test

Sun OpenSSO Enterprise 8.0 Administration Guide

Creating New Agent Profiles and Groups

This section contains the following procedures.

ProcedureTo Create a New Agent Profile

You can create a new agent profile using the OpenSSO Enterprise console. Some of the individual steps documented do not apply to all agent profile types.

Before You Begin

This procedure assumes you are logged into the OpenSSO Enterprise console as the administrator; by default, amadmin.

  1. Under the Access Control tab, click the name of the realm in which you are creating the agent profile.

  2. Click the Agents tab.

  3. Select the tab for the appropriate agent type.

    • Web Agents

    • J2EE Agents

    • Web Service Provider Agents

    • Web Service Client Agents

    • STS Client Agent

    • 2.2 Agents

    • Agent Authenticator

  4. In the Agent section, click New.

    The STS Client agent profile displays a pop-up from which you choose the token agent type: Discovery or STS. For more information, see STS Client in Sun OpenSSO Enterprise 8.0 Administration Reference.

  5. In the Name field, enter the name for the new agent profile.

  6. Enter and confirm the Password.

    Caution – Caution –

    For web policy agents only, this password must be the same password that you enter in the agent profile password file that you specify when you run the agentadmin program to install the agent.

    Steps 7–9 Apply to Web and J2EE policy agents only.

  7. For Web and J2EE policy agents only, configure using the following sub procedure.

    For other agent profile types, configure the attributes as documented in Chapter 5, Centralized Agent Configuration Attributes, in Sun OpenSSO Enterprise 8.0 Administration Reference.

    1. Select Local or Centralized configuration.

      When local configuration is selected, the properties related to this agent cannot be edited using the console. In such a scenario, the agent retrieves configuration data from the local (to the installed agent) OpenSSOAgentBootstrap.properties and OpenSSOAgentConfiguration.properties files in the agent installation directory. Property values for the locally configured agents are modified directly in the OpenSSOAgentConfiguration.properties file.

    2. In the Server URL field, enter the OpenSSO Enterprise server URL.

      For example:

      http://OpenSSO-Host.example.com:8080/OpenSSO

    3. In the Agent URL field, enter the URL for the agent application, agentapp.

      • For a web policy agent: http://Agent-Host.example.com:8090

      • For a J2EE policy agent: http://Agent-Host.example.com:8090/agentapp

  8. Click Create.

    The agent profile is created. To do additional configurations for the agent profile, click the profile name to display the Edit agent page. Agent attribute descriptions are listed and defined in Chapter 5, Centralized Agent Configuration Attributes, in Sun OpenSSO Enterprise 8.0 Administration Reference.

ProcedureTo Create a New Group

Agents can inherit properties from their group. For example, web policy agents can inherit properties from a web policy agent group.

Caution – Caution –

The Group functionality is not supported with the web services and STS Client Agent Profiles.

Before You Begin

This procedure assumes you are logged into the OpenSSO Enterprise console as the administrator; by default, amadmin.

  1. Under the Access Control tab, click the name of the realm to which the group will belong.

  2. Click the Agents tab.

  3. Select the tab for the appropriate agent type.

  4. In the Group section, click New.

  5. Enter a name for the new group.

  6. Enter the OpenSSO Enterprise Server URL (for Web and J2EE policy agents only).

    For example, http://OpenSSO-Host.example.com:8080/OpenSSO Enterprise. For other agent profile types, configure the attributes as documented in Chapter 5, Centralized Agent Configuration Attributes, in Sun OpenSSO Enterprise 8.0 Administration Reference.

  7. Click Create.

    The agent group is created. To do additional configurations for the agent group, click the group name to display the Edit Group page. Attribute descriptions are listed and defined in Chapter 5, Centralized Agent Configuration Attributes, in Sun OpenSSO Enterprise 8.0 Administration Reference. (The properties you can set for a group are almost the same as those for an individual agent; the Group, Password, and Password Confirm properties are not available at the group level.)

    Caution – Caution –

    Some group properties have variable values assigned that, in most cases, should not be changed. @AGENT_PROTO@://@AGENT_HOST@:@AGENT_PORT@/amagent is an example of such a value.

ProcedureTo Modify an Agent Profile to Inherit Properties From a Group

The Group functionality is not supported with the web services and STS Client Agent Profiles.

Before You Begin

This procedure assumes you are logged into the OpenSSO Enterprise console as the administrator (by default, amadmin) and the group has been created. See To Create a New Group.

  1. Under the Access Control tab, click the name of the realm to which the agent belongs.

  2. Click the Agents tab.

  3. Select the tab for the appropriate agent type.

  4. Click the name of the agent profile you want to modify.

  5. elect the name of the group from which you want the agent to inherit properties as a value for the Group attribute under the Global tab.

  6. Click Save.

    At the top of the page, the Inheritance Settings button becomes active.

  7. Click Inheritance Settings.

    A list of inheritance settings for the Global tab appears in alphabetical order.

  8. Select the properties that you want the agent to inherit from the group.

    At the top of the page, the Inheritance Settings button becomes active.

  9. Click Save.

Next Steps

This task just describes how to change the inheritance settings for properties listed in the Global tab. For the inheritance settings of properties listed in the other tabs (such as Application and SSO), click the desired tab and edit the inheritance settings in the same manner described in the preceding steps.