Post-Installation Tasks for the Agent on WebLogic Portal 10

This section provides and directs you to post-installation information and instructions applicable to WebLogic Portal 10. Many of the instructions are the same for WebLogic Server 10 and WebLogic Portal 10 When the information is the same, you are referred back to Chapter 4, Post-Installation Tasks for the WebLogic Server/Portal 10 Agent. When information is specific to WebLogic Portal 10, it is provided in this section.

This post-installation section addresses the following topics:

• Portal: Common Post-Installation Steps for All J2EE Agents in Policy Agent 2.2

• Configuring WebLogic Portal 10 Instance With Agent Classpath and Agent Java Options

• Portal: Configuring the Agent Authentication Provider on Agent for WebLogic Portal 10

• Portal: Adding a WebLogic Administrator to the Bypass List of Agent for WebLogic Server/Portal 10

• Configuring the Agent Filter Modes Applicable to WebLogic Portal 10

• Setting Logout-Related Properties for the Sample Portal

• Verifying Users in the WebLogic Portal 10 User Repository

• Portal: Installing the Agent Filter for the Deployed Application on Agent for WebLogic Server/Portal 10

• Portal: Deploying the Agent Application

• About Portal Users in WebLogic Portal 10 Administrator

• Testing the Deployment of Policy Agent 2.2 on WebLogic Portal 10

Portal: Common Post-Installation Steps for All J2EE Agents in Policy Agent 2.2

After you have performed the applicable installation-related tasks described in Implications of Specific Deployment Scenarios for the WebLogic Server/Portal 10 Agent, perform the common post-installation steps for all J2EE agents.

For information on these steps, refer to Post-Installation Steps for the WebLogic Server/Portal 10 Agent.

Configuring WebLogic Portal 10 Instance With Agent Classpath and Agent Java Options

The basic steps involved in this task are the same for WebLogic Portal 10 and for WebLogic Server 10. The instructional information that follows consists of the most important information required to configure agent classpath and agent Java options specifically for WebLogic Portal 10. For complete instructions, see Configuring WebLogic Server/Portal 10 Instance With the Agent Classpath and Agent Java Options.

To Configure WebLogic Portal 10 Instance With Agent Classpath and Agent Java Options

1. Access and edit the appropriate start up script in the manner illustrated by the following examples:

   where DeployContainer-base represents the directory in which WebLogic Server/Portal 10 was installed.

   • UNIX Platforms

     The file to access:

     DeployContainer-base/wlserver_10.0/samples/domains/portal/bin/startWeblogic.sh

     The information to be added:

     DeployContainer-base/samples/domains/portal/setAgentEnv_${SERVER_NAME}.sh

     The line after which to add the information:

     . ${DOMAIN_HOME}/bin/setDomainEnv.sh $*

   • Windows Platforms

     The file to access:

     DeployContainer-base\wlserver_10.0\samples\domains\portal\bin\startWeblogic.cmd

     The information to be added:

     call DeployContainer-base\wlserver_10.0\samples\domains\portal\setAgentEnv_%SERVER_NAME%.cmd

     The line after which to add the information:

     call "%DOMAIN_HOME%\bin\setDomainEnv.cmd" %*

Portal: Configuring the Agent Authentication Provider on Agent for WebLogic Portal 10

The task describing how to configure the agent Authentication Provider specifically for this agent on WebLogic Portal 10 follows subsequently. However, if you want more background information about the task, seeConfiguring the Agent Authentication Provider for the WebLogic Server/Portal 10 Agent.

To Configure the Agent Authentication Provider Specifically for WebLogic Portal 10

1. Log in to the WebLogic Portal 10 Administration Console.

2. In the left pane, under Domain Structure and under the host name of the server you are configuring, click “Security realm.”

3. In the right pane, click the name of the realm you are configuring.

4. Click Providers.

5. Click the Authentication tab.

6. In the left pane, click Lock & Edit.

7. In the right pane, click New.

8. Specify Type as AgentAuthenticator.

9. Specify Name with a name of your choice.

10. Click OK.

11. Click the newly created policy agent authentication provider.

12. Change the control flag value to OPTIONAL

13. Click Save.

14. Click Providers.

    The Authentication Providers Table appears.

15. Click SQLAuthenticator

16. Change the control flag to OPTIONAL.

17. Click Save.

18. Click the Providers tab.

19. Click SAMLAuthenticator

20. Change the control flag to OPTIONAL.

21. Click Save.

22. In the left pane, click Activate changes.

23. After you are finished, restart the server for the changes to take effect.

The Default Security Realm

If you choose to create a new security realm instead of using the default security realm to configure the agent, ensure that the control flag value for the Agent Authenticator and any additional authentication providers are set to OPTIONAL.

Portal: Adding a WebLogic Administrator to the Bypass List of Agent for WebLogic Server/Portal 10

For information on this topic, see Adding a WebLogic Administrator to the Bypass List of Agent for WebLogic Server/Portal 10.

Configuring the Agent Filter Modes Applicable to WebLogic Portal 10

The agent filter modes that apply to Agent for WebLogic Server/Portal 10 differ between WebLogic Portal 10 and WebLogic Server 10. The key difference being that SSL_ONLY and URL_POLICY are not applicable to WebLogic Portal 10.

If you are using WebLogic Portal 10 solely to apply SSO, you cannot use the SSL_ONLY filter mode. The correct mode to use in this scenario is the J2EE_POLICY mode.

Similarly, if you are using the WebLogic Portal 10 to protect URLs, such as portal JSP files, from being accessed directly, you cannot use the URL_POLICY filter mode. The correct mode to use in this scenario is the ALL mode.

These settings might seem counterintuitive, but they are the correct modes given that the SSL_ONLY mode and the URL_POLICY mode are inoperable with WebLogic Portal 10.

The following task describes how to set the appropriate properties in the J2EE agent AMAgent.properties configuration file. The instructions that follow describe how to set the filter mode to J2EE_POLICY mode and ALL mode. The instructions do not include information about setting the filter mode to none, which is set in the same manner for both WebLogic Portal 10 and WebLogic Server 10 as described in J2EE Agent Filter Modes.

To Configure Agent Filter Modes Applicable to WebLogic Portal 10

1. Using the text editor of your choice, access the J2EE agent AMAgent.properties configuration file.

   The following path serves as an example of the path to the J2EE agent AMAgent.properties configuration file:

   PolicyAgent-base/Agent_001/AMAgent.properties

2. Edit the filter mode to match your site's requirements.

   Therefore, edit the following property:

   com.sun.identity.agents.config.filter.mode

   The following alternatives indicate how to set the property to J2EE_POLICY or All.

   • To set the value of the property to J2EE_POLICY.

     com.sun.identity.agents.config.filter.mode = J2EE_POLICY

     This setting is appropriate if your site is using the WebLogic Portal 10 instance solely for enabling SSO.

   • To set the value of the property to All.

     This setting is appropriate if the WebLogic Portal 10 instance is to be protected by an Access Manager policy.

     com.sun.identity.agents.config.filter.mode = ALL

     ---

     Note –

     When creating an Access Manager policy to protect the WebLogic Portal 10 instance, define the policy to give permission to only public portal URLs, such as the following:

     http://agentHost.example.com:7041/groupspace/

     http://agentHost.example.com:7041/groupspace/groupspace.jsp

     ---

Next Steps

Since forthcoming tasks require you to configure the J2EE agent AMAgent.properties configuration file, you can keep the file open at this time.

Setting Logout-Related Properties for the Sample Portal

Agent for WebLogic Server/Portal 10 comes with a sample portal named groupspace. The task that follows involves configuring logout-related properties in the J2EE agent AMAgent.properties configuration file for the sample portal.

To Set Logout-Related Properties for the Sample Portal

1. (Conditional) If the J2EE agent AMAgent.properties configuration file is not currently open, access it now using the text editor of your choice.

2. Set the properties related to logging out.

   As indicated in the substeps that follow, locate the respective properties in the file and set them as shown.

   1. Set the following property as such:

      com.sun.identity.agents.config.logout.uri[groupspace] = /groupspace/communityFiles/shell/logout.jsp

   2. Set the following property as such:

      com.sun.identity.agents.config.logout.request.param[groupspace] = logout

   3. Set the following property as such:

      com.sun.identity.agents.config.logout.introspect.enabled = true

3. (Conditional) If you are finished editing the J2EE agent AMAgent.properties configuration file, save and close the file.

Verifying Users in the WebLogic Portal 10 User Repository

You can further enforce security by configuring the agent to verify users in the WebLogic Portal 10 user repository. This is accomplished by editing the J2EE agent AMAgent.properties configuration file as explained in the following task description.

To Verify Users in the WebLogic Portal 10 User Repository

Before You Begin

If the J2EE agent AMAgent.properties configuration file is not currently open, access it now using the text editor of your choice. Also, once you complete this task, if you are then finished editing the J2EE agent AMAgent.properties configuration file, save and close the file.

1. Locate the respective property in the file and set it in a manner similar to that shown.

   The following example illustrates how this property is set for the sample portal:

   com.sun.identity.agents.config.verification.handler[groupspace] =
    com.sun.identity.agents.weblogic.v10.AmWLPortalVerificationHandler

Portal: Installing the Agent Filter for the Deployed Application on Agent for WebLogic Server/Portal 10

The instructional information that follows consists of the most important information required for the configuration of the web.xml file. For a more thorough explanation, see Installing the Agent Filter for the WebLogic Server/Portal 10 Agent.

As consistent with the rest of this appendix, this section specifies the sample portal as the application whose deployment descriptor is modified.

The following is a conceivable location for the web.xml file for the sample portal:

/usr/local/bea/wlserver_10.0/samples/portal/portalApp/groupspaceSampleWeb/WEB-INF

To Install the Agent Filter for the Deployed Application Specifically for WebLogic Portal 10

1. Edit the application's web.xml descriptor by adding the <filter> elements.

   Add the <filter>, <filter-mapping>, and <dispatcher> elements as the first filter element in the web.xml descriptor. For example:

   <web-app> ... <filter> <filter-name>Agent</filter-name> <filter-class>com.sun.identity.agents.filter.AmAgentFilter</filter-class> </filter> <filter-mapping> <filter-name>Agent</filter-name> <url-pattern>/*</url-pattern> <dispatcher>REQUEST</dispatcher> <dispatcher>INCLUDE</dispatcher> <dispatcher>FORWARD</dispatcher> <dispatcher>ERROR</dispatcher> </filter-mapping> ... </web-app>

   Important: Make sure that this filter element is the first element in the descriptor.

Portal: Deploying the Agent Application

For WebLogic Portal 10, deploy the Agent application at this point in the configuration by following the steps in Deploying the Agent Application.

About Portal Users in WebLogic Portal 10 Administrator

Before configuring the agent, you should create the same users in Access Manager as exist in the WebLogic Portal 10. If users in Access Manager have different names than the names in WebLogic Portal 10, you must establish user mapping by setting the user mapping properties in the J2EE agent AMAgent.properties configuration file. See User Mapping Properties for more information.

Testing the Deployment of Policy Agent 2.2 on WebLogic Portal 10

The following instructions lead you through a variety of broadly-defined tasks that serve as a test of the basic functionality of this deployment, which includes the following software components:

• WebLogic Portal 10

• Access Manager

• Agent for WebLogic Server/Portal 10

To Test the Deployment of Policy Agent 2.2 on WebLogic Portal 10

1. Create a user with user ID of chris in both WebLogic Portal Administration Console and in Access Manager Console.

2. (Conditional) If the agent filter mode is set to ALL, create the proper Access Manager policies for the portal URLs where chris is the user.

   Therefore, perform the preceding instructions in this step if the following property from J2EE agent AMAgent.properties configuration file is set as such:

   com.sun.identity.agents.config.filter.mode = ALL

3. Using a browser, enter and submit the URL of the sample portal.

   The following URL is a conceivable URL for the sample portal.

   http://agentHost.example.com:7041/groupspace/groupspace.jsp

4. Login with the user ID of chris.

   The sample portal home page should appear.

5. Click GS Example Community.

   The portal web page appears.

6. Click Logout.