13.5 Completing the J2EE Policy Agent 4 Installation
The J2EE Policy Agent is not yet ready to begin working. A number of these tasks must be completed before the agent can do its job. Use the following as your checklist for completing the J2EE Policy Agents installation and configuration:
-
Deploy the sample agent application on Application Server 4.
-
Verify the use of the sample agent application on Application Server 4.
To Deploy the J2EE Policy Agent Housekeeping
Application
The J2EE Policy Agent uses the agent housekeeping application for notifications and other internal functionality. This application is bundled with the agent binaries.
-
As a root user, log into the Application Server 4 host.
-
Go to the following directory:
/export/j2ee-agents/am_as81_agent/etc
-
Run the following command:
# /opt/SUNWappserver/appserver/bin/asadmin deploy --user admin --password 11111111 --contextroot /agentapp agentapp.war Command deploy executed successfully.
To Enable the J2EE Policy Agent 4 to Run
in SSO-Only Mode
-
Go to the following directory:
/export/j2ee_agents/am_as81_agent/agent_001/config
Make a backup copy of AMagent.properties, and then modify the original AMagent.properties file.
-
Set the following property as in the example:
com.sun.identity.agents.config.filter.mode = SSO_ONLY
Federation Manager can run only in SSO-Only mode. In order to communicate with Federation Manager, the policy agent must also run in SSO-Only mode.
-
Add the following property
com.iplanet.am.naming.ignoreNamingService=true
When set to true, the policy agent ignores the Federation Manager naming service for session validation purposes. Instead, the policy agent uses the local naming service URL defined in the com.iplanet.am.naming.url property elsewhere in this file.
Save the file.
To Initialize the Application Server 4 Certificate
Database
Before You Begin
You must have access to the certutil command to complete this task. See 2.11 Obtaining and Using the Certificate Database Tool.
-
Log into the Protected Resource 4 host.
-
Copy into a temporary directory the root CA certificate from the Federation Manager load balancer.
For example, in this deployment example, the JDK keystore is in the following directory:
/usr/jdk/entsys-j2se/jre/lib/security
This directory contains the Federation Manager trusted CA files, including cacert.
-
Go to the following directory:
/var/opt/SUNWappserver/domains/domain1/config
This directory contains two files you will need. The files are named cert8.db and key3.db, and are installed by default with Application Server 8.1. By default, Application Server 8.1 uses the NSS certificate databases for SSL purposes. You must import the Federation Manager load balancer root CA certificate to this Application Server certificate database.
-
Obtain a copy of the Federation Manager 1 root CA certificate.
You can obtain a copy from the certificate issuer. Or you can copy the certificate stored on the Federation Manager 1 host.
In this deployment example, the Federation Manager 1 root CA certificate has already been copied to the following directory on Protected Resource 4:
/net/slapd/export/share/cacert
-
In the directory where you deployed the certutil utility, run the certutil command. Example:
# certutil -A -n rootCA -t T,c,c -i /net/slapd/export/share/cacert -d .
-
To verify that the certificate was properly initialized, list the certificates in the database:
# certutil -L -n rootCA -d .
A list of certificates is displayed, and the initialized certificate file is included in the list.
To Deploy the Sample Agent Application on
Application Server 4
-
As a root user, log into the Protected Resource 4 host.
-
Go to the following directory:
/export/j2ee_agents/am_as81_agent/sampleapp/dist
-
Run the deploy command:
//opt/SUNWappserver/appserver/bin/asadmin deploy --host localhost --port 4849 --user admin --password 11111111 --contextroot /agentsample --name agentsample agentsample.ear Command deploy executed successfully.
-
Restart Application Server 4.
# cd /opt/SUNWappserver/appserver/bin # ./asadmin stop-domain Domain domain1 stopped. # ./asadmin start-domain --user admin --password 11111111 Domain domain1 started.
To Verify the Use of the Sample Agent Application
on Application Server 4
- © 2010, Oracle Corporation and/or its affiliates