Policy Agent 2.2: Problem Accessing Identities With IBM WebSphere Administration Console (Sun Java System Access Manager Policy Agent 2.2 Release Notes)

Sun Java System Access Manager Policy Agent 2.2 Release Notes

Previous: The Key New Properties Added for Policy Agent 2.2-01 J2EE Agents
Next: Policy Agent 2.2–01: Overview of Fix for IBM WebSphere Administration Console Access Problem

Policy Agent 2.2: Problem Accessing Identities With IBM WebSphere Administration Console

In Policy Agent 2.2, the custom registry added by the agents for IBM WebSphere Application Server did not allow the IBM WebSphere Administration Console to access the users, roles and group identities in the Access Manager identity repository.

The respective guides, Sun Java System Access Manager Policy Agent 2.2 Guide for IBM WebSphere Application Server 5.1.1 and Sun Java System Access Manager Policy Agent 2.2 Guide for IBM WebSphere Application Server 6.0 provide tasks that allow you to add J2EE roles for authorization: manually editing admin-authz.xml or executing agentadmin --setGroup option. However, those tasks do not work in an IBM WebSphere cluster deployment. Furthermore, those tasks are error prone and should be avoided.

After you implement the instructions in To Install and Configure Policy Agent 2.2–01 for IBM WebSphere Application Server, you can solely use IBM WebSphere Administration Console to map the local users and groups to Access Manager roles, groups and users.