Sun Access Manager,Policy Agent 2.2, IIS7?

Hello everybody
Is it possible to protect IIS7 with policy agent 2.2 and Sun Access Manager 7.1?
Policy Agents 3.0 (for Open SSO) works with Sun Access Manager 7.1?
regards!
Alex Dávila

Tanks handat      
I found
http://download.oracle.com/docs/cd/E19575-01/820-5816/galtf/index.html
http://download.oracle.com/docs/cd/E19681-01/821-0267/gfxhz.html#scrolltoc     
greetings
alex davila

Similar Messages

  • Access Manager Policy Agent and Oracle AS

    Hi,
    my system uses Oracle Application Server. The security dept use Sun Access Manager. I need to integrate the security of the Oracle system with the policy agent. Where this gets a little confusing is that one of my developers tells me that this is difficult to implement and that Sun arent planning on supporting the Oracle AS in future.
    What I would like is some clarification from the horses mouth so to speak. In particular is it possible to integrate the policy agent and Oracle AS, and are Sun committed to supporting and developing for this.
    Thanks,
    Andy.

    "Where this gets a little confusing is that one of my developers tells me that this is difficult to implement"
    "it is NOT an implementation but an integration ! difficult ? why ?"
    "and that Sun arent planning on supporting the Oracle AS in future."
    There is a PA 2.2 for Oracle 10g ! It is the latest version(2.2 I mean). I don't see any reasons why Sun should not continue. But it is ONLY my point of view...
    "What I would like is some clarification from the horses mouth so to speak. In particular is it possible to integrate the policy agent and Oracle AS, and are Sun committed to supporting and developing for this."
    Of course it is possible because you can find the PA that will integrate your Oracle AS with a Sun AM.
    1) Please read the documentation.
    http://docs.sun.com/app/docs/coll/1322.1
    Download the one for Oracle and read also the user guide.
    PA are very easy to integrate if you know what you do... Espec. und. the AM auth and sso... If you can be helped by a AM guy from your comp. it is welcome... It is a j2ee agent and of course the PA will make what is necessary to redirect you to AM at login time and later to auth. your request...2)
    2) Download the soft and do the job :-)
    Product Downloads
    Sun Java System Access Manager Policy Agent 2.2 for Oracle Application Server 10g
    http://www.sun.com/download/products.xml?id=455d52ed
    I did plenty of int. with Sun/Bea/Tomcat AS(don't forget there are also webserver agents like Apache PA) with AM and it is not a big deal. Not Oracle, but it is an AS and I don't see why it should be difficult...
    Hope this helps a bit.

  • Access Manager Policy Agent 2.2

    Hello
    Has anyone experienced the error noted below. This is occurring after Access Manager has validated the
    user and redirected the request back to the agent on the protected box.
    PolicyEngine: am_policy_evaluate: InternalException in Service::do_update_policy with error message:Policy query failed. and code:6
    PolicyAgent: validate_session_policy() status: Access Manager policy service failure (6)
    Any help will be greatly appreciated.

    Hi,
    Are you using a 2.1 agent ? If yes are you using a custom Authentication module ? try setting the com.sun.am.policy.am.library.loginURL if needed. Also check for valid certs if you are using ssl

  • NSAPI in Access Manager & Policy Agent

    Hi all,
    May I know is it possible to use NSAPI to be a communication channel between policy agent and access manager?
    I have installed Sun One Web Server together with policy agent, access manager is installed in another machine.
    I've looked through all related documentation but could not find NSAPI for policy agent or access manager.
    Thanks in advance!

    Hi all,
    May I know is it possible to use NSAPI to be a communication channel between policy agent and access manager?
    I have installed Sun One Web Server together with policy agent, access manager is installed in another machine.
    I've looked through all related documentation but could not find NSAPI for policy agent or access manager.
    Thanks in advance!

  • Need asssitance on openSSO/Access Manager-policy agent on tomcat 5.5

    I'm asking here because there is no help from openSSO forum.
    I know that openSSO is quite the same with java access manager,
    so I assume that openSSO is identical to java access manager.
    I'm very much new to the policy agent and I've tried to test it for my own web application, but it doesn't seems to work.
    Here is my situation :
    I'm using 2 servers:
    1. server using windows XP, installed with tomcat 5.5 and opensso inside (acts as openSSO server).
    I set the IP to be 192.168.0.3 and tomcat web server will be listening on port 8080
    2. server using windows XP, installed with tomcat 5.5 and my web application inside, and the policy agent.
    I set the IP to be 192.168.0.1 and tomcat web server will be listening on port 7070
    my web application is named "akademis" and I can acess it with the usual method on address http://192.168.0.1:7070/akademis.
    I install the policy agent on global web.xml of tomcat configuration and I don't change anything on web.xml of my application.
    when I tried to acess the http://192.168.0.1:7070/akademis , I wa redirected to openSSO login page correctly and I entered username and password(username:amadmin). I passed the login page and being redirected to the page that I wanted, but it doesn't do correctly cause I got a HTTP message of 403 (forbidden).
    I got some clue in the policy agent logs :
    a. the amFilter log
    09/30/2006 01:08:25:890 PM ICT: Thread[http-7070-Processor25,5,main]
    09/30/2006 01:09:14:515 PM ICT: Thread[http-7070-Processor25,5,main]
    ERROR: URLFailoverHelper: No URL is available at this time
    09/30/2006 01:09:14:515 PM ICT: Thread[http-7070-Processor25,5,main]
    ERROR: AmFilter: Error while delegating to inbound handler: SSO Task Handler, access will be denied
    [AgentException Stack]
    com.sun.identity.agents.arch.AgentException: No URL is available at this time
    at com.sun.identity.agents.common.URLFailoverHelper.getAvailableURL(URLFailoverHelper.java:133)
    at com.sun.identity.agents.filter.AmFilterRequestContext.getLoginURL(AmFilterRequestContext.java:748)
    at com.sun.identity.agents.filter.AmFilterRequestContext.getAuthRedirectURL(AmFilterRequestContext.java:285)
    at com.sun.identity.agents.filter.AmFilterRequestContext.getAuthRedirectURL(AmFilterRequestContext.java:258)
    at com.sun.identity.agents.filter.AmFilterRequestContext.getAuthRedirectResult(AmFilterRequestContext.java:363)
    at com.sun.identity.agents.filter.AmFilterRequestContext.getAuthRedirectResult(AmFilterRequestContext.java:345)
    at com.sun.identity.agents.filter.SSOTaskHandler.doSSOLogin(SSOTaskHandler.java:210)
    at com.sun.identity.agents.filter.SSOTaskHandler.process(SSOTaskHandler.java:98)
    at com.sun.identity.agents.filter.AmFilter.processTaskHandlers(AmFilter.java:185)
    at com.sun.identity.agents.filter.AmFilter.isAccessAllowed(AmFilter.java:152)
    at com.sun.identity.agents.filter.AmAgentBaseFilter.doFilter(AmAgentBaseFilter.java:38)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
    at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213)
    at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:178)
    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126)
    at org.apache.catalina.cluster.tcp.ReplicationValve.invoke(ReplicationValve.java:346)
    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105)
    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107)
    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148)
    at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:869)
    at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:664)
    at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:527)
    at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:80)
    at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:684)
    at java.lang.Thread.run(Thread.java:595)
    b. the amLog
    09/30/2006 01:08:09:921 PM ICT: Thread[main,5,main]
    09/30/2006 01:08:10:078 PM ICT: Thread[main,5,main]
    ERROR: RemoteHandler.getLogHostURL(): 'null' is malformed. null
    I think the reson that I failed is not in the openSSO/java access manager, because I get passed the login page, and also in the amFilter log of the policy agent I see an error of "No URL is available at this time" .
    Is there anyone can help me on this problem ? I'll be very glad if somebody can help me.
    thanks

    Please try the fix as suggested in the following and let us know the results.
    http://support.microsoft.com/default.aspx?scid=kb;EN-US;196271
    http://forum.java.sun.com/thread.jspa?threadID=346820&messageID=1436761
    Thanks,
    Subba

  • Access Manager Policy Agent 2.2 for Oracle 10g

    I Installed AM Policy Agent 2.2 on Oracle App Server 10g (10.1.3). After install I don't get the redirect to the AM login page. The agent does not appear to be activated. When I restart the Oracle App server I expect to see logs entries from the agent in <agenthome>/logs/debug, but I don't get any log entries.
    The agent was installed as oracle (same as the 10g server).
    Entries in the 10g global application.xml for the agent:
    ibrary path="/opt/AMAgent/j2ee_agents/am_oracle1012_agent/agent_001/config">
    </library>
    <library path="/opt/AMAgent/j2ee_agents/am_oracle1012_agent/locale">
    </library>
    <library path="/opt/AMAgent/j2ee_agents/am_oracle1012_agent/lib/agent.jar">
    </library>
    <library path="/opt/AMAgent/j2ee_agents/am_oracle1012_agent/lib/amclientsdk.jar">
    </library>
    AMAgent.properties settings:
    com.iplanet.services.debug.level=message
    com.sun.identity.agents.config.filter.mode = URL_POLICY
    My goal is to protect all apps with SSO and basic url policies.
    Any ideas on what I'm doing wrong? missing?

    Hi,
    have you added the agent filter for the application you are trying to protect
    <filter>
    <filter-name>Agent</filter-name>
    <display-name>Agent</display-name>
    <filter-class>
    com.sun.identity.agents.filter.AmAgentFilter
    </filter-class>
    </filter>
    <filter-mapping>
    <filter-name>Agent</filter-name>
    <url-pattern>/*</url-pattern>
    </filter-mapping>

  • Chaining Access Manager Policy Agents

    Hi,
    Can we chain access manager agents, so we can pass the authentication details on to other apache server web agents.
    Step 1 - to configure a reverse proxy which uses the Access Manager & Agent to authenticate (This works ok)..
    The reverse proxy directs to a Secure Global Desktop (SGD) server which i want to use the above authentication.
    Step 2 - get the SGD server authenticating with Access Manager and the Apache Web Agent (this works ok).
    Step 3 - My question is can the web agent on the back end SGD server use the authentication credentials from the initial Reverse Proxy Access manager log in?
    This is what i am seeing at the moment.
    - I login to the reverse proxy via Access Manager and it then picks a back end SGD server.
    - It then looks like the Access Manager sits there trying to connect to the SGD server.
    - When it times out the URL in the browser is a bit confusing.. Its https://<sgd server>:<reverse proxy port> The port should be the sgd server port.
    It looks like the AM credentials and environment are ok (iPlanetDirectoryPro and REMOTE_USER).. because after it times out trying to connect to the sgd server with the wrong port number, I change this to be the correct SGD server address in the browser, and it automatically logs in like in Step 2 above.
    So my question really is can the authentication details provided at the first level apache web agent be passed down to other apache web server agents running on other servers?
    Any ideas.
    Thanks,
    Carl

    Hi,
    Can we chain access manager agents, so we can pass the authentication details on to other apache server web agents.
    Step 1 - to configure a reverse proxy which uses the Access Manager & Agent to authenticate (This works ok)..
    The reverse proxy directs to a Secure Global Desktop (SGD) server which i want to use the above authentication.
    Step 2 - get the SGD server authenticating with Access Manager and the Apache Web Agent (this works ok).
    Step 3 - My question is can the web agent on the back end SGD server use the authentication credentials from the initial Reverse Proxy Access manager log in?
    This is what i am seeing at the moment.
    - I login to the reverse proxy via Access Manager and it then picks a back end SGD server.
    - It then looks like the Access Manager sits there trying to connect to the SGD server.
    - When it times out the URL in the browser is a bit confusing.. Its https://<sgd server>:<reverse proxy port> The port should be the sgd server port.
    It looks like the AM credentials and environment are ok (iPlanetDirectoryPro and REMOTE_USER).. because after it times out trying to connect to the sgd server with the wrong port number, I change this to be the correct SGD server address in the browser, and it automatically logs in like in Step 2 above.
    So my question really is can the authentication details provided at the first level apache web agent be passed down to other apache web server agents running on other servers?
    Any ideas.
    Thanks,
    Carl

  • Securing web services with Sun Access Manager

    Hi!
    I have gone through some documentation about Sun Access Manager, and I'm a little bit confused.
    What I want is to secure some web services which are deployed on a BEA WebLogic 9.1 server (WLS). Two solutions are possible: To install some kind of plugin into WLS or to place some kind of proxy in front of WLS. In both cases, the purpose would be to authenticate the caller based on some kind of ticket (SAML or similar) and authorize access to the web service.
    I have read about the "Sun Java System Access Manager Policy Agent 2.2 for Weblogic 9.1" (those guys really like long names....), but in this documentation web services aren't mentioned at all. They only seem to care about HTTP requests from a browser.
    I have also read about the Policy Agent 2.2 in the documentation called "Sun Java System Access Manager Policy Agent 2.2 Guide for Sun Java System Application Server 9.0/Web Services" (puh...). This document explicitly talks about securing web services the way I want.
    My questions are:
    1) Is it possible to secure WLS based web services in the same way using the Policy Agent for WLS?
    2) Are there any documentation/tutorials/etc?
    Thanks in advance :-)
    Anders

    what you need is a webservices agent that would enable you to "protect" your webservice provider, which I assume is on a BEA weblogic provider.
    the "Sun Java System Access Manager Policy Agent 2.2 for Weblogic 9.1" is "NOT" awebservices agent, but a normal J2EE policy agent.
    So.. having said that. here's what I'd recommend.
    1. install the webservices agent on bea weblogic. (note: NOT the J2EE policy agent)
    2. configure it to use your access manager instance for authentication.
    3. configure your webservices client to use the webservice provider. (note: you'd need the webservices APi's available on the client too... so the quick dirty method would be to install the webservices agent on your client too....) you can later bundle the webservices client independently and provide your"customers" with a webservices client bundle...
    4. voila... your webservices are not "protected" by acces manager ;-)

  • Policy Agent doesn't reset Sun  Access Manager session time idle value

    Hi,
    We have the following setup in our environment:
    - apache web server/web and policy agent 2.2 for apache 2.0.54
    - webmethods portal server (jetty)
    -Sun Access Manager (with Sun Directory Server)
    We use policy agent for authentication purpose only (via Sun Access Manager/LDAP) when the users access the portal. We have custom code that creates session in Sun Access Manager for custom LDAP services. For testing purpose, we configure SAM session to have Max Session Timeout at 120mins and Time Idle at 15mins. I would assume that, after the initial login request, for all subsequent accesses to the portal the policy agent should intercept the request and reset the Time Idle value of SAM session. However, when I monitor time idle value using SAM console, session tab, the time idle value didn't change when the portal user access pages, submit actions, etc. I can see in the debug log of policy agent that requests are being intercepted/processed, but the time idle didn't get reset.
    Does anyone know if this is a bug in configuration or in policy agent itself or am I making the wrong assumption?
    Thanks a lot for the help.

    Thanks for the reply, Shivaram. The issue appears to occur at random time, not accurately at the 3 min interval as you mention. I tested changing this value to 1, theoretically, after one 1 minute of idle time, accessing a link would make the agent reset the time idle value for the user session in SAM, but it didn't even after 3 minutes. This seems to be either a policy agent or system access manager bug.
    We performed a 'vanilla' test using the apache server manual pages (only plain HTML, no POST requests), the pages are protected by the policy agent. At the first login, rwe were prompted to enter credential to be validated by SAM/LDAP, and then a user session is created in SAM session table. We browse around the manual pages, once in a while, certain pages cause the policy agent to reset the time idle. However, revisiting these links after a few minutes doesn't reset the idle value. Caching setting has been disable as well. Could there be or lack of some settings in AMConfig.properties or AMAgent.properties that might have caused this behavior?
    Thanks for all your help,

  • Sun Access Manager Event Sequence

    I have a third party black box piece of hardware that is redirecting browser requests to my server for authentication. I want to utilize the Sun Access Manager to perform these authentications. Do I need to use the Policy Agent, or should I attempt to communicate directly with the Access Manager? What benefit will I gain from including the Policy Agent into the mix?
    If I don't use the policy agent, here is the sequence of events as I understand them:
    1) Browser hits Black Box (BB) for protected information.
    2) BB redirects the browser to me.
    3) Browser sends me a SAML snippet. I decode and inflate the snippet, then send it off to the access manager (AM).
    4) The AM throws an invalid id exception because the user has never logged in.
    5) I catch the invalid id exception, and redirect the browser to the AM login URL. The user enters a valid id and password and hits submit.
    6) ... ?
    Is this correct up to step 5, and what happens after step 5? Any hints would be greatly appreciated.

    Okay, never mind then.

  • Siebel Integration with SUN Access Manager

    Hi Guys,
    We are trying to integrate siebel with Sun access Manager.
    I have gone thro the sun site but unable to find any documentation and policy agent to download.
    Please guide me where can i find documenttaion and policy agent software download.
    Thanks
    Regards,
    Mohit

    There is no agent to integrate with Siebel directly. However it should be possible by using Sun web server or IIS agent. Here is an old document that may still apply.
    http://docs.sun.com/source/816-6901-10/Chapter.html#wp19548
    There was more detailed integration document on Siebel web site. But it has been removed after Oracle acquisition (http://www.siebel.com/partners/portal/docs/integrationbriefs/siebel77_sjsam_tib.pdf)
    thanks,
    shivaram

  • Integrating windows authentication with Sun ACCESS MANAGER

    Hi,
    I have implemented sun access manager and successfully protected an application (ABC). At present iam using the SDS as the authentication and authorization directory. I login in to the machine using the network username and password which is on AD.
    I want to integrate my authentication/authorization mechanism from SDS to AD. so that when i login into the machine and open application ABC it should not ask me for the credentials; instead allow me to the homepage directly.
    How to do this.
    Thanks in advance
    Maruthi

    Hi!
    Maybe this helps you, it describes how to setup AM and policy agent to handle basic authentication protected sites. While the article is about sharepoint it should work for any application.
    http://developers.sun.com/identity/reference/techart/sharepoint.html
    Christoph

  • Configuring IIS6.0 with Sun Access manager

    As I am new to Sun java Access manager .I have installed and configured the Sun Access manager 7.1 on Tomcat and able to login to the console also.Now I am looking to configure the web application which resides in IIS 6.0 with Sun Access manager,To do this are there any documents about how to configure the Windows IIS 6.0Policy agent with Sun Accessmanager?In the Sun website I didnt see any document related to this configuration,could anyone please help how to work on this?
    Thanks in advance.

    http://docs.sun.com/app/docs/doc/819-4771?l=en
    should give you all the information you need. For server changes like policy refer to AM 7.1 docs on docs.sun.com

  • Access manager policyagent 2.1 fro webspher5.0  with sun access manager in

    Help It is very urgent
    I have installed my sun access manager and sun direcory server on same machine solaris10.SSL is diable in directory server.Access manager working on ssl mode means it is working on Http with port 80 and Https with port443.Access manager url is
    http://lhostname:80/amconsole or https://hostname:443/amconsole and
    http://host:80/amserver/UI/Login or https://host:443/amserver/UI/Login.it is displaying access manager login page.It is working properly standalone.
    But when i configure it with policyagent2.1 for WebSphere5.0 .WebSphere installed on windows2000 server.when i type the application URL that is running on WebSphere it does not show access manager login page.It show u r not authurised to view this page.WebSphere running on Http.
    and amService log detail is*****************************************************
    03/02/2006 05:57:32:018 PM GMT+05:30: Thread[Servlet.Engine.Transports : 0,5,main]
    Naming service URL list: [https://my.domain.com:443/amserver/namingservice]
    03/02/2006 05:57:32:018 PM GMT+05:30: Thread[Servlet.Engine.Transports : 0,5,main]
    Only one naming service URL specified. NamingServiceMonitor will be disabled.
    03/02/2006 05:57:32:018 PM GMT+05:30: Thread[Servlet.Engine.Transports : 0,5,main]
    getServiceURL for service: auth protocol: https host: my.domain.com port: 443
    03/02/2006 05:57:32:112 PM GMT+05:30: Thread[Servlet.Engine.Transports : 0,5,main]
    ERROR: Naming service connection failed
    com.iplanet.services.comm.client.SendRequestException: com.ibm.ws.orbimpl.transport.protocol.https.HttpsURLConnection
         at com.iplanet.services.comm.client.PLLClient.send(PLLClient.java:141)
         at com.iplanet.services.comm.client.PLLClient.send(PLLClient.java:73)
         at com.iplanet.services.naming.WebtopNaming.getNamingResponse(WebtopNaming.java:360)
         at com.iplanet.services.naming.WebtopNaming.updateNamingTable(WebtopNaming.java:421)
         at com.iplanet.services.naming.WebtopNaming.getNamingProfile(WebtopNaming.java:353)
         at com.iplanet.services.naming.WebtopNaming.getServiceURL(WebtopNaming.java:187)
         at com.sun.identity.authentication.AuthContext.setLocalFlag(AuthContext.java:1159)
         at com.sun.identity.authentication.AuthContext.createAuthContext(AuthContext.java:1100)
         at com.sun.identity.authentication.AuthContext.createAuthContext(AuthContext.java:1071)
         at com.sun.identity.authentication.AuthContext.<init>(AuthContext.java:142)
         at com.sun.identity.policy.client.AuthService.getAppSSOToken(AuthService.java:103)
         at com.sun.identity.policy.client.AuthService.getApplicationSSOToken(AuthService.java:79)
         at com.sun.identity.policy.client.PolicyEvaluator.getAppSSOToken(PolicyEvaluator.java:499)
         at com.sun.identity.policy.client.PolicyEvaluator.init(PolicyEvaluator.java:193)
         at com.sun.identity.policy.client.PolicyEvaluator.<init>(PolicyEvaluator.java:172)
         at com.sun.identity.policy.client.PolicyEvaluatorFactory.getPolicyEvaluator(PolicyEvaluatorFactory.java:118)
         at com.sun.identity.policy.client.PolicyEvaluatorFactory.getPolicyEvaluator(PolicyEvaluatorFactory.java:87)
         at com.sun.identity.agents.policy.AmWebPolicy.<init>(Unknown Source)
         at com.sun.identity.agents.policy.AmWebPolicyManager.<init>(Unknown Source)
         at com.sun.identity.agents.policy.AmWebPolicyManager.<clinit>(Unknown Source)
         at com.sun.identity.agents.filter.AmFilter.<init>(Unknown Source)
         at com.sun.identity.agents.filter.AmFilterManager.getAmFilter(Unknown Source)
         at com.sun.identity.agents.filter.AmFilterManager.getAmFilter(Unknown Source)
         at com.sun.identity.agents.filter.AmFilterManager.getAmFilterInstanceForModeConfigured(Unknown Source)
         at com.sun.identity.agents.filter.AmAgentFilter.doFilter(Unknown Source)
         at com.ibm.ws.webcontainer.filter.FilterInstanceWrapper.doFilter(FilterInstanceWrapper.java:132)
         at com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:71)
         at com.ibm.ws.webcontainer.webapp.WebAppRequestDispatcher.handleWebAppDispatch(WebAppRequestDispatcher.java:863)
         at com.ibm.ws.webcontainer.webapp.WebAppRequestDispatcher.dispatch(WebAppRequestDispatcher.java:491)
         at com.ibm.ws.webcontainer.webapp.WebAppRequestDispatcher.forward(WebAppRequestDispatcher.java:173)
         at com.ibm.ws.webcontainer.srt.WebAppInvoker.doForward(WebAppInvoker.java:79)
         at com.ibm.ws.webcontainer.srt.WebAppInvoker.handleInvocationHook(WebAppInvoker.java:199)
         at com.ibm.ws.webcontainer.cache.invocation.CachedInvocation.handleInvocation(CachedInvocation.java:71)
         at com.ibm.ws.webcontainer.srp.ServletRequestProcessor.dispatchByURI(ServletRequestProcessor.java:182)
         at com.ibm.ws.webcontainer.oselistener.OSEListenerDispatcher.service(OSEListener.java:331)
         at com.ibm.ws.webcontainer.http.HttpConnection.handleRequest(HttpConnection.java:56)
         at com.ibm.ws.http.HttpConnection.readAndHandleRequest(HttpConnection.java:432)
         at com.ibm.ws.http.HttpConnection.run(HttpConnection.java:343)
         at com.ibm.ws.util.ThreadPool$Worker.run(ThreadPool.java:592)
    Thanks & Regards
    Saini

    This is an SSL handshake problem of Websphere - has nothing to do with AM.
    Websphere�s JDK does not trust the Signer / Cert of AM�s deployment container.
    Either configure a truststore (or use an existing webshpere truststore) where you import the Cert of the Signing CA of your AM DC�s cert.
    Other option - import the mentioned cert in cacert file of IBM JDK - but be aware that this might get lost when applying an Websphere fixpack/refreshpack.
    BTW what have you configured for server.port,server.host and server.protocol in your AMConfig.properties?
    If you have not changed that settings agent will use the port/protocol specified to communicate with AM.
    -Bernhard

  • Sun Access Manager  - Authentication Error

    Hello everyone,
    I'm trying to configure Sun Access Manager 7.0 with sun web server 6.1 and directory server 5.2 on windows xp.
    I'm getting the following error when I try to login with uid=amAdmin
    "Permission to perform the read operation denied to uid=amAdmin,ou=People,dc=example,dc=com"
    I do not see any errors from the debug files. Could anyone help me in fixing this problem.
    Thanks in advance,
    -krishna

    Is your AM log level set to message? If not, set to message and retest. You should get output in your debug logs.
    On the agent side, set your logging to all:5

Maybe you are looking for