Setting Up a Client Identity
Some of the Access Manager components such as SAML, User Management, Policy, require an identity for the client. The client application reads configuration data to identify the client. You can set up the identity for the client in one of two ways:
-
Set username and password properties can be authenticated
-
Set an SSO Token Provider
Note –
Some of the configuration attributes (such as password) are encrypted and stored in the data store as an Encryption/Decryption Key. If such attributes have to be decrypted by the client, the property must be set, and must be the same as that of the Access Manager Server.
This value is generated at installation time and stored in the following file:
- Solaris
-
/etc/opt/SUNWam/config/AMConfig.properties
- Linux
-
/etc/opt/sun/identity/AMConfig.properties
- Windows
-
AccessManager-base\identity\config\AMConfig.properties
- HP-UX
-
/etc/opt/sun/identity/config/AMConfig.properties
To Set Username and Password Properties
The following properties can be used to set the username and password that can be used by client SDK to obtain the configuration parameters. The authenticated username should have permissions to read the configuration data for SAML and User Management.
-
The property to provide the user name is: com.sun.identity.agents.app.username
-
The property to provide the plain text password is: com.iplanet.am.service.password
For scenarios where plain text password would be security concern, an encrypted password can be provided using the property: com.iplanet.am.service.secret.
If an encrypted password is provided, the encryption key must also be provided using the property: am.encryption.pwd.
To Set an SSO Token Provider
Set the following property: com.sun.identity.security.AdminToken
This provides an implementation for the interface, which returns the following single sign-on (SSO) token: com.sun.identity.security.AppSSOTokenProvider.
- © 2010, Oracle Corporation and/or its affiliates