28.4 Registering and Managing OpenSSO Agents Using the Console

This topic provides the following topics:

• Registering an OpenSSO Agent using the Oracle Access Management Console

• Configuring and Managing Registered OpenSSO Agents Using the Console

28.4.1 Registering an OpenSSO Agent using the Oracle Access Management Console

Users with Oracle Access Management Administrator credentials can either use Oracle-provided tools to analyze and migrate an OpenSSO environment or use the Oracle Access Management Console to manually provision OpenSSO Agents.

Registration steps are the same regardless of the OpenSSO agent type you choose: Web or J2EE. You can register an OpenSSO agent before you deploy it. Users with valid Administrator credentials can perform the following task to register an OpenSSO agent using the Oracle Access Management Console.

Note:

Only centralized configuration mode is supported for new OpenSSO Agent creation.

After agent registration, you can change the communication mode of the OAM Server if needed. Communication between the agent and server continues to work as long as the Agent uses SSO Only filter mode.

Prerequisites

Confirm that at least one OAM Server is running in the same mode as the agent to be registered. Install the Agent, as described in:

• Oracle Sun OpenSSO Enterprise Policy Agent 3.0 User's Guide for Web Agents

• Oracle Sun OpenSSO Enterprise Policy Agent 3.0 User's Guide for J2EE Agents

See Also:

"Understanding OpenSSO Agent Registration Parameters"

To register an OpenSSO agent using the console

1. In the Oracle Access Management Console, click Application Security at the top of the window.
2. In the Application Security Console, select Create OpenSSO Agent from the Create (+) menu in the Agents section.
3. On the Create OpenSSO Agent page, enter required details (with an *) (Table 28-5).
4. Confirm that the Auto Create Policies box is checked (or clear the box to disable this function if you do not need a new Application Domain).
5. Click Apply to submit the registration (or close the page without submitting it):
6. Check the Confirmation window for the location of generated artifacts and then close the window.
7. In the navigation tree, confirm the Agent name is listed.
8. Copy OpenSSO Agent bootstrap and configuration files from the console host (AdminServer) to the Agent host Web server:

   OpenSSO Properties Files From ...	Path ...
   From the AdminServer (Console) host	$DOMAIN_HOME/output/$Agent_Name/ OpenSSOAgentBootstrap.properties OpenSSOAgentConfiguration.properties
   To the OpenSSO Agent host Web server $OHS_dir/config.	For example: $WebTier_MW_HOME/Oracle_WT1/instances1/config/OHS/ohs1/config/

9. Restart the OAM Server hosting the Agent.
10. Proceed to the following topics, as needed:

    • "Configuring and Managing Registered OpenSSO Agents Using the Console"

    • Managing Access Manager SSO, Policies, and Testing

28.4.2 Configuring and Managing Registered OpenSSO Agents Using the Console

The procedure is the same whether you are editing (view, modify, or delete) a J2EE or Web type OpenSSO agent. Users with valid Administrator credentials can change any setting for a registered agent using the Oracle Access Management Console.

After changes, updated details are propagated through a runtime configuration update process. There is usually no need to copy the artifacts over to OpenSSO agent configuration area. Artifacts need only be copied to the OpenSSO agent directory path if the agent name, password, or security mode is changed.

Note:

Deleting an agent registration removes only the registration (not the associated host identifier, Application Domain, resources, or the agent instance itself), which prevents registering the same agent again if required. However, deleting the Application Domain and its content removes all referenced objects including the Agent registration, as described in "Deleting an Application Domain and Its Contents".

Prerequisites

The agent must be registered and the registration visible in the Oracle Access Management Console. The AdminServer and one OAM Server must be running.

See Also:

"The Expanded OpenSSO Agent Page and Parameters"

To view or modify registration details (or delete a registration)

1. In the Oracle Access Management Console, click Application Security at the top of the window.

   1. In the Application Security console, click Agents to display the Agents Search page.

   2. Find a Registration: Fill in the form (Agent Name or Agent Type or both) or simply click the Search button.

   3. Open a Registration: Click the Agent name in the results table to open the page.

2. Modify Existing Details:

   1. Add or modify agent details as desired (Table 28-5).

   2. Click Apply to submit changes, then dismiss the Confirmation window.

   3. Copy OpenSSO Agent configuration files only if the Agent name, password, or security mode was changed.

3. Delete OpenSSO Agent Registration: This does not remove the Agent instance itself, only the registration page from the console.

   1. Close the agent's registration page if it is open.

   2. Click the desired agent's name, click the Delete button in the tool bar, and confirm the removal in the Confirmation window.

   3. Confirm the Agent name is absent in the navigation tree.

4. Restart the OAM Server hosting the Agent.

5. Proceed to Managing Access Manager SSO, Policies, and Testing.