The policy agent installer (agentadmin) makes following changes in the DAS instance:
Adds the Java Class Path Suffix with the JAR and locale files of the agent to the domain.xml file for the server-config target only (because server was the instance name specified during the installation). This change is not made to the default-config or the agents30-config targets. This distinction is critical to make sure you properly configure the agent to protect the applications deployed on the target agents30-config. For example:
${path.separator}/export/sun/j2ee_agents/appserver_v9_agent/lib/agent.jar\$ {path.separator}/export/sun/j2ee_agents/appserver_v9_agent/lib/openssoclientsdk.- jar\${path.separator}/export/sun/j2ee_agents/appserver_v9_agent/locale\$ {path.separator}/export/sun/j2ee_agents/appserver_v9_agent/Agent_001/config
where:
/export/sun is the base directory (BASE_DIR) where you unzipped the agent distribution file (appserver_v9_agent_3.zip).
Agent_001 identifies the agent instance that was created during installation.
Adds the JVM option for the target server-config to enable the policy agents logging:
- Djava.util.logging.config.file=<BASE_DIR>/j2ee_agents/appserver_v9_agent/config/ OpenSSOAgentLogConfig.properties
Adds the following J2EE permissions to read the agent JAR files in the server.policy file:
grant codeBase "file:<BASE_DIR>/j2ee_agents/appserver_v9_agent/lib/*" { permission java.security.AllPermission; };
Adds the agent realm in config/login.conf as follows:
agentRealm { com.sun.identity.agents.appserver.v81.AmASLoginModule required; };
Creates a new default authentication realm named agentRealm for the server instance.
Now, you must apply these changes to the cluster configuration so the applications deployed on the cluster can be protected by the agent.