test

Deployment Example 1: Access Manager 7.1 Load Balancing, Distributed Authentication UI, and Session Failover

ProcedureTo Install and Configure Web Policy Agent 1 on Protected Resource 1

Caution – Caution –

Due to a known problem with this version of the Web Policy Agent, you must start an X-display session on the server host using a program such as Reflections X or VNC, even though you use the command-line installer. For more information about this known problem, see On UNIX-based machines, all web agents require that the X11 DISPLAY variable be set properly. in Sun Java System Access Manager Policy Agent 2.2 Release Notes.

  1. As a root user, log into the ProtectedResource–1 host machine.

  2. Create a directory into which you can download the Web Server agent bits and change into it.


    # mkdir /export/WebPA1
# cd /export/WebPA1

  3. Download the web policy agent for Web Server from http://www.sun.com/download/.


    # ls -al

total 294548
drwxr-xr-x   2 root     root         512 Aug  7 13:23 .
drwxr-xr-x   3 root     sys          512 Aug  7 13:16 ..
-rw-r--r--   1 root     root     150719523 Aug  7 13:24 sjsws_v70_SunOS_agent.zip

  4. Unzip the downloaded file.


    # unzip sjsws_v70_SunOS_agent.zip

  5. Change the permissions for the resulting agentadmin binary.


    # cd /export/WebPA1/web_agents/sjsws_agent/bin
# chmod +x agentadmin

  6. Verify that crypt_util has execute permission before running the installer.


    # cd /export/WebPA1/web_agents/sjsws_agent/bin
# chmod +x crypt_util

  7. Create a temporary file for the password that will be required later during agent installation.


    # echo web4gent1 > /export/WebPA1/pwd.txt
# cat /export/WebPA1/pwd.txt

  8. Run the agent installer.


    # ./agentadmin --install

  9. When prompted, do the following.


    Do you completely agree with all the terms and 
conditions of this License Agreement (yes/no): [no]:

    Type yes and press Enter.

    		 

    *********************************************
Welcome to the Access Manager Policy Agent for 
Sun Java System Web Server If the Policy Agent is 
used with Federation Manager services, User needs to
enter information relevant to Federation Manager.
***************************************************
    		  

    Enter the complete path to the directory 
which is used by Sun Java System Web Server to 
store its configuration Files. This directory 
uniquely identifies the Sun Java System Web Server 
instance that is secured by this Agent.
[ ? : Help, ! : Exit ]
Enter the Sun Java System Web Server Config 
Directory Path [/var/opt/SUNWwbsvr7/
  https-ProtectedResource-1.example.com/config]:

    Type /opt/SUNWwbsvr/https-ProtectedResource-1.example.com/config and press Enter.

    		 

    Enter the fully qualified host name of 
the server where Access Manager Services are 
installed. [ ? : Help, < : Back, ! : Exit ]
Access Manager Services Host:

    Type LoadBalancer-3.example.com and press Enter.

    		 

    Enter the port number of the Server that 
runs Access Manager Services.
[ ? : Help, < : Back, ! : Exit ]
Access Manager Services port [80]:

    Type 9443 and press Enter.

    		 

    Enter http/https to specify the protocol 
used by the Server that runs Access Manager 
services. [ ? : Help, < : Back, ! : Exit ]
Access Manager Services Protocol [http]:

    Type https and press Enter.

    		 

    Enter the Deployment URI for Access Manager 
Services. [ ? : Help, < : Back, ! : Exit ]
Access Manager Services Deployment URI [/amserver]:

    Press Enter to accept the default /amserver.

    		 

    Enter the fully qualified host name on which 
the Web Server protected by the agent is installed.
[ ? : Help, < : Back, ! : Exit ]
Enter the Agent Host name:

    Type ProtectedResource-1.example.com and press Enter.

    		 

    Enter the preferred port number on which the 
Web Server provides its services.
[ ? : Help, < : Back, ! : Exit ]
Enter the port number for Web Server instance [80]:

    Type 1080 and press Enter.

    		 

    Select http or https to specify the protocol 
used by the Web server instance that will be protected 
by Access Manager Policy Agent.
[ ? : Help, < : Back, ! : Exit ]
Enter the Preferred Protocol for Web Server 
instance [http]:

    Press Enter to accept the default http.

    		 

    Enter a valid Agent profile name. Before 
proceeding with the agent installation, please ensure 
that a valid Agent profile exists in Access Manager.
[ ? : Help, < : Back, ! : Exit ]
Enter the Agent Profile name [UrlAccessAgent]:

    Type webagent-1 and press Enter.

    		 

    Enter the path to a file that contains the 
password to be used for identifying the Agent.
[ ? : Help, < : Back, ! : Exit ]
Enter the path to the password file:

    Type /export/WebPA1/pwd.txt and press Enter.

    		 

    -----------------------------------------
SUMMARY OF YOUR RESPONSES
-----------------------------------------------
Sun Java System Web Server Config Directory :
/opt/SUNWwbsvr/https-ProtectedResource-1.
  example.com/config
Access Manager Services Host : LoadBalancer-3.
  example.com
Access Manager Services Port : 9443
Access Manager Services Protocol : https
Access Manager Services Deployment URI : /amserver
Agent Host name : ProtectedResource-1.example.com
Web Server Instance Port number : 1080
Protocol for Web Server instance : http
Agent Profile name : webagent-1
Agent Profile Password file name : /export/WebPA1/
  pwd.txt

Verify your settings above and decide from the 
   choices below.
1. Continue with Installation
2. Back to the last interaction
3. Start Over
4. Exit
Please make your selection [1]:

    Type 1 and press Enter.

    		 

    Creating directory layout and configuring Agent 
file for Agent_001 instance ...DONE.

Reading data from file /export/WebPA1/pwd.txt and 
encrypting it ...DONE.

Generating audit log file name ...DONE.

Creating tag swapped AMAgent.properties file for 
instance Agent_001 ...DONE.

Creating a backup for file
/opt/SUNWwbsvr/https-ProtectedResource-1.example.com/
   config/obj.conf ...DONE.

Creating a backup for file
/opt/SUNWwbsvr/https-ProtectedResource-1.example.com/
   config/magnus.conf ...DONE.

Adding Agent parameters to
/opt/SUNWwbsvr/https-ProtectedResource-1.example.com/
   config/magnus.conf file ...DONE.

Adding Agent parameters to
/opt/SUNWwbsvr/https-ProtectedResource-1.example.com/
   config/obj.conf file ...DONE.


SUMMARY OF AGENT INSTALLATION
-----------------------------
Agent instance name: Agent_001
Agent Configuration file location:
/export/WebPA1/web_agents/sjsws_agent/Agent_001/
  config/AMAgent.properties
Agent Audit directory location:
/export/WebPA1/web_agents/sjsws_agent/Agent_001/
  logs/audit
Agent Debug directory location:
/export/WebPA1/web_agents/sjsws_agent/Agent_001/
  logs/debug

Install log file location:
/export/WebPA1/web_agents/sjsws_agent/logs/audit/
  install.log

Thank you for using Access Manager Policy Agent
    		 

  10. Modify the AMAgent.properties file.

    Tip –

    Backup AMAgent.properties before you modify it.

    1. Change to the config directory.


      # cd /export/WebPA1/web_agents/sjsws_agent/Agent_001/config

    2. Set the values of the following properties as shown.

      com.sun.am.policy.am.login.url = https://LoadBalancer-3.
   example.com:9443/amserver/UI/Login?realm=users
com.sun.am.load_balancer.enable = true

    3. Save the file and close it.

  11. Restart the Protected Resource 1 Web Server instance.


    # cd /opt/SUNWwbsvr/https-ProtectedResource-1.example.com/bin 
# ./stopserv; ./startserv 

server has been shutdown 
Sun Java System Web Server 7.0 B12/04/2006 10:15 
info: CORE3016: daemon is running as super-user info:
CORE5076: Using [Java HotSpot(TM) Server VM, Version 1.5.0_09]
  from [Sun Microsystems Inc.] 
info: HTTP3072: http-listener-1: http://ProtectedResource-1.example.com:1080
  ready to accept requests

  12. Log out of the ProtectedResource–1 host machine.