8.8 Completing the J2EE Policy Agent 2 Installation

Use the following as your checklist for completing the J2EE Policy Agent 2 installation:

1. Modify the Application Server startup script.

2. Deploy the agent application.

3. Start the agent application.

4. Set up the agent authentication provider.

5. Edit the AMAgent.properties file.

To Modify the Application Server Startup Script

The J2EE Policy Agent installer creates a new file in the Application Server bin directory:

/usr/local/bea/user_projects/domains/ProtectedResource-2/
bin/setAgentEnv_ApplicationServer-2.sh

1. Make a backup of setDomainEnv.sh.

   # cd /usr/local/bea/user_projects/domains/ProtectedResource-2/bin/

2. In setDomainEnv.sh, insert the following at the end of the file:

   . /usr/local/bea/user_projects/domains/ProtectedResource-2/ bin/setAgentEnv_ApplicationServer-2.sh

   This command references the file the installer created in the Application Server bin directory.

3. Save the file.

4. Change permissions for the setAgentEnv_ApplicationServer-2.sh file:

   # chmod 755 setAgentEnv_ApplicationServer-2.sh

5. Start the Application Server administration server.

   # cd /usr/local/bea/user_projects/domains/ProtectedResource-2/bin # nohup ./startWebLogic.sh & # tail -f nohup.out

   Watch for startup errors.

To Deploy the Agent Application

1. Go to the following Application Server URL:

   http://ProtectedResource-2.example.com:7001/console

2. Log in to the Application Server console using the following information:

   Username:

   weblogic

   Password:

   w3bl0g1c

3. In the Application Server console, under Domain Structure, click Deployments.

4. On the Summary of Deployments page, click “Lock & Edit.”

5. Under Deployments, click Install.

6. On the Install Application Assistant page, click the protectedresource-2.example.com link.

7. In the list for Location: protectedresource-2.example.com, click the root directory.

   Navigate to the application directory: /opt/j2ee_agents/am_wl9_agent/etc/

8. Select agentapp.war, and then click Next.

9. In the Install Application Assistant page, choose “Install this deployment as an application,” and then click Next.

10. In the list of Servers, mark the checkbox for ApplicationServer-2, and then click Next.

11. In the Optional Settings page, click Next.

12. On the Summary of Deployments page, click Finish.

13. In the Change Center, click Activate Changes.

To Start the Agent Application

1. On the “Settings for agentapp” page, under Domain Structure, click Deployments.

2. On the Summary of Deployments page, mark the agentapp checkbox, and then click Start > Servicing All Requests.

3. On the Start Deployments page, clickYes.

   You may encounter a Javascript error. The agent application will not start until you start the Application Server.

To Set Up the Agent Authentication Provider

1. In the console, on the Summary of Deployments page, under Domain Structure, click Security Realms.

2. On the Summary of Security Realms page, in the Change Center click “Lock & Edit.”

3. Click the Realm name myrealm link.

4. On the “Settings for myrealm” page, click the Providers tab.

5. On the Providers tab, under Authentication Providers, click New.

6. On the Create a New Authentication Provider page, provide the following information:

   Name:

   Agent-1

   Type:

   AgentAuthenticator

7. Click OK.

   Agent-1 is now included in the list of Authentication Providers.

8. In the list of Authentication Providers, click Agent-1.

9. In the Settings for Authentication Providers page, verify that the Control Flag is set for OPTIONAL.

10. On the Settings for Agent-1 page, in the list of Authentication Providers, click DefaultAuthenticator.

11. On the Settings for DefaultAuthenticator page, set the Control Flag to OPTIONAL, and then click Save.

12. Return to the Providers page.

    In the navigation tree near the top of the page, click Providers.

13. Click Activate Changes.

To Edit the AMAgent.properties File

1. Make a backup of the following file:

   /opt/j2ee_agents/am_wl9_agent/agent_001/config/AMAgent.properties

2. In the AMAgent.properties file, set the following property:

   com.sun.identity.agents.config.bypass.principal[0] = weblogic

3. At end of the file, insert a new property.

   com.sun.identity.session.resetLBCookie='true'

   The default value for this property is false. You must add this property only if session failover has been configured for Access Manager. If session failover is not configured for Access Manager, and this property is added, it could impact performance negatively. If session failover is enabled for Access Manager, and this property is not added, then Access Manager sessions will still fail over, and the session failover functionality will work properly. However, the stickiness to the Access Manager server will not be maintained after failover occurs. Session stickiness to the Access Manager server helps performance. This property must be added to the AMConfig.properties file on the Access Manager servers, as well as to the AMAgent.properties for the J2EE Policy Agent servers. This property is not required for the Web Policy Agent servers. The Access Manager 7 2005Q4 Patch 3 in Sun Java System Access Manager 7 2005Q4 Release Notes Release Notes also references this property. See the sectionCR# 6440651: Cookie replay requires com.sun.identity.session.resetLBCookie property in Sun Java System Access Manager 7 2005Q4 Release Notes.

4. Save the file.