Use the following as your checklist for completing the Web Policy Agent 4 installation:
Import the root CA certificate into the Web Server 4 key store.
Verify that Web Policy Agent 4 can access the Federation Manager load balancer.
Log in to as a root user to Federation Manager 1 host.
Edit the AMAgent.properties file.
# cd /etc/opt/SUNWam/agents/es6/ config/_opt_SUNWwbsvr_https-ProtectedResource-4.siroe.com |
Make a backup of AMAgent.properties, and then set the following properties:
com.sun.am.policy.am.username = UrlAccessAgent com.sun.am.policy.am.password = BeVPgddAimR404ivWY6HPQ== com.sun.am.policy.agents.config.do_sso_only = true |
Add the following properties to the original file:
com.sun.am.ignore.naming.service = true |
(Optional) Set the debug property as in this example:
com.sun.am.log.level = all:5 |
Save the file.
Restart Web Server 4.
# cd /opt/SUNWwbsvr/https-ProtectedResource-4.siroe.com #./stop; ./start
Go to the following URL:
http://ProtectedResource-4.siroe.com:2080
Log in to Access Manager using the following information:
spuser
spuser
You should see the default index.html page for Web Server 4.
The Web Policy Agent on Protected Resource 4 connects to Federation Manager servers through Load Balancer 9. The load balancer is SSL-enabled, so the agent must be able to trust the load balancer SSL certificate in order to establish the SSL connection. To do this, import the root CA certificate that issued the Load Balancer 3 SSL server certificate into the Web Policy Agent certificate store.
Obtain the root CA certificate, and copy it to the Protected Resource 4 host. Copy the certificate into the file /export/software/ca.cert.
Copy the root CA certificate to Protected Resource 4.
Open a browser, and go to the Web Server 4 administration console.
http://ProtectedResource-4.siroe.com:8888
Log in to the Web Server 4 console using the following information:
admin
11111111
In the Select a Server field, select ProtectedResource-4.siroe.com, and then click Manage.
If a “Configuration files have not been loaded” message is displayed, it may be because the Web Server instance that is being accessed through the administration server has had its configuration files manually edited. This is the case when the Web Policy Agent is installed. The mirror configuration files are different from the current configuration files. In order to be sure the changes are not lost, you must apply the changes. First click Apply, and then click Apply Changes. The configuration files are read, and the server is stopped and restarted.
Click the Security tab.
On the Initialize Trust Database page, enter a Database Password.
Enter the password again to confirm it, and then click OK.
In the left frame, click Install Certificate and provide the following information, and then click OK:
Choose Trusted Certificate Authority (CA).
password
rootCA.cert
/export/software/ca.cert
Click Add Server Certificate.
Click Manage Certificates.
The root CA Certificate name rooCA.cert is included in the list of certificates.
Click the Preferences tab.
Restart Web Server 4.
On the Server On/Off page, click Server Off. When the server indicates that the administration server is off, click Server On.
Restart Web Server 4.
# cd /opt/SUNWwbsvr/https-ProtectedResource-4.siroe.com # ./stop; ./start
Go to the Protected Resource 4 URL:
http://ProtectedResource-4.siroe.com:2080/index.html |
Log into the Federation Manager console using the following information:
spuser
spuser
The policy agent redirects the request, and the URL changes to https://LoadBalancer-9.siroe.com:3443/federation/UI/Login. The default Sun ONE Web Server page is displayed. This verifies that the web policy agent is properly configured to access the Federation Manager load balancer.