To get a non-expiring SSO token for the agent's self authentication to the Access Manager server, you must set the com.sun.identity.authentication.special.users property in the AMConfig.properties file.
In the AMConfig.properties file for the Access Manager server, edit the following property to include the distinguished name (DN) of the agent profile user. Use the legacy SDK DN and not the universal UID of the user. For example:
com.sun.identity.authentication.special.users= cn=dsameuser,ou=DSAME Users,dc=sun, dc=com|cn=amService-UrlAccessAgent,ou=DSAME Users, dc=sun,dc=com |uid=dmgr,ou=people,dc=sun,dc=com|uid=agentprofileuser, ou=people,dc=sun,dc=com
To find the DN of the user, use ldapsearch with the ou=people,ROOT_SUFFIX base and (|(uid=agentprofileuser)(cn=agentprofileuser)) filter.
After you edit the AMConfig.properties file, restart the Access Manager server.
In a multiple server deployment, you must set the com.sun.identity.authentication.special.users property in the AMConfig.properties file for each Access Manager server in the deployment.