Creating an Agent Profile

The WebSphere Application Server/Portal Server agent uses an agent profile to communicate with OpenSSO Enterprise server. You can create an agent profile using any of these three methods:

• Create the agent profile during installation when you run the agentadmin program with the --custom-install option. The program prompts you for this information:

  • Agent profile name and path to the agent profile password file

  • Agent administrator name and path to the agent administrator password file

• Use the OpenSSO Enterprise Console

• Use the ssoadm command-line utility with the create-agent subcommand. For more information about the ssoadm command, see the Sun OpenSSO Enterprise 8.0 Administration Reference.

To Create an Agent Profile in the OpenSSO Enterprise Console

1. Login into the OpenSSO Enterprise Administration Console as amAdmin.

2. Click Access Control, realm-name, Agents, and then J2EE.

3. Under Agent, click New.

4. In the Name field, enter the name for the new agent profile. For example: WSASAgentProfile

5. Enter and confirm the Password.

   Important: This password must be the same password that you enter in the agent profile password file that you specify when you run the agentadmin program to install the agent.

6. In the Server URL field, enter the OpenSSO Enterprise server URL.

   For example: http://openssohost.example.com:8080/opensso

7. In the Agent URL field, enter the URL for the agent application (agentapp).

   For example: http://agenthost.example.com:8090/agentapp

   The agent application (agentapp.war) is a housekeeping application used by the agent for notifications and other functions such as cross domain single sign-on (CDSSO) support. For more information, see Deploying the Agent Application.

8. Click Create.

   The console creates the agent profile and displays the J2EE Agent page again with a link to the new agent profile, WSASAgentProfile.

   To do additional configuration for the agent profile, click the agent link to display the Edit agent page. For information about the agent configuration fields, see the Console online Help.

   If you prefer, you can also use the ssoadm command-line utility to edit the agent profile. For more information, see the Sun OpenSSO Enterprise 8.0 Administration Reference.

   ---

   Tip –

   Make a note of the values you specified for the agent profile, including the profile name, password, server URL, and agent URL. You will need these values when you install the agent using the agentadmin program.

   ---

9. If the WebSphere Application Server/Portal Server agent will not retrieve the Role from the Access Manager SDK (AMSDK) Identity Repository Plug-in, perform the following steps:

   1. Click the WebSphere Application Server/Portal Server agent link (for example, WSASAgentProfile) to display the agent profile Edit page.

   2. Click the Application subtab.

   3. Click the Privilege Attributes Processing link.

   4. Under the Privilege Attributes Processing section, remove Role from the Current Values for the Privileged Attribute Type list box.

      You should have only Group left under the Current Values.

   5. Click Save.