Sun ONE logo     Index      Next     
Sun ONE Identity Server Policy Agent Guide



Contents

About This Guide

What You Are Expected to Know
Identity Server Documentation Set
What's in This Guide
Documentation Conventions Used in This Manual
Typographic Conventions
Terminology
Related Information

Part 1 Web and Proxy Agents



Chapter 1 Read This First
How Policy Agents Work
Uses for Policy Agents
How an Agent Interacts with Sun ONE Identity Server 6.0
Supported Servers
Before You Begin Installation
Java Runtime Environment 1.3.1
The Web Server that Runs Sun ONE Identity Server Services vs. Remote Web Servers
Configuring Agent for Multiple Web Server Instances on the Same Computer System
Providing Failover Protection for Sun ONE Identity Server Agents
Updating the Agent Cache
Global Not-Enforced URL List
Global Not-Enforced IP Address List
Enforcing Authentication Only Without Enforcing Policies
Forwarding LDAP User Attributes via HTTP Headers
The AMAgent.properties File
Setting the Fully Qualified Domain Name
Cookie Reset Feature
Configuring CDSSO
Verifying a Successful Installation


Chapter 2 Policy Agents for Solaris 8 and 9
Before You Begin
Supported Solaris Web Servers
Patch Cluster for Solaris
Installation Using the GUI
Installing a Proxy Server Policy Agent
Installation Using the Command-Line
To Install a Web Server Agent Using the Command-Line
To Install a Web Proxy Server Agent Using the Command-Line
Configuring Agent for Multiple Web Server Instances
To Configure Agent for Multiple Web Server Instances on the Same Computer System
Using the config Script for Silent Installations
Removing an Agent Using the unconfig Script
Using Secure Sockets Layer (SSL) with an Agent
Configuring the IBM HTTP Server
Configuring the Domino DSAPI Filter
Web or Web Proxy Server Running in SSL Mode
The Agent's Default Trust Behavior
Disabling the Agent's Default Trust Behavior
Installing the Root CA Certificate on the Remote Web Server
Setting the REMOTE_USER Server Variable
Validating Client IP Addresses
POST Data Preservation
Shared Secret Encryption Utility
Uninstalling a Policy Agent
Before Uninstalling the Policy Agent for Lotus Domino 5.0.10
Uninstalling Using the GUI
Uninstalling Using the Command-Line Interface
Troubleshooting Solaris Agents
Known Problems


Chapter 3 Policy Agents for Windows 2000
Before You Begin
Supported Windows Web Servers
Installing the Policy Agent for Microsoft IIS
Installation Using the GUI
Installation Using the Command-Line
Installing an Agent Using the Command-Line
Configuring the Domino DSAPI Filter
Configuring Domino DSAPI Filter for Multiple Server Partitions
Using Secure Sockets Layer (SSL) with an Agent
The Agent's Default Trust Behavior
Disabling the Agent's Default Trust Behavior
Installing the Root CA Certificate on the Remote Web Server
Setting the REMOTE_USER Server Variable
Validating Client IP Addresses
POST Data Preservation
Shared Secret Encryption Utility
Uninstalling and Disabling Policy Agent
Uninstalling a Policy Agent
Disabling a Policy Agent Installed on Microsoft IIS
Uninstalling the Policy Agent for Lotus Domino 5.0.10
Uninstalling an Agent Using the Command-Line
Troubleshooting the Installation
IIS Policy Agent
Known Problems


Chapter 4 Policy Agents for Windows NT
Before You Begin
Supported Windows NT Web Server
Installation Using the GUI
Installing the Policy Agent for Microsoft IIS 4.0
Uninstalling and Disabling Policy Agents
Installation Using the Command-Line
To Install an Agent Using the Command Line
To Uninstall an Agent Using the Command Line
Using Secure Sockets Layer (SSL) with an Agent
The Agent's Default Trust Behavior
Disabling the Agent's Default Trust Behavior
Installing the Root CA Certificate on the Remote Web Server
Setting the REMOTE_USER Server Variable
Validating Client IP Addresses
Shared Secret Encryption Utility
Troubleshooting the IIS 4.0 Policy Agent
Known Problems


Chapter 5 Policy Agent for Red Hat Linux 7.2
Before You Begin
Configuring Apache Web Server with Posix Threads
Installation Using the GUI
Installing the Policy Agent
Uninstalling the Policy Agent
Installation Using the Command-Line
Installing the Policy Agent
Uninstalling the Policy Agent
Configuring Agent for Multiple Web Server Instances
To Configure Agent for Multiple Web Server Instances on the Same Computer System
Using the config Script for Silent Installations
Removing an Agent Using the unconfig Script
Using Secure Sockets Layer (SSL) with an Agent
The Agent's Default Trust Behavior
Disabling the Agent's Default Trust Behavior
Installing the Root CA Certificate on the Remote Web Server
Setting the REMOTE_USER Server Variable
Validating Client IP Addresses
Shared Secret Encryption Utility
Troubleshooting Information

Part 2 J2EE Agents



Chapter 6 Read This First
Uses of Policy Agent for Application Server
Examples
Supported Servers


Chapter 7 Policy Agent for WebLogic 6.1 SP2
Supported Platforms
How the Policy Agent for WebLogic 6.1 SP2 Works
Guidelines
Installing the Agent
Pre-installation Tasks
Launching the Installation Program on Solaris 8
Launching the Installation Program on Windows 2000 Server
Launching the Installation Program on HP-UX 11
Installing the Agent Using GUI
WebLogic Server Configuration
Installing the Agent Realm
Troubleshooting the Installation
Application Configuration
Installing the Agent Filter Component in an Application
Creating Role-to-Principal Mappings
Application Specific Agent Configuration
Special Case: Default Web Application
Global Agent Configuration
Not-Enforced List Usage Considerations
Agent Configuration
Common Configuration
Audit Configuration
Realm Configuration
Global Filter Configuration
Application Filter Configuration
Debug Engine Configuration
Using Agent and Sun ONE Identity Server SDK APIs
Uninstalling the Agent
Uninstalling the Agent Using GUI
Troubleshooting Uninstallation Problems


Chapter 8 Policy Agent 2.0 for IBM WebSphere 4.0.4 AE
Overview
Guidelines
Agent-based Authentication and Authorization
Coarse Grained and Fine Grained Access-control
Create Enhanced Security Aware Applications
Limitations
Supported Platform
Software Requirements
Installing the Agent
Pre-Installation Tasks
Launching the Installation Program
Installing the Agent Using GUI
Agent Configuration Details
Installing the Agent Using Command-Line
Configuring WebSphere Application Server
Application Configuration
Creating Role-to-Principal Mappings
Application-Specific Agent Configuration
Providing Application-Specific Not-Enforced List
Special Case: Default Web Application
Global Agent Configuration
Not-Enforced List Usage Considerations
Agent Configuration
Common Configuration
Realm Configuration
Global Interceptor Configuration
Application Interceptor Configuration
Debug Engine Configuration
Using Agent and Sun ONE Identity Server SDK APIs
SSL Configuration
Configuration Changes in AmConfig.properties
Configuration Changes in serverconfig.xml
Importing the root CA cert into Application Server JVM Keystore
Uninstalling the Agent
Launching the Uninstallation Program
Uninstalling the Agent Using GUI
Uninstalling the Agent Using Command Line
Troubleshooting Information
Installation/Uninstallation Problems
Fixing the Problems Manually


Chapter 9 Policy Agent for Sun ONE Application Server 7.0
Supported Platforms
Guidelines
Installing the Agent
Pre-installation Tasks
Installing the Agent Using GUI
Installing the Agent Using Command-Line
Silent Installation
Application Configuration
Installing the Agent Filter Component in an Application
Creating Role-to-Principal Mapping
Application-Specific Agent Configuration
Special Case: Default Web Application
Agent Configuration
Common Configuration
Audit Configuration
Realm Configuration
Global Filter Configuration
Application Filter Configuration
Debug Engine Configuration
Using Agent and Sun ONE Identity Server SDK APIs
Uninstalling the Agent
Uninstalling the Agent Using GUI
Uninstalling the Agent Using Command-Line


Appendix A Configuration Tasks Performed by Installer
WebLogic 6.1 SP2
WebLogic Server Startup Script Modifications
Adding Parameters to Java Virtual Machine
Installation of JCE 1.2.1 and JSSE 1.0.2 Extensions
WebSphere 4.0.4 AE
Modifications to Admin Server Configuration File
Modifications to trustedserver.properties
Modifications to sas.client.props
Configurations Through Administrative Console
Agent Realm Configuration
Sun ONE Application Server 7.0
Application Server Config Files


Appendix B Sample Scenarios for Role-to-Principal Mapping
WebLogic 6.1 SP2
Declarative Security
Programmatic Security
WebSphere 4.0.4 AE
Web Authorization
EJB Authorization
Sun ONE Application Server 7.0
Declarative Security
Programmatic Security


Appendix C Using the Policy Agent Debug Engine

Index


Index      Next     
Copyright 2003 Sun Microsystems, Inc. All rights reserved.