Sun Java System Access Manager Policy Agent 2.2 Guide for BEA WebLogic Server/Portal 9.2

Configuring FQDN Handling in J2EE Agents

To ensure appropriate user experience, the use of valid URLs by users to access resources protected by the agent must be enforced. This functionality is controlled by three separate properties:

com.sun.identity.agents.config.fqdn.check.enable

Enables FQDN

com.sun.identity.agents.config.fqdn.default

Stores the default FQDN value

com.sun.identity.agents.config.fqdn.mapping[]

Sets FQDN mapping

The configuration property for the default FQDN provides the necessary information needed by the agent to identify if the user is using a valid URL to access the protected resource. If the agent determines that the incoming request does not have a valid hostname in the URL, it redirects the user to the corresponding URL with a valid hostname. The difference between the redirect URL and the URL originally used by the user is only the hostname, which is now changed by the agent to a fully qualified domain name (FQDN) as per the value specified in this property.

The property FQDN Map provides another way by which the agent can resolve malformed access URLs used by the users and take corrective action. The agent gives precedence to entries defined in this property over the value defined in the default FQDN property. If none of the entries in this property matches the hostname specified in the user request, the agent uses the value specified for default FQDN property to take the necessary corrective action.

The FQDN Map property can be used for creating a mapping for more than one hostname. This can be done when the deployment container protected by this agent can be accessed using more than one hostname. As an example, consider a protected deployment container that can be accessed using the following host names:

In this case, assuming that www.externalhostname.com is the default FQDN, then the FQDN Map can be configured as follows to allow access to the application for users who will use the hostname internalhostname.interndomain.com or the raw IP address, say 192.101.98.45:


com.sun.identity.agents.config.fqdn.mapping [internalhostname.interndomain.com] = 
internalhostname.interndomain.com

com.sun.identity.agents.config.fqdn.mapping [192.101.98.45] = 192.101.98.45