Mapping Access Manager Roles to Principal Names

If you are using this agent for WebLogic Server 10 and the agent is set to the J2EE_POLICY filter mode, map Access Manager roles to the principal names in the respective application's deployment descriptor file(s):

• weblogic.xml

• weblogic-ejb-jar.xml

This section does not ally to WebLogic Portal 10.

Access Manager roles are represented in UUIDs. Ensure that the keys in the mapping are UUIDs corresponding to your site's Access Manager installation. A UUID for an Access Manager role is mapped to the respective principal name in the weblogic.xml or weblogic-ejb-jar.xml file. Specifically, the principal name is located within the <principal-name> element. Mapping is established by setting the com.sun.identity.agents.config.privileged.attribute.mapping[] property in the J2EE agent AMAgent.properties configuration file.

For more information, see:

• agentadmin --getUuid command

• Installing the Agent Filter for the WebLogic Server/Portal 10 Agent

Starting with WebLogic 9.0, a principal name in the weblogic.xml file or weblogic-ejb-jar.xml file must use the NMTOKEN format, which is mandated by the corresponding schema files. Access Manager UUIDs include the following characters: equal sign (=), comma (,), and ampersand (&).