Sun Java System Access Manager Policy Agent 2.2 Guide for SAP Enterprise Portal 7.0 and Web Application Server 7.0

Previous: Post-Installation Steps Specific to Agent for SAP Enterprise Portal 7.0/Web Application Server 7.0
Next: Chapter 5 Managing Policy Agent 2.2 for SAP Enterprise Portal 7.0/Web Application Server 7.0

Conditional Post-Installation Steps for J2EE Agents in Policy Agent 2.2

Steps described in this section might be required, depending on your site's specific deployment.

Enabling URL Decoding for the SSO Token

The task that follows is required when Access Manager is deployed on Sun Java System Web Server.

To Enable URL Decoding for the SSO Token (Conditional)

Only perform this task when Access Manageris deployed on Sun Java System Web Server. The task involves editing a property in the J2EE agent AMAgent.properties configuration file.

Change to the location of the J2EE agent AMAgent.properties configuration file. For information about this file, see Location of the J2EE Agent Base Directory in Policy Agent 2.2.

Open the AMAgent.properties file.

Set the property com.sun.identity.agents.config.sso.decode to true.

Therefore, the property appears as follows when properly set:
```
com.sun.identity.agents.config.sso.decode = true
```

Save and close the J2EE agent AMAgent.properties configuration file.

Creating the Necessary URL Policies

If the agent is installed and configured to operate in the URL_POLICY mode, the appropriate URL policies must be created. The following examples demonstrate conceivable locations for resources that would need to have policies created for them.

Example 4–1 Configuring the Necessary URL Policies for SAP Enterprise Portal 7.0

If the agent is protecting SAP Enterprise Portal 7.0 at the /irj context URI using port 50000 with the HTTP protocol, at least one policy must be created to allow access to the following resource:

http://myhost.mydomain.com:50000/irj

Example 4–2 Configuring the Necessary URL Policies for SAP Web Application Server 7.0

If SAP Web Application Server 7.0 is available on port 8080 using HTTP protocol, at least one policy must be created to allow access to the following resource:

http://myhost.mydomain.com:8080/sampleApp/

where sampleApp is the context URI for the sample application.

For either of the preceding deployment containers, if no policies are defined and the agent is configured to operate in the URL_POLICY mode, then no user is allowed access to SAP Enterprise Portal 7.0/Web Application Server 7.0 resources. See Sun Java System Access Manager 7 2005Q4 Administration Guide to learn how to create these policies using the Access Manager Console or command-line utilities.

Creating the Necessary User Mappings

Regarding Agent for SAP Enterprise Portal 7.0/Web Application Server 7.0, user mapping must be created between Access Manager and the SAP Enterprise Portal 7.0/Web Application Server 7.0 instance. By default, the mapping is based on USER_ID. For this mapping, all users with an account in SAP Enterprise Portal 7.0/Web Application Server 7.0 must also be given an appropriate account in Access Manager.