Access Manager Policy Agent 2.2 for Oracle 10g

Similar Messages

• Access Manager Policy Agent and Oracle AS

  Hi,
  my system uses Oracle Application Server. The security dept use Sun Access Manager. I need to integrate the security of the Oracle system with the policy agent. Where this gets a little confusing is that one of my developers tells me that this is difficult to implement and that Sun arent planning on supporting the Oracle AS in future.
  What I would like is some clarification from the horses mouth so to speak. In particular is it possible to integrate the policy agent and Oracle AS, and are Sun committed to supporting and developing for this.
  Thanks,
  Andy.

  "Where this gets a little confusing is that one of my developers tells me that this is difficult to implement"
  "it is NOT an implementation but an integration ! difficult ? why ?"
  "and that Sun arent planning on supporting the Oracle AS in future."
  There is a PA 2.2 for Oracle 10g ! It is the latest version(2.2 I mean). I don't see any reasons why Sun should not continue. But it is ONLY my point of view...
  "What I would like is some clarification from the horses mouth so to speak. In particular is it possible to integrate the policy agent and Oracle AS, and are Sun committed to supporting and developing for this."
  Of course it is possible because you can find the PA that will integrate your Oracle AS with a Sun AM.
  1) Please read the documentation.
  http://docs.sun.com/app/docs/coll/1322.1
  Download the one for Oracle and read also the user guide.
  PA are very easy to integrate if you know what you do... Espec. und. the AM auth and sso... If you can be helped by a AM guy from your comp. it is welcome... It is a j2ee agent and of course the PA will make what is necessary to redirect you to AM at login time and later to auth. your request...2)
  2) Download the soft and do the job :-)
  Product Downloads
  Sun Java System Access Manager Policy Agent 2.2 for Oracle Application Server 10g
  http://www.sun.com/download/products.xml?id=455d52ed
  I did plenty of int. with Sun/Bea/Tomcat AS(don't forget there are also webserver agents like Apache PA) with AM and it is not a big deal. Not Oracle, but it is an AS and I don't see why it should be difficult...
  Hope this helps a bit.

• Sun Access Manager,Policy Agent 2.2, IIS7?

  Hello everybody
  Is it possible to protect IIS7 with policy agent 2.2 and Sun Access Manager 7.1?
  Policy Agents 3.0 (for Open SSO) works with Sun Access Manager 7.1?
  regards!
  Alex Dávila

  Tanks handat      
  I found
  http://download.oracle.com/docs/cd/E19575-01/820-5816/galtf/index.html
  http://download.oracle.com/docs/cd/E19681-01/821-0267/gfxhz.html#scrolltoc     
  greetings
  alex davila

• Access Manager Policy Agent 2.2

  Hello
  Has anyone experienced the error noted below. This is occurring after Access Manager has validated the
  user and redirected the request back to the agent on the protected box.
  PolicyEngine: am_policy_evaluate: InternalException in Service::do_update_policy with error message:Policy query failed. and code:6
  PolicyAgent: validate_session_policy() status: Access Manager policy service failure (6)
  Any help will be greatly appreciated.

  Hi,
  Are you using a 2.1 agent ? If yes are you using a custom Authentication module ? try setting the com.sun.am.policy.am.library.loginURL if needed. Also check for valid certs if you are using ssl

• NSAPI in Access Manager & Policy Agent

  Hi all,
  May I know is it possible to use NSAPI to be a communication channel between policy agent and access manager?
  I have installed Sun One Web Server together with policy agent, access manager is installed in another machine.
  I've looked through all related documentation but could not find NSAPI for policy agent or access manager.
  Thanks in advance!

  Hi all,
  May I know is it possible to use NSAPI to be a communication channel between policy agent and access manager?
  I have installed Sun One Web Server together with policy agent, access manager is installed in another machine.
  I've looked through all related documentation but could not find NSAPI for policy agent or access manager.
  Thanks in advance!

• Need asssitance on openSSO/Access Manager-policy agent on tomcat 5.5

  I'm asking here because there is no help from openSSO forum.
  I know that openSSO is quite the same with java access manager,
  so I assume that openSSO is identical to java access manager.
  I'm very much new to the policy agent and I've tried to test it for my own web application, but it doesn't seems to work.
  Here is my situation :
  I'm using 2 servers:
  1. server using windows XP, installed with tomcat 5.5 and opensso inside (acts as openSSO server).
  I set the IP to be 192.168.0.3 and tomcat web server will be listening on port 8080
  2. server using windows XP, installed with tomcat 5.5 and my web application inside, and the policy agent.
  I set the IP to be 192.168.0.1 and tomcat web server will be listening on port 7070
  my web application is named "akademis" and I can acess it with the usual method on address http://192.168.0.1:7070/akademis.
  I install the policy agent on global web.xml of tomcat configuration and I don't change anything on web.xml of my application.
  when I tried to acess the http://192.168.0.1:7070/akademis , I wa redirected to openSSO login page correctly and I entered username and password(username:amadmin). I passed the login page and being redirected to the page that I wanted, but it doesn't do correctly cause I got a HTTP message of 403 (forbidden).
  I got some clue in the policy agent logs :
  a. the amFilter log
  09/30/2006 01:08:25:890 PM ICT: Thread[http-7070-Processor25,5,main]
  09/30/2006 01:09:14:515 PM ICT: Thread[http-7070-Processor25,5,main]
  ERROR: URLFailoverHelper: No URL is available at this time
  09/30/2006 01:09:14:515 PM ICT: Thread[http-7070-Processor25,5,main]
  ERROR: AmFilter: Error while delegating to inbound handler: SSO Task Handler, access will be denied
  [AgentException Stack]
  com.sun.identity.agents.arch.AgentException: No URL is available at this time
  at com.sun.identity.agents.common.URLFailoverHelper.getAvailableURL(URLFailoverHelper.java:133)
  at com.sun.identity.agents.filter.AmFilterRequestContext.getLoginURL(AmFilterRequestContext.java:748)
  at com.sun.identity.agents.filter.AmFilterRequestContext.getAuthRedirectURL(AmFilterRequestContext.java:285)
  at com.sun.identity.agents.filter.AmFilterRequestContext.getAuthRedirectURL(AmFilterRequestContext.java:258)
  at com.sun.identity.agents.filter.AmFilterRequestContext.getAuthRedirectResult(AmFilterRequestContext.java:363)
  at com.sun.identity.agents.filter.AmFilterRequestContext.getAuthRedirectResult(AmFilterRequestContext.java:345)
  at com.sun.identity.agents.filter.SSOTaskHandler.doSSOLogin(SSOTaskHandler.java:210)
  at com.sun.identity.agents.filter.SSOTaskHandler.process(SSOTaskHandler.java:98)
  at com.sun.identity.agents.filter.AmFilter.processTaskHandlers(AmFilter.java:185)
  at com.sun.identity.agents.filter.AmFilter.isAccessAllowed(AmFilter.java:152)
  at com.sun.identity.agents.filter.AmAgentBaseFilter.doFilter(AmAgentBaseFilter.java:38)
  at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202)
  at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
  at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213)
  at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:178)
  at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126)
  at org.apache.catalina.cluster.tcp.ReplicationValve.invoke(ReplicationValve.java:346)
  at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105)
  at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107)
  at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148)
  at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:869)
  at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:664)
  at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:527)
  at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:80)
  at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:684)
  at java.lang.Thread.run(Thread.java:595)
  b. the amLog
  09/30/2006 01:08:09:921 PM ICT: Thread[main,5,main]
  09/30/2006 01:08:10:078 PM ICT: Thread[main,5,main]
  ERROR: RemoteHandler.getLogHostURL(): 'null' is malformed. null
  I think the reson that I failed is not in the openSSO/java access manager, because I get passed the login page, and also in the amFilter log of the policy agent I see an error of "No URL is available at this time" .
  Is there anyone can help me on this problem ? I'll be very glad if somebody can help me.
  thanks

  Please try the fix as suggested in the following and let us know the results.
  http://support.microsoft.com/default.aspx?scid=kb;EN-US;196271
  http://forum.java.sun.com/thread.jspa?threadID=346820&messageID=1436761
  Thanks,
  Subba

• Chaining Access Manager Policy Agents

  Hi,
  Can we chain access manager agents, so we can pass the authentication details on to other apache server web agents.
  Step 1 - to configure a reverse proxy which uses the Access Manager & Agent to authenticate (This works ok)..
  The reverse proxy directs to a Secure Global Desktop (SGD) server which i want to use the above authentication.
  Step 2 - get the SGD server authenticating with Access Manager and the Apache Web Agent (this works ok).
  Step 3 - My question is can the web agent on the back end SGD server use the authentication credentials from the initial Reverse Proxy Access manager log in?
  This is what i am seeing at the moment.
  - I login to the reverse proxy via Access Manager and it then picks a back end SGD server.
  - It then looks like the Access Manager sits there trying to connect to the SGD server.
  - When it times out the URL in the browser is a bit confusing.. Its https://<sgd server>:<reverse proxy port> The port should be the sgd server port.
  It looks like the AM credentials and environment are ok (iPlanetDirectoryPro and REMOTE_USER).. because after it times out trying to connect to the sgd server with the wrong port number, I change this to be the correct SGD server address in the browser, and it automatically logs in like in Step 2 above.
  So my question really is can the authentication details provided at the first level apache web agent be passed down to other apache web server agents running on other servers?
  Any ideas.
  Thanks,
  Carl

  Hi,
  Can we chain access manager agents, so we can pass the authentication details on to other apache server web agents.
  Step 1 - to configure a reverse proxy which uses the Access Manager & Agent to authenticate (This works ok)..
  The reverse proxy directs to a Secure Global Desktop (SGD) server which i want to use the above authentication.
  Step 2 - get the SGD server authenticating with Access Manager and the Apache Web Agent (this works ok).
  Step 3 - My question is can the web agent on the back end SGD server use the authentication credentials from the initial Reverse Proxy Access manager log in?
  This is what i am seeing at the moment.
  - I login to the reverse proxy via Access Manager and it then picks a back end SGD server.
  - It then looks like the Access Manager sits there trying to connect to the SGD server.
  - When it times out the URL in the browser is a bit confusing.. Its https://<sgd server>:<reverse proxy port> The port should be the sgd server port.
  It looks like the AM credentials and environment are ok (iPlanetDirectoryPro and REMOTE_USER).. because after it times out trying to connect to the sgd server with the wrong port number, I change this to be the correct SGD server address in the browser, and it automatically logs in like in Step 2 above.
  So my question really is can the authentication details provided at the first level apache web agent be passed down to other apache web server agents running on other servers?
  Any ideas.
  Thanks,
  Carl

• Unable to install policy agent 2.2 for Webserver 6.1 on Windows 2003

  Hi everybody,
  I've installed Java Enterprise Server (last version) on Windows 2003 with these components:
  - Directory Server
  - Access Manager
  - Webserver
  - Administration Server
  Everything works good, I can access all those components.
  Now I want to use Policy Agent 2.2. So I've downloaded it and I've tried to install...
  But during the installation process, an error message appear when I select the Web Server instance directory to protect.
  It says: "invalid web server instance - on windows, Access Manager Policy Agent only supports Web Server 6.0 and 6.1.....".
  The problem is that I work with WebServer 6.1....
  I really don't know what to do now... This message prevent me to go further.
  What's the problem? How can I avoid this?
  Thanks for your help!
  Adrien

  Okay, here's what it says:
  "The upgrade patch cannot be installed by the Windows Installer service because the program to be upgraded may be missing, ot the updgrade pathc may update a different version of the program. Verify that the program to be upgraded exists on your computer and that you have the correct update patch".
  I don't even know what program I'm supposed to have.
  Ideas, anyone?

• Policy Agent 2.2 for Apache HTTP Server

  hi,
  I'm trying to configure Policy Agent 2.2 for apache http server.
  The agent seems to be installed properly, in fact when I access the protected resource, I get the Access Manager login page.
  Then I log into access manager, but I'm redirected to an error page.
  Looking in log files I can see:
  agent's "amAgent" log file:
  Debug 10763:f8fe0 AuthService: HTTP Status = 200 (OK)
  Debug 10763:f8fe0 AuthService: Http::Response::readAndParse(): No content length in response.
  Debug 10763:f8fe0 ServiceEngine: Service::do_agent_auth_login(): Setting password callback.
  Debug 10763:f8fe0 ServiceEngine: Service::do_agent_auth_login(): Setting name callback to 'apache2Agent'.
  Debug 10763:f8fe0 AuthService: BaseService::sendRequest Cookie and Headers =Host: crmzone.company.icteam.it     
                 Cookie: JSESSIONID=193E5E1590C924A42B95A00A51DC0479;amlbcookie=01
  Debug 10763:f8fe0 AuthService: BaseService::sendRequest Content-Length =Content-Length: 620
  Debug 10763:f8fe0 AuthService: BaseService::sendRequest Header Suffix =Accept: text/xml
                 Content-Type: text/xml; charset=UTF-8
  Debug 10763:f8fe0 AuthService: HTTP Status = 200 (OK)
  Debug 10763:f8fe0 AuthService: Http::Response::readAndParse(): No content length in response.
  Error 10763:f8fe0 AuthService: AuthService::processLoginStatus() Exception message=[Application user ID is not valid.] errorCode='107' templateName=login_failed_template.jsp.
  Error 10763:f8fe0 PolicyEngine: am_policy_evaluate: InternalException in AuthService::processLoginStatus() with error message:Exception message=[Application user ID is not valid.] errorCode='107' templateName=login_failed_template.jsp and code:3
  Warning 10763:f8fe0 PolicyAgent: am_web_is_access_allowed()(http://10.0.0.31:80/SugarOS-Full-4.5.0f, GET) denying access: status = Access Manager authentication service failure
  Debug 10763:f8fe0 PolicyAgent: am_web_is_access_allowed(): Successfully logged to remote server for GET action by user unknown user to resource http://10.0.0.31:80/SugarOS-Full-4.5.0f.
  Info 10763:f8fe0 PolicyAgent: am_web_is_access_allowed()(http://10.0.0.31:80/SugarOS-Full-4.5.0f, GET) returning status: Access Manager authentication service failure.
  Info 10763:f8fe0 PolicyAgent: process_request(): Access check for URL http://10.0.0.31/SugarOS-Full-4.5.0f returned Access Manager authentication service failure.
  Debug 10763:f8fe0 PolicyAgent: process_request(): returning web result AM_WEB_RESULT_ERROR, data []
  Debug 10763:f8fe0 PolicyAgent: am_web_process_request(): Rendering web result AM_WEB_RESULT_ERROR
  Debug 10763:f8fe0 PolicyAgent: am_web_process_request(): render result function returned AM_SUCCESS.
  Access Manager's "amAuthentication.error" log file:
  "Login Failed|module_instance|Application" Application AUTHENTICATION-268 dc=opensso,dc=java,dc=net "Not Available" INFO apache2Agent 10.0.0.31 "cn=dsameuser,ou=DSAME Users,dc=opensso,dc=java,dc=net" CRMzone
  I tried to change the name of the agent either in its AMAgent.properties or in Access Manager "Agents" configuration page.
  I also used "crypt_util" to generate a new passoword, but nothing seems to happen.
  Where should I look to get more info about this problem? Specific log file?
  Is it due to wrong name/id/password of the agent? I really checked them many times...
  Thanks
  Fabio

  I think the error message "Application user ID is not valid" is pretty self evident.
  Log into the amconsole and go to the root realm/organization. Make sure the Agent profile exists and reset the password again to know value. If you created the agent profile in a sub realm/organization, you will need to make sure the subrealm/organization is set in the AMAgent.properties since the default value is / for the root realm/organization. Update the AMAgent.properties file will the Agent ID and the password generated by the crypt_it tool (com.sun.am.policy.am.username, com.sun.am.policy.am.password)
  If that doesn't work, check the amApplication debug log and then look at the ldap server access logs to see why the auth bind failed.

• SUn Policy Agent 2.2 for Weblogic 92

  We are using SUN POlicy agent 2.2. (for Weblogic) for Access Manager 6.3
  For this particular application I intermittantly get SSOToken invald message
  Its a sporadic behavior (sometimes work sometime does not)
  error -
  02/02/2007 12:22:41:057 PM EST: Thread[[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)',5,Pooled Threads]
  SSOTokenValidator.validate(): Exception caught
  com.iplanet.sso.SSOException: AQIC5wM2LY4Sfcw k8CIsj Jujq92ltM5fNZJxh2qFYpAyw=@AAJTSQACMDE=# Invalid session ID.AQIC5wM2LY4Sfcw k8CIsj Jujq92ltM5fNZJxh2qFYpAyw=@AAJTSQACMDE=#

  check the patch level of AM 6.3, it should be higher than 1

• This log -------------policy agent 2.1 for iis5.0

  Sun Java System Identity Server Policy Agent 2.1 for Microsoft IIS 5.0
  Sun\Identity_Server\Agents\2.1\debug\C__Inetpub_wwwroot\amAgent
  2004-07-25 18:06:22.156 Warning 1064:00D01120 PolicyAgent: OnPreprocHeaders(): Identity Server Cookie not found.
  2004-07-25 18:06:22.156 Error 1064:00D01120 PolicyAgent: do_redirect() ServerSupportFunction did not succeed: Attempted status = 302 Found
  2004-07-25 18:06:22.156 Warning 1064:00D01120 PolicyAgent: OnPreprocHeaders(): No cookies found.
  2004-07-25 18:06:22.156 Error 1064:00D01120 PolicyAgent: do_redirect() ServerSupportFunction did not succeed: Attempted status = 302 Found
  2004-07-25 18:07:53.921 Error 1064:00D01120 PolicyEngine: am_policy_evaluate: InternalException in Service::getPolicyResult with error message:Policy not found for resource: http://guorui.mygodsun.com:49153/index.asp and code:7
  2004-07-25 18:07:53.921 Warning 1064:00D01120 PolicyAgent: am_web_is_access_allowed(http://guorui.mygodsun.com:49153/index.asp, GET) denying access: status = no policy found (7)
  2004-07-25 18:07:53.937 128 1064:00D01120 RemoteLog: User amAdmin was denied access to http://guorui.mygodsun.com:49153/index.asp.
  2004-07-25 18:07:54.062 Error 1064:00D01120 PolicyAgent: do_redirect(): Error while calling am_web_get_redirect_url(): status = success
  2004-07-25 18:07:54.078 Error 1064:00D01120 PolicyAgent: do_redirect() WriteClient did not succeed: Attempted message = HTTP/1.1 403 Forbidden
  Content-Length: 13
  Content-Type: text/plain
  403 Forbidden
  from that log,help me
  my:
  Sun Java System Identity Server 6.1
  Sun Java System Directory Server 5.2
  Sun Java System Identity Server Policy Agent 2.1 for Microsoft IIS 5.0
  help me for that how config?
  what error ?
  thanks!

  Sorr for so many people faced the sam or similar issues. I just joined this support a short while. If you think any old problem which is still critical to you, please repost. We shall try our best to give you assistance. Jerry
  Here are some of tips for debugging Web agent.
  From the AMAgent.properties, are both IIS and AM are in the same domain? If they are not, then you need to use CDSSO. Also please check in AM, under "Service Configuration-> Platform -> Cookie Domains" , whether cookie is set for the entire domain which includes AM and IIS ("test.com") or just the AM machine name.
  Also check whether correct value for "Agent-Identity Server Shared Secret" is entered. This should be your internal ldap password (amldapuser). In the AMAgent.properties for the below property the password will be encrypted and assigned: "com.sun.am.policy.am.password".
  Could you also check if the Identity servver and the IIS web server are time synchronized. The problem may be that agent requests policy decisions and the response from server may be timed out due to non-syncrhonized clock.
  Don't forget to restart the whole IIS service using internet
  management console after making agent changes.
  Some of the common error codes:
  20: Application authentication failed. This occurs when Agent cannot sucessfully authenticate with Identity Server. This is mainly due to incorrect password for agent entered during agent installation. Please refer to another faq describing how to change password.
  7: Policy not found. This error occurs typically if there are no policies defined on Identity server for the given web server URL. Otherwise, there may be time skew between Identity Server and Agent. So, polices fetched from Identity Server is instantly flushed by Agent and attempted to refetch over and over again. This can be solved by running rdate or similar command to synchronize time between the two machines. It is recommended to run NNTP server syncrhonize times between your Identity systems.

• Web Policy Agent 2.1 for Apache 1.3.27 with Identity Server 6.1

  Web Policy Agent 2.1 for Apache 1.3.27 with Identity Server 6.1
  Does anybody has a working combination of the above ? I get a ID login page and after that I always get a access denied page. I get this exception on the agent logs:
  2004-10-14 16:28:00.917 Warning 6347:c1818 PolicyAgent: in get_cookie: no cooki
  e in ap_table
  2004-10-14 16:28:01.895 Warning 6359:c1818 PolicyAgent: Invalid URL for propert
  y (com.sun.am.policy.agents.accessDeniedURL) specified
  2004-10-14 16:28:56.742 Warning 6349:c1818 PolicyAgent: am_web_is_access_allowe
  d(http://xx.xx.xx.net:8080/, GET) denying access: status = access de
  nied (20)
  2004-10-14 16:28:56.743 128 6349:c1818 RemoteLog: User testuser1 was denie
  d access to http://xx.xx.xx.net:8080/.
  2004-10-14 16:28:56.831 -1 6349:c1818 PolicyAgent: URL Access Agent: acces
  s denied to testuser1
  We can ignore Invalid URL property part because its just looking for a custom url in place there. I have cookies enabled in my browser. I even turned on the prompt option. No luck yet.
  Any suggestions would be of great help.
  Thanks,
  Sunil.

  From your description, since the agent installs file with a different JRE, I would suspect it has something to do with the availability of JCE provider in the first JRE. By default, WebSphere's JRE is equipped with IBM JCE provider which is what the agent uses to encrypt the necessary
  information. If this provider is not configured correctly it could result in the error that you are seeing. Please check the WebSphere installation and make sure that the JRE used by it has the necessary IBM JCE provider configured. The java.security file for this should contain something like:
  security.provider.1=sun.security.provider.Sun
  security.provider.2=com.ibm.crypto.provider.IBMJCE
  security.provider.3=com.ibm.jsse.IBMJSSEProvider
  security.provider.4=com.ibm.security.cert.IBMCertPath
  security.provider.5=com.ibm.crypto.pkcs11.provider.IBMPKCS11
  Also, make sure that when you are installing the agent you specify the Java Home as prompted by the agent to point to the location where this JRE is installed. Typically this is under WebSphere/AppServer/java directory. HTH, Jerry

• Novell Access Manager J2EE Agent Installation

  First post and first time attempting to install NETIQ unto my desktop. I'm a little confused as to the section of "Novell Access Manager J2EE Agent Installation" and what to enter for my Admin Console IP Address, username, password, & Application Server IP Address?... I'm not sure as to where to get this information from,..so if anyone could assist me, I'd greatly appreciate it very much, thanks in advance.

  kpjones76,
  It appears that in the past few days you have not received a response to your
  posting. That concerns us, and has triggered this automated reply.
  Has your problem been resolved? If not, you might try one of the following options:
  - Visit http://support.novell.com and search the knowledgebase and/or check all
  the other self support options and support programs available.
  - You could also try posting your message again. Make sure it is posted in the
  correct newsgroup. (http://forums.novell.com)
  Be sure to read the forum FAQ about what to expect in the way of responses:
  http://forums.novell.com/faq.php
  If this is a reply to a duplicate posting, please ignore and accept our apologies
  and rest assured we will issue a stern reprimand to our posting bot.
  Good luck!
  Your Novell Product Support Forums Team
  http://forums.novell.com/

• Sun One Identity Server Policy Agent 2.0 for IIS 5.0

  Hi,
  I try to use Sun Indentity Server with IIS, so I installed policy agent 2.0 for IIS 5.0. my operating system is Windows 2000 professional. I can see the ISAPI fiiter is loaded, but when I try to test the installation by access a testing page, like http://localhost/test.asp, I can not go anywhere, the sun identity server log in page is not loaded. I checked the debug log file, there are just two warning message:
  2003-02-12 11:11:52.314 Warning 1316:00A548E8 PolicyAgent: Invalid URL for property (com.sun.am.policy.agents.accessDeniedURL) specified
  2003-02-12 11:11:52.798 Warning 1316:00A548E8 PolicyAgent: FqdnHandler::FqdnHandler() No value specified for fqdnMap.
  Could someone help me out here? Any suggestion will be appreciated.
  Thanks,
  Harold Chen

  Well, it's in the Agent's installation guide, section "Read me first", "Setting Fully Qualified Domain Name". :)

• Policy Agent 2.1 for IBM WebSphere Application Server 5.0 can't install

  I install Policy Agent 2.1 for IBM WebSphere Application Server 5.0
  But Can't install success
  resone:
  Base Installation completed Successfully
  WebSphere 5.0 Agent ClassPath : C:/Sun/IdentityServer/j2ee_agents/lib/am_sdk.jar;C:/Sun/IdentityServer/j2ee_agents/lib/am_services.jar;C:/Sun/IdentityServer/j2ee_agents/lib/am_sso_provider.jar;C:/Sun/IdentityServer/j2ee_agents/lib/am_logging.jar;C:/Sun/IdentityServer/j2ee_agents/config/F__Program Files_WebSphere_AppServer_config_cells_tmbsp103_nodes_tmbsp103_servers_server1;C:/Sun/IdentityServer/j2ee_agents/locale
  WebSphere 5.0 Agent Boot ClassPath : C:/Sun/IdentityServer/j2ee_agents/lib/jdk_logging.jar
  WebSphere 5.0 Agent JVM options : -Damconfig=AMAgent -Dmax_conn_pool=10 -Dmin_conn_pool=1 -Dcom.iplanet.coreservices.configpath=C:/Sun/IdentityServer/j2ee_agents/config/F__Program Files_WebSphere_AppServer_config_cells_tmbsp103_nodes_tmbsp103_servers_server1/ums -Djava.util.logging.manager=com.sun.identity.log.LogManager -Djava.util.logging.config.file=C:/Sun/IdentityServer/j2ee_agents/config/F__Program Files_WebSphere_AppServer_config_cells_tmbsp103_nodes_tmbsp103_servers_server1/AMAgent.properties -Djava.protocol.handler.pkgs=com.ibm.net.ssl.internal.www.protocol -Dws.ext.dirs=C:/Sun/IdentityServer/j2ee_agents/lib
  The server.policy file was configured successfully.
  Global Security Settings Configured Successfully.
  sas.client.props file Configuration FAILED.
  soap.client.props file Configuration FAILED.
  sas.client.props /soap.client.props two file how to Configuration ??

  From your description, since the agent installs file with a different JRE, I would suspect it has something to do with the availability of JCE provider in the first JRE. By default, WebSphere's JRE is equipped with IBM JCE provider which is what the agent uses to encrypt the necessary
  information. If this provider is not configured correctly it could result in the error that you are seeing. Please check the WebSphere installation and make sure that the JRE used by it has the necessary IBM JCE provider configured. The java.security file for this should contain something like:
  security.provider.1=sun.security.provider.Sun
  security.provider.2=com.ibm.crypto.provider.IBMJCE
  security.provider.3=com.ibm.jsse.IBMJSSEProvider
  security.provider.4=com.ibm.security.cert.IBMCertPath
  security.provider.5=com.ibm.crypto.pkcs11.provider.IBMPKCS11
  Also, make sure that when you are installing the agent you specify the Java Home as prompted by the agent to point to the location where this JRE is installed. Typically this is under WebSphere/AppServer/java directory. HTH, Jerry