test

Deployment Example 1: Access Manager 7.1 Load Balancing, Distributed Authentication UI, and Session Failover

ProcedureTo Configure Policy for Web Policy Agent 1 on Protected Resource 1

Use the Access Manager console to configure policy for Web Policy Agent 1. This policy will be used to verify that Web Policy Agent 1 is working properly.

Note –

You will modify this policy later when we add a load balancer in front of it.

  1. Access http://AccessManager-1.example.com:1080/amserver/UI/Login from a web browser.

  2. Log in to the Access Manager console as the administrator.

    Username

    amadmin

    Password

    4m4dmin1

  3. Create a referral policy in the top-level realm.

    1. Under the Access Control tab, click the top-level realm, example.

    2. Click the Policies tab.

    3. Click New Referral.

    4. On the New Policy page, provide the following information.

      Name:

      Referral URL Policy for users realm

      Active:

      Mark the Yes checkbox.

    5. On the same page, in the Rules section, click New.

    6. On the resulting page, select URL Policy Agent (with resource name) as a Service Type and click Next.

    7. Provide the following information on the resulting page:

      Name:

      URL Rule for ProtectedResource-1

      Resource Name:

      http://ProtectedResource-1.example.com:1080/*

    8. Click Finish.

    9. Back on the New Policy page, under the Referrals section, click New.

    10. Provide the following information on the New Referral — Sub Realm page.

      Name:

      Sub-Realm users

      Filter:

      Type an asterisk (*), and click Search.

      Value:

      In the list, choose users.

    11. Click Finish.

    12. Back on the New Policy page, click OK.

      Under the Policies tab for the example realm, you should see the policy named Referral URL Policy for users realm.

  4. Create a policy in the users realm.

    The users realm was previously created in 7.2 Creating and Configuring a Realm for Test Users.

    1. Click the Access Control tab.

    2. Under Realms, click users.

    3. Click the Policies tab.

    4. Click New Policy.

    5. On the New Policy page, provide the following information:

      Name:

      URL Policy for ProtectedResource-1

      Active:

      Mark the Yes checkbox.

    6. On the same page, in the Rules section, click New.

    7. Select a Service Type for the rule and click Next.

      URL Policy Agent (with resource name) is the only choice.

    8. On the resulting page, provide the following information:

      Name:

      URL Rule for ProtectedResource-1

      Resource Name:

      Click http://ProtectedResource-1.example.com:1080/*, listed in the Parent Resource Name list, to add it to the Resource Name field.

      GET:

      Mark this checkbox, and select Allow.

      POST:

      Mark this checkbox, and select Allow.

    9. Click Finish.

  5. Create a new subject in the users realm for testing.

    1. On the New Policy page, in the Subjects section, click New.

    2. Select Access Manager Identity Subject as the subject type and click Next.

    3. Provide the following information on the resulting page.

      Name:

      Test Subject

      Filter:

      Choose User and click Search. Two users are added to the Available list.

      Available:

      In the list, select Test User1 and click Add.

    4. Click Finish.

  6. Back on the New Policy page, click Create.

    Under the Policies tab, you should see the policy named URL Policy for ProtectedResource-1.

  7. Log out of the console.