Access Manager Settings

Load Balancing

The following table describes the elements in the Load Balancing section of the Access Manager Settings page:

Element	Description
OAM Server Host	Type the virtual host name that represents the OAM Server Cluster, which might be exposed by a load balancer in front of an OAM Server Cluster.
OAM Server Port	Provide the virtual host port associated with the OAM Server Cluster. Values between 1 and 65535 are supported.
OAM Server Protocol	Choose either HTTP or HTTPS from the drop-down menu, this is used to access the virtual host that represents the OAM Server Cluster.
Server Error Mode	Choose from the following options in the drop-down menu to configure error messages with varying degrees of security for your custom login pages: Internal - Least secure level. External - Recommended level. Secure - Most secure. Provides generic error messages that barely give any hint of the internal reason for the error.

SSO

The following table describes the elements in the SSO section of the Access Manager Settings page:

Element	Description
IP Validation	Check the box to enable IP Validation, clear the box to disable IP validation. Specific to WebGates and is used to determine whether a client's IP address is same as the IP address stored in the ObSSOCookie generated for single sign-on.
SSO Token Version	Select your SSO token version from the drop-down menu.

Element

Description

IP Validation

Check the box to enable IP Validation, clear the box to disable IP validation.

Specific to WebGates and is used to determine whether a client's IP address is same as the IP address stored in the ObSSOCookie generated for single sign-on.

SSO Token Version

Select your SSO token version from the drop-down menu.

Access Protocol

Access Protocol provides configuration options for Simple mode and Cert Mode Transport security.

The following table describes the elements in the Access Protocol section of the Access Manager Settings page:

Element	Description
Simple Mode Configuration	Add data to Global Passphrase field, for communication if you are using OAM-signed X.509 certificates. Note: This is set during initial OAM Server installation.Administrators can edit this passphrase and then reconfigure all existing OAM agents to use it.
Cert Mode Configuration	Specify details in the following fields, which is required for the Key Store where the Cert mode X.509 certificates signed by an outside Certificate Authority reside: PEM Keystore Alias PEM Keystore Alias Password Note: These are set during initial OAM Server installation. The certificates can be imported using the import certificate utility or the keytool shipped with JDK.

Element

Description

Simple Mode Configuration

Add data to Global Passphrase field, for communication if you are using OAM-signed X.509 certificates.

Note: This is set during initial OAM Server installation.Administrators can edit this passphrase and then reconfigure all existing OAM agents to use it.

Cert Mode Configuration

Specify details in the following fields, which is required for the Key Store where the Cert mode X.509 certificates signed by an outside Certificate Authority reside:

PEM Keystore Alias
PEM Keystore Alias Password

Note: These are set during initial OAM Server installation. The certificates can be imported using the import certificate utility or the keytool shipped with JDK.

Policy

The following table describes the elements in the Policy section of the Access Manager Settings page:

Element	Description
Resource Matching Cache	Caches mapping between the requested URL and the policy holding the resource pattern that applies to the URL. Configure the following fields: Maximum Size - Default value is 100000. Zero disables the cache. Time to Live - Default value is 3600. Zero disables Time to Live.

Element

Description

Resource Matching Cache

Caches mapping between the requested URL and the policy holding the resource pattern that applies to the URL. Configure the following fields:

Maximum Size - Default value is 100000. Zero disables the cache.
Time to Live - Default value is 3600. Zero disables Time to Live.