test

Deployment Example 1: Access Manager 7.1 Load Balancing, Distributed Authentication UI, and Session Failover

ProcedureTo Configure Policy for the Web Policy Agents Using Access Manager

Use the Access Manager console to configure policy for the Web Policy Agents.

  1. Access the Access Manager server, http://AccessManager-1.example.com:1080/amserver/UI/Login, from a web browser.

  2. Log in to the Access Manager console as the administrator.

    Username

    amadmin

    Password

    4m4dmin1

  3. Modify the referral policy for access to Load Balancer 5.

    1. On the Access Control tab, click the top-level realm example.

    2. Click the Policies tab.

    3. Click the Referral URL Policy for users realm link.

    4. On the Edit Policy page, under Rules, click New.

    5. On the resulting page, select URL Policy Agent (with resource name) and click Next.

      This selection is used to define policies that protect HTTP and HTTPS URLs.

    6. On the resulting page, provide the following information:

      Name:

      URL Rule for LoadBalancer-5

      Resource Name:

      http://LoadBalancer-5.example.com:90/*

    7. Click Finish.

    8. On the resulting page, click Save.

      The new rule is in the Rules list.

  4. Create a policy in the users sub-realm.

    1. On the Access Control tab, click the users link.

    2. Click the Policies tab, and then New Policy.

    3. In the Name field, enter URL Policy for LoadBalancer-5.

    4. Under Rules, click New.

    5. On the resulting page, accept the default URL Policy Agent (with resource name) and click Next.

    6. On the resulting page, provide the following information:

      Name:

      LoadBalancer-5.

      Parent Resource Name:

      In the list, select http://LoadBalancer-5.example.com:90/*.

      Resource Name:

      http://LoadBalancer-5.example.com:90/* is automatically entered when you select the Parent Resource Name.

      GET

      Mark this checkbox and select Allow.

      POST

      Mark this checkbox and select Allow.

    7. Click Finish.

    8. On the New Policy page again, under Subjects, click New.

    9. On the resulting page, verify that Access Manager Identity Subject is selected, and click Next.

    10. On the resulting page, provide the following information:

      Name:

      LoadBalancer-5_Groups

      Filter:

      In the drop-down list, select Group and click Search.

      The search returns a list of available groups.

    11. Select Employee-Group and Manager-Group and click Add.

      The Employee-Group and Manager-Group groups are in the Selected List.

    12. Click Finish.

    13. On the resulting page, click OK.

    The policy you just created is now included in the list of Policies.

  5. Log out of the Access Manager console and close the browser.