appropriate value as below:
   # /javaee.home/addons/accessmanager for installations of Java Application Platform SDK 
   # (when Download or Download with JDK is selected), and /javaee.home/addons/amserver 
   # for installations of Java Application Platform SDK or Java EE 5 SDK Update 1 
   # (when Download with Tools is selected), and NetBeans Enterprise Pack 5.5 (when Download is selected).
   SAML_KEYSTORE=/path_to_file/amclientkeystore.jks
   SAML_STOREPASS=/path_to_file/.storepass
   SAML_KEYAPSS=/path_to_file/.keypass
   LIBERTY_TRUSTEDCA_ALIASES=amserver:<amserver_host>
   
   # Login URL and Authentication service URL for Liberty use case
   LOGIN_URL=amserver_protocol://amserver_host:amserver_port/amserver/UI/Login
   LIBERTY_AUTHSVC_URL=amserver_protocol://amserver_host:amserver_port/amserver/Liberty/authnsvc

   ---

   Note –

   The directory specified as a value for DEBUG_DIR in AMConfig.properties should be different than the one specified as the value for BASE_DIR in Installing Access Manager.

   ---

5. Restart the Application Server.