CDC Servlet can be deployed on a Distributed Authentication UI server (Sun Java System Access Manager 7 2005Q4 Release Notes)

Sun Java System Access Manager 7 2005Q4 Release Notes

Previous: Support for specific application idle session timeout values
Next: Realm can be specified when CDC servlet redirects to the Access Manager login URL

CDC Servlet can be deployed on a Distributed Authentication UI server

The CDC Servlet can coexist with a Distributed Authentication UI server in the DMZ to enable Cross-Domain Single Sign-On (CDSSO). The Access Manager server can be deployed behind a firewall, and all access to Access Manager to achieve CDSSO is handled by the CDC Servlet in the Distributed Authentication UI server. To enable CDSSO, refer to the specific policy agent documentation and perform these additional steps:

Modify the agent's AMAgent.properties file to point to the CDC Servlet on the Distributed Authentication side (client). For example, for web agents, change the following property:
```
com.sun.am.policy.agents.config.cdcservlet.url=
    http://DAhost.DAdomain:DAport/DISTAUTH_DEPLOY_URI/cdcservlet
```
Define policies as necessary in Access Manager for resources that need to be protected by the agent. For example, if agent is at host.example.com:80, define a policy for the resource as http://host.example.com:80/*.