Sun OpenSSO Enterprise Policy Agent 3.0 User's Guide for Web Agents

Creating a Web Agent Profile in Policy Agent 3.0

Caution – Caution –

Creating a web agent profile in OpenSSO Enterprise Console is a required task that you can perform prior to installing the web agent or during installation. Though the installation of the web agent actually succeeds without performing this task, the lack of a valid agent profile in OpenSSO Enterprise prevents the web agent from authenticating or having any further communication with OpenSSO Enterprise server.

Web agents work with OpenSSO Enterprise to protect resources. However, for security purposes these two software components can only interact with each other to maintain a session after the web agent authenticates with OpenSSO Enterprise by supplying an agent profile name and password. During the installation of the web agent, you must provide a valid agent profile name and the respective password to enable authentication attempts to succeed.

Creating a Web Agent Profile in Policy Agent 3.0

You can create agent profiles using any of the following methods:

ProcedureTo Create a Web Agent Profile in Policy Agent 3.0 Using OpenSSO Enterprise Console

This task applies when you want to create the web agent profile as a pre-installation task. Perform this task using OpenSSO Enterprise Console. The key steps of this task involve creating an agent name (ID) and an agent password.

  1. Log in to OpenSSO Enterprise Console as a user with AgentAdmin privileges, such as amadmin.

    The OpenSSO Enterprise login page is available at a URL similar in format to the following:
  2. Click the Access Control tab.

  3. Click the name of the realm to which the agent will belong, such as the following: /(Top Level Realm).

  4. Click the Agents tab.

    The Web tab is selected by default.

  5. Click New in the agent section.

  6. Enter values for the following fields:

    Name: Enter the name or identity of the agent. This is the agent profile name, which is the name the agent uses to log into OpenSSO Enterprise. Multi-byte names are not accepted.

    Password: Enter the agent password. However, it must be the same password entered in the agent profile password file that is used by the agentadmin utility to install the agent.

    Re-Enter Password: Confirm the password.

    Configuration: For configuration, check the location of the agent configuration properties.

    • Local: Properties stored in the file on the server where the agent is deployed.

    • Centralized: Properties stored in the OpenSSO Enterprise centralized data repository.

  7. In the Server URL field, enter the OpenSSO Enterprise server URL.

    For example:

  8. In the Agent URL field, enter the URL for the agent application.

    For example:

  9. Click Create.

    The Console creates the agent profile and displays the Web Agent page again with a link to the new agent profile.

    To perform additional configuration of the agent, click this link to display the Edit agent page.