test

Sun Java System Access Manager Policy Agent 2.2 Guide for BEA WebLogic Server/Portal 10

Installing and Configuring the WebLogic Server/Portal 10 Agent With Access Manager 6.3

Although the WebLogic Server/Portal 10 agent is intended to be used with Access Manager 7.1, you can configure the agent to function with Access Manager 6 2005Q1 (6.3) patch 1 or later. However, some of the Access Manager 7.1 features, such as composite advices and policy-based response attributes, are not available in Access Manager 6.3.

Caution – Caution –

For the WebLogic Server/Portal 10 agent to function properly with Access Manager 6.3, patch 1 or greater must be applied to the Access Manager 6.3 instance.

ProcedureTo Install and Configure the WebLogic Server/Portal 10 Agent With Access Manager 6.3

  1. Ensure that the Access Manager 6.3 instance has been updated with patch 1 or later.

  2. Create an agent profile in the Access Manager 6.3 Console for the WebLogic Server/Portal 10 agent.

    Save the agent profile information to use during agent installation in the next step. For information about creating the agent profile in Access Manager 6.3, see Chapter 4, Identity Management, in the Sun Java System Access Manager 6 2005Q1 Administration Guide.

  3. Install the WebLogic Server/Portal 10 agent, providing details for the Access Manager 6.3 instance.

    For more information, see Chapter 3, Installing the Policy Agent for WebLogic Server/Portal 10.

  4. Change to the PolicyAgent-base/lib directory.

  5. Download the amclientsdk63.jar and fmclientsdk.jar files to the PolicyAgent-base/lib directory from the OpenSSO Project site:

    https://opensso.dev.java.net/public/use/stablebuilds.html

  6. Edit the classpath in the setAgentEnv_server-instance.sh UNIX script or setAgentEnv_server-instance.cmd Windows script to specify the files you downloaded in the previous step:

    • PolicyAgent-base/lib/amclientsdk63.jar;

    • PolicyAgent-base/lib/fmclientsdk.jar;

    Important: You must remove PolicyAgent-base/lib/famclientsdk.jar; from the classpath.

  7. In the AMAgent.properties file, replace com.sun.identity.agents.config.privileged.attribute.mapping[id\=... with com.sun.identity.agents.config.privileged.privileged.attribute.mapping[cn\=... in the privileged attribute processing properties. For example:

    com.sun.identity.agents.config.privileged.attribute.mapping
    [cn\=manager,dc\=example,dc\=com] = am_manager_role
com.sun.identity.agents.config.privileged.attribute.mapping
    [cn\=employee,dc\=example,dc\=com] = am_employee_role

    These examples require the backslash (\) as an escape character before the equal signs (=).

    For more information, see Mapping Access Manager Roles to Principal Names and Privileged Attribute Processing Properties.