This topic provides the following topics:
Users with Oracle Access Management Administrator credentials can either use Oracle-provided tools to analyze and migrate an OpenSSO environment or use the Oracle Access Management Console to manually provision OpenSSO Agents.
Registration steps are the same regardless of the OpenSSO agent type you choose: Web or J2EE. You can register an OpenSSO agent before you deploy it. Users with valid Administrator credentials can perform the following task to register an OpenSSO agent using the Oracle Access Management Console.
Only centralized configuration mode is supported for new OpenSSO Agent creation.
After agent registration, you can change the communication mode of the OAM Server if needed. Communication between the agent and server continues to work as long as the Agent uses SSO Only filter mode.
Confirm that at least one OAM Server is running in the same mode as the agent to be registered. Install the Agent, as described in:
Oracle Sun OpenSSO Enterprise Policy Agent 3.0 User's Guide for Web Agents
Oracle Sun OpenSSO Enterprise Policy Agent 3.0 User's Guide for J2EE Agents
To register an OpenSSO agent using the console
|OpenSSO Properties Files From ...||Path ...|
From the AdminServer (Console) host
To the OpenSSO Agent host Web server $OHS_dir/config.
The procedure is the same whether you are editing (view, modify, or delete) a J2EE or Web type OpenSSO agent. Users with valid Administrator credentials can change any setting for a registered agent using the Oracle Access Management Console.
After changes, updated details are propagated through a runtime configuration update process. There is usually no need to copy the artifacts over to OpenSSO agent configuration area. Artifacts need only be copied to the OpenSSO agent directory path if the agent name, password, or security mode is changed.
Deleting an agent registration removes only the registration (not the associated host identifier, Application Domain, resources, or the agent instance itself), which prevents registering the same agent again if required. However, deleting the Application Domain and its content removes all referenced objects including the Agent registration, as described in "Deleting an Application Domain and Its Contents".
The agent must be registered and the registration visible in the Oracle Access Management Console. The AdminServer and one OAM Server must be running.
To view or modify registration details (or delete a registration)
In the Oracle Access Management Console, click Application Security at the top of the window.
In the Application Security console, click Agents to display the Agents Search page.
Find a Registration: Fill in the form (Agent Name or Agent Type or both) or simply click the Search button.
Open a Registration: Click the Agent name in the results table to open the page.
Modify Existing Details:
Add or modify agent details as desired (Table 28-5).
Click Apply to submit changes, then dismiss the Confirmation window.
Copy OpenSSO Agent configuration files only if the Agent name, password, or security mode was changed.
Delete OpenSSO Agent Registration: This does not remove the Agent instance itself, only the registration page from the console.
Close the agent's registration page if it is open.
Click the desired agent's name, click the Delete button in the tool bar, and confirm the removal in the Confirmation window.
Confirm the Agent name is absent in the navigation tree.
Restart the OAM Server hosting the Agent.