Sun Java System Access Manager Policy Agent 2.2 Guide for Apache Tomcat 6.0

Installing and Configuring the Apache Tomcat 6.0 Agent With Access Manager 6.3

Although the Tomcat 6.0 agent is intended to be used with Access Manager 7.1, you can configure the agent to function with Access Manager 6 2005Q1 (6.3) patch 1 or later. However, some of the Access Manager 7.1 features, such as composite advices and policy-based response attributes, are not available in Access Manager 6.3.

Caution – Caution –

For the Tomcat 6.0 agent to function properly with Access Manager 6.3, patch 1 or greater must be applied to the Access Manager 6.3 instance.

ProcedureTo Install and Configure the Tomcat 6.0 Agent With Access Manager 6.3

  1. Ensure that the Access Manager 6.3 instance has been updated with patch 1 or later.

  2. Create an agent profile in the Access Manager 6.3 Console for the Tomcat 6.0 agent.

    Save the agent profile information to use during agent installation in the next step. For information about creating the agent profile in Access Manager 6.3, see Chapter 4, Identity Management, in the Sun Java System Access Manager 6 2005Q1 Administration Guide.

  3. Install the Tomcat 6.0 agent, providing details for the Access Manager 6.3 instance.

    For more information, see Chapter 3, Installing Policy Agent 2.2 for Apache Tomcat 6.0.

  4. Change to the PolicyAgent-base/lib directory.

  5. Download the amclientsdk63.jar and fmclientsdk.jar files to the PolicyAgent-base/lib directory from the OpenSSO Project site:

  6. Edit the classpath in the UNIX script or setAgentEnv_server-instance.cmd Windows script to specify the files you downloaded in the previous step.

    Important: You must remove PolicyAgent-base/lib/openssoclientsdk.jar; from the classpath.

  7. In the web.xml file of a application that needs to be protected by the agent, the roles should be defined as "cn=role_name,dc=domain" instead of "id=role_name,ou=role,dc=domain".

    For example: "cn=manager,dc=example,dc=com" instead of "id=manager,ou=role,dc=example,dc=com".