Creating a web agent profile in OpenSSO Enterprise Console is a required task that you can perform prior to installing the web agent or during installation. Though the installation of the web agent actually succeeds without performing this task, the lack of a valid agent profile in OpenSSO Enterprise prevents the web agent from authenticating or having any further communication with OpenSSO Enterprise server.
Web agents work with OpenSSO Enterprise to protect resources. However, for security purposes these two software components can only interact with each other to maintain a session after the web agent authenticates with OpenSSO Enterprise by supplying an agent profile name and password. During the installation of the web agent, you must provide a valid agent profile name and the respective password to enable authentication attempts to succeed.
You can create agent profiles using any of the following methods:
Use the OpenSSO Enterprise Console as described in the task that follows, To Create a Web Agent Profile in Policy Agent 3.0 Using OpenSSO Enterprise Console. This method is commonly used when you want to create the agent profile as a pre-installation task.
Use the ssoadm command-line utility with the create-agent subcommand. For more information on the ssoadm command-line utility, see Appendix D, Using the ssoadm Command-Line Utility With Agents.
Choose “Option to create the agent profile in the server during installation” when you run the agentadmin utility with the --custom-install. For more information on the agentadmin utility, see Role of the agentadmin Program in Policy Agent 3.0.
This task applies when you want to create the web agent profile as a pre-installation task. Perform this task using OpenSSO Enterprise Console. The key steps of this task involve creating an agent name (ID) and an agent password.
Log in to OpenSSO Enterprise Console as a user with AgentAdmin privileges, such as amadmin.
The OpenSSO Enterprise login page is available at a URL similar in format to the following:
Click the Access Control tab.
Click the name of the realm to which the agent will belong, such as the following: /(Top Level Realm).
Click the Agents tab.
The Web tab is selected by default.
Click New in the agent section.
Enter values for the following fields:
Name: Enter the name or identity of the agent. This is the agent profile name, which is the name the agent uses to log into OpenSSO Enterprise. Multi-byte names are not accepted.
Password: Enter the agent password. However, it must be the same password entered in the agent profile password file that is used by the agentadmin utility to install the agent.
Re-Enter Password: Confirm the password.
Configuration: For configuration, check the location of the agent configuration properties.
Local: Properties stored in the OpenSSOAgentConfiguration.properties file on the server where the agent is deployed.
Centralized: Properties stored in the OpenSSO Enterprise centralized data repository.
In the Server URL field, enter the OpenSSO Enterprise server URL.
For example: http://OpenssoHost.example.com:58080/opensso
In the Agent URL field, enter the URL for the agent application.
For example: http://agentHost.example.com:8090
The Console creates the agent profile and displays the Web Agent page again with a link to the new agent profile.
To perform additional configuration of the agent, click this link to display the Edit agent page.