Creating a J2EE agent profile in OpenSSO Enterprise Console is a required task that you can perform prior to installing the J2EE agent or during installation. Though the installation of the J2EE agent actually succeeds without performing this task, the lack of a valid agent profile in OpenSSO Enterprise prevents the J2EE agent from authenticating or having any further communication with OpenSSO Enterprise.
J2EE agents work with OpenSSO Enterprise to protect resources. However, for security purposes these two software components can only interact with each other to maintain a session after the J2EE agent authenticates with OpenSSO Enterprise by supplying an agent profile name and password. During the installation of the J2EE agent, you must provide a valid agent profile name and the respective password to enable authentication attempts to succeed.
You can create agent profiles using any of the following methods:
Use OpenSSO Enterprise Console as described in the task that follows, To Create a J2EE Agent Profile in Policy Agent 3.0 Using OpenSSO Enterprise Console.
Use the ssoadm command-line utility with the create-agent subcommand. For more information on the ssoadm command-line utility, see Appendix D, Using the ssoadm Command-Line Utility With Agents.
Choose “Option to create the agent profile in the server during installation” when you run the agentadmin --custom-install command. For more information on the agentadmin --custom-install command, see agentadmin --custom-install.
This section provides instructions for creating a J2EE agent profile using OpenSSO Enterprise Console.
Perform the following tasks in OpenSSO Enterprise Console. The key steps of this task involve creating an agent name (ID) and an agent password.
Log in to OpenSSO Enterprise Console as a user with AgentAdmin privileges, such as amadmin.
Click the Access Control tab.
Click the name of the realm to which the agent will belong, such as the following: /(Top Level Realm).
Click the Agents tab.
Click the J2EE tab.
Click New in the agent section.
Enter values for the following fields:
Name: Enter the name or identity of the agent. This is the agent profile name, which is the name the agent uses to log into OpenSSO Enterprise. Multi-byte names are not accepted.
Password: Enter the agent password. However, it must be the same password entered in the agent profile password file that is used by the agentadmin utility to install the agent.
Re-Enter Password: Confirm the password.
Configuration: For configuration, check the location of the agent configuration properties.
Local: Properties stored in the OpenSSOAgentConfiguration.properties file on the server where the agent is deployed.
Centralized: Properties stored in the OpenSSO Enterprise centralized data repository.
In the Server URL field, enter the OpenSSO Enterprise server URL.
For example: http://OpenssoHost.example.com:58080/opensso
In the Agent URL field, enter the URL for the agent application.
For example: http://agentHost.example.com:8090/agentapp
The Console creates the agent profile and displays the J2EE Agent page again with a link to the new agent profile.
To perform additional configuration of the agent, click this link to display the Edit agent page.