This section describes how to reset the shared secret. The web agent stores the shared secret in the web agent AMAgent.properties configuration file.
If you are only interested in resetting the shared secret, not the agent profile name, continue reading this section. If you are interested in creating or updating the agent profile in Access Manager Console and then updating the same credential information in the web agent, see Chapter 5, Relationship Between the Agent Profile and Web Agents. The steps described in that chapter are comprehensive, integrating the simpler steps described in this section.
The chapter mentioned in the preceding paragraph also provides a useful explanation of the process and terminology related to the credentials used by web agents to authenticate with Access Manager. Refer to that chapter for more information.
This section specifically describes how to change the shared secret in web agents. The following situations might require you to reset the shared secret:
You entered the shared secret incorrectly during web agent installation.
You have been using the default shared secret, which is the amldapuser password, but this password has since been changed.
The value for the property com.sun.am.policy.am.password in the web agent AMAgent.properties configuration file is set with the encrypted shared secret during web agent installation. Therefore, if the shared secret is entered incorrectly during installation, the preceding property is assigned an incorrect value, preventing the web agent from authenticating with Access Manager.
To reset or change the shared secret, use the encryption utility to encrypt the shared secret and then set the value in the property as described in the following platform-specific tasks (follow the steps according to the platform on which the agent is installed).
Go to the following directory:
PolicyAgent-base/bin
Execute the following script in the command line:
# ./crypt_util shared-secret
where shared-secret represents the password, that along with the agent user name, allows the web agent to authenticate with Access Manager. The default value of the shared secret is the password of the Access Manager internal LDAP authentication user. This user is commonly referred to as amldapuser.
Copy the output obtained after issuing the # ./crypt_util shared-secret command and paste it as the value for the following property:
com.sun.am.policy.am.password |
Restart the deployment container and try accessing any resource protected by the agent.
If the agent gets redirected to Access Manager, this indicates the above steps were executed properly.
Go to the following directory:
PolicyAgent-base\\bin |
Execute the following script in the command line
cryptit shared-secret
where shared-secret represents the password, that along with the agent user name, allows the web agent to authenticate with Access Manager. The default value of the shared secret is the password of the Access Manager internal LDAP authentication user. This user is commonly referred to as amldapuser.
Copy the output obtained after issuing the cryptit shared-secret command and paste it as the value for the following property:
com.sun.am.policy.am.password |
Restart the deployment container and try accessing any resource protected by the agent.
If the agent gets redirected to Access Manager, this indicates the above steps were executed properly.
Go to the following directory:
PolicyAgent-base/bin |
Execute the following script in the command line:
crypt_util shared-secret
where shared-secret represents the password, that along with the agent user name, allows the web agent to authenticate with Access Manager. The default value of the shared secret is the password of the Access Manager internal LDAP authentication user. This user is commonly referred to as amldapuser.
Copy the output obtained after issuing the crypt_util shared-secret command and paste it as the value for the following property:
com.sun.am.policy.am.password
Restart the deployment container and try accessing any resource protected by the agent.
If the agent gets redirected to Access Manager, this indicates the above steps were executed properly.