The CDC Servlet can coexist with a Distributed Authentication UI server in the DMZ to enable Cross-Domain Single Sign-On (CDSSO). The Access Manager server can be deployed behind a firewall, and all access to Access Manager to achieve CDSSO is handled by the CDC Servlet in the Distributed Authentication UI server. To enable CDSSO, refer to the specific policy agent documentation and perform these additional steps:
Modify the agent's AMAgent.properties file to point to the CDC Servlet on the Distributed Authentication side (client). For example, for web agents, change the following property:
com.sun.am.policy.agents.config.cdcservlet.url= http://DAhost.DAdomain:DAport/DISTAUTH_DEPLOY_URI/cdcservlet
Define policies as necessary in Access Manager for resources that need to be protected by the agent. For example, if agent is at host.example.com:80, define a policy for the resource as http://host.example.com:80/*.