Access Manager Policy Agent and Oracle AS

Hi,
my system uses Oracle Application Server. The security dept use Sun Access Manager. I need to integrate the security of the Oracle system with the policy agent. Where this gets a little confusing is that one of my developers tells me that this is difficult to implement and that Sun arent planning on supporting the Oracle AS in future.
What I would like is some clarification from the horses mouth so to speak. In particular is it possible to integrate the policy agent and Oracle AS, and are Sun committed to supporting and developing for this.
Thanks,
Andy.

"Where this gets a little confusing is that one of my developers tells me that this is difficult to implement"
"it is NOT an implementation but an integration ! difficult ? why ?"
"and that Sun arent planning on supporting the Oracle AS in future."
There is a PA 2.2 for Oracle 10g ! It is the latest version(2.2 I mean). I don't see any reasons why Sun should not continue. But it is ONLY my point of view...
"What I would like is some clarification from the horses mouth so to speak. In particular is it possible to integrate the policy agent and Oracle AS, and are Sun committed to supporting and developing for this."
Of course it is possible because you can find the PA that will integrate your Oracle AS with a Sun AM.
1) Please read the documentation.
http://docs.sun.com/app/docs/coll/1322.1
Download the one for Oracle and read also the user guide.
PA are very easy to integrate if you know what you do... Espec. und. the AM auth and sso... If you can be helped by a AM guy from your comp. it is welcome... It is a j2ee agent and of course the PA will make what is necessary to redirect you to AM at login time and later to auth. your request...2)
2) Download the soft and do the job :-)
Product Downloads
Sun Java System Access Manager Policy Agent 2.2 for Oracle Application Server 10g
http://www.sun.com/download/products.xml?id=455d52ed
I did plenty of int. with Sun/Bea/Tomcat AS(don't forget there are also webserver agents like Apache PA) with AM and it is not a big deal. Not Oracle, but it is an AS and I don't see why it should be difficult...
Hope this helps a bit.

Similar Messages

  • NSAPI in Access Manager & Policy Agent

    Hi all,
    May I know is it possible to use NSAPI to be a communication channel between policy agent and access manager?
    I have installed Sun One Web Server together with policy agent, access manager is installed in another machine.
    I've looked through all related documentation but could not find NSAPI for policy agent or access manager.
    Thanks in advance!

    Hi all,
    May I know is it possible to use NSAPI to be a communication channel between policy agent and access manager?
    I have installed Sun One Web Server together with policy agent, access manager is installed in another machine.
    I've looked through all related documentation but could not find NSAPI for policy agent or access manager.
    Thanks in advance!

  • Access Manager Policy Agent 2.2

    Hello
    Has anyone experienced the error noted below. This is occurring after Access Manager has validated the
    user and redirected the request back to the agent on the protected box.
    PolicyEngine: am_policy_evaluate: InternalException in Service::do_update_policy with error message:Policy query failed. and code:6
    PolicyAgent: validate_session_policy() status: Access Manager policy service failure (6)
    Any help will be greatly appreciated.

    Hi,
    Are you using a 2.1 agent ? If yes are you using a custom Authentication module ? try setting the com.sun.am.policy.am.library.loginURL if needed. Also check for valid certs if you are using ssl

  • Need asssitance on openSSO/Access Manager-policy agent on tomcat 5.5

    I'm asking here because there is no help from openSSO forum.
    I know that openSSO is quite the same with java access manager,
    so I assume that openSSO is identical to java access manager.
    I'm very much new to the policy agent and I've tried to test it for my own web application, but it doesn't seems to work.
    Here is my situation :
    I'm using 2 servers:
    1. server using windows XP, installed with tomcat 5.5 and opensso inside (acts as openSSO server).
    I set the IP to be 192.168.0.3 and tomcat web server will be listening on port 8080
    2. server using windows XP, installed with tomcat 5.5 and my web application inside, and the policy agent.
    I set the IP to be 192.168.0.1 and tomcat web server will be listening on port 7070
    my web application is named "akademis" and I can acess it with the usual method on address http://192.168.0.1:7070/akademis.
    I install the policy agent on global web.xml of tomcat configuration and I don't change anything on web.xml of my application.
    when I tried to acess the http://192.168.0.1:7070/akademis , I wa redirected to openSSO login page correctly and I entered username and password(username:amadmin). I passed the login page and being redirected to the page that I wanted, but it doesn't do correctly cause I got a HTTP message of 403 (forbidden).
    I got some clue in the policy agent logs :
    a. the amFilter log
    09/30/2006 01:08:25:890 PM ICT: Thread[http-7070-Processor25,5,main]
    09/30/2006 01:09:14:515 PM ICT: Thread[http-7070-Processor25,5,main]
    ERROR: URLFailoverHelper: No URL is available at this time
    09/30/2006 01:09:14:515 PM ICT: Thread[http-7070-Processor25,5,main]
    ERROR: AmFilter: Error while delegating to inbound handler: SSO Task Handler, access will be denied
    [AgentException Stack]
    com.sun.identity.agents.arch.AgentException: No URL is available at this time
    at com.sun.identity.agents.common.URLFailoverHelper.getAvailableURL(URLFailoverHelper.java:133)
    at com.sun.identity.agents.filter.AmFilterRequestContext.getLoginURL(AmFilterRequestContext.java:748)
    at com.sun.identity.agents.filter.AmFilterRequestContext.getAuthRedirectURL(AmFilterRequestContext.java:285)
    at com.sun.identity.agents.filter.AmFilterRequestContext.getAuthRedirectURL(AmFilterRequestContext.java:258)
    at com.sun.identity.agents.filter.AmFilterRequestContext.getAuthRedirectResult(AmFilterRequestContext.java:363)
    at com.sun.identity.agents.filter.AmFilterRequestContext.getAuthRedirectResult(AmFilterRequestContext.java:345)
    at com.sun.identity.agents.filter.SSOTaskHandler.doSSOLogin(SSOTaskHandler.java:210)
    at com.sun.identity.agents.filter.SSOTaskHandler.process(SSOTaskHandler.java:98)
    at com.sun.identity.agents.filter.AmFilter.processTaskHandlers(AmFilter.java:185)
    at com.sun.identity.agents.filter.AmFilter.isAccessAllowed(AmFilter.java:152)
    at com.sun.identity.agents.filter.AmAgentBaseFilter.doFilter(AmAgentBaseFilter.java:38)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
    at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213)
    at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:178)
    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126)
    at org.apache.catalina.cluster.tcp.ReplicationValve.invoke(ReplicationValve.java:346)
    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105)
    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107)
    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148)
    at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:869)
    at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:664)
    at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:527)
    at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:80)
    at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:684)
    at java.lang.Thread.run(Thread.java:595)
    b. the amLog
    09/30/2006 01:08:09:921 PM ICT: Thread[main,5,main]
    09/30/2006 01:08:10:078 PM ICT: Thread[main,5,main]
    ERROR: RemoteHandler.getLogHostURL(): 'null' is malformed. null
    I think the reson that I failed is not in the openSSO/java access manager, because I get passed the login page, and also in the amFilter log of the policy agent I see an error of "No URL is available at this time" .
    Is there anyone can help me on this problem ? I'll be very glad if somebody can help me.
    thanks

    Please try the fix as suggested in the following and let us know the results.
    http://support.microsoft.com/default.aspx?scid=kb;EN-US;196271
    http://forum.java.sun.com/thread.jspa?threadID=346820&messageID=1436761
    Thanks,
    Subba

  • Access Manager Policy Agent 2.2 for Oracle 10g

    I Installed AM Policy Agent 2.2 on Oracle App Server 10g (10.1.3). After install I don't get the redirect to the AM login page. The agent does not appear to be activated. When I restart the Oracle App server I expect to see logs entries from the agent in <agenthome>/logs/debug, but I don't get any log entries.
    The agent was installed as oracle (same as the 10g server).
    Entries in the 10g global application.xml for the agent:
    ibrary path="/opt/AMAgent/j2ee_agents/am_oracle1012_agent/agent_001/config">
    </library>
    <library path="/opt/AMAgent/j2ee_agents/am_oracle1012_agent/locale">
    </library>
    <library path="/opt/AMAgent/j2ee_agents/am_oracle1012_agent/lib/agent.jar">
    </library>
    <library path="/opt/AMAgent/j2ee_agents/am_oracle1012_agent/lib/amclientsdk.jar">
    </library>
    AMAgent.properties settings:
    com.iplanet.services.debug.level=message
    com.sun.identity.agents.config.filter.mode = URL_POLICY
    My goal is to protect all apps with SSO and basic url policies.
    Any ideas on what I'm doing wrong? missing?

    Hi,
    have you added the agent filter for the application you are trying to protect
    <filter>
    <filter-name>Agent</filter-name>
    <display-name>Agent</display-name>
    <filter-class>
    com.sun.identity.agents.filter.AmAgentFilter
    </filter-class>
    </filter>
    <filter-mapping>
    <filter-name>Agent</filter-name>
    <url-pattern>/*</url-pattern>
    </filter-mapping>

  • Sun Access Manager,Policy Agent 2.2, IIS7?

    Hello everybody
    Is it possible to protect IIS7 with policy agent 2.2 and Sun Access Manager 7.1?
    Policy Agents 3.0 (for Open SSO) works with Sun Access Manager 7.1?
    regards!
    Alex Dávila

    Tanks handat      
    I found
    http://download.oracle.com/docs/cd/E19575-01/820-5816/galtf/index.html
    http://download.oracle.com/docs/cd/E19681-01/821-0267/gfxhz.html#scrolltoc     
    greetings
    alex davila

  • Chaining Access Manager Policy Agents

    Hi,
    Can we chain access manager agents, so we can pass the authentication details on to other apache server web agents.
    Step 1 - to configure a reverse proxy which uses the Access Manager & Agent to authenticate (This works ok)..
    The reverse proxy directs to a Secure Global Desktop (SGD) server which i want to use the above authentication.
    Step 2 - get the SGD server authenticating with Access Manager and the Apache Web Agent (this works ok).
    Step 3 - My question is can the web agent on the back end SGD server use the authentication credentials from the initial Reverse Proxy Access manager log in?
    This is what i am seeing at the moment.
    - I login to the reverse proxy via Access Manager and it then picks a back end SGD server.
    - It then looks like the Access Manager sits there trying to connect to the SGD server.
    - When it times out the URL in the browser is a bit confusing.. Its https://<sgd server>:<reverse proxy port> The port should be the sgd server port.
    It looks like the AM credentials and environment are ok (iPlanetDirectoryPro and REMOTE_USER).. because after it times out trying to connect to the sgd server with the wrong port number, I change this to be the correct SGD server address in the browser, and it automatically logs in like in Step 2 above.
    So my question really is can the authentication details provided at the first level apache web agent be passed down to other apache web server agents running on other servers?
    Any ideas.
    Thanks,
    Carl

    Hi,
    Can we chain access manager agents, so we can pass the authentication details on to other apache server web agents.
    Step 1 - to configure a reverse proxy which uses the Access Manager & Agent to authenticate (This works ok)..
    The reverse proxy directs to a Secure Global Desktop (SGD) server which i want to use the above authentication.
    Step 2 - get the SGD server authenticating with Access Manager and the Apache Web Agent (this works ok).
    Step 3 - My question is can the web agent on the back end SGD server use the authentication credentials from the initial Reverse Proxy Access manager log in?
    This is what i am seeing at the moment.
    - I login to the reverse proxy via Access Manager and it then picks a back end SGD server.
    - It then looks like the Access Manager sits there trying to connect to the SGD server.
    - When it times out the URL in the browser is a bit confusing.. Its https://<sgd server>:<reverse proxy port> The port should be the sgd server port.
    It looks like the AM credentials and environment are ok (iPlanetDirectoryPro and REMOTE_USER).. because after it times out trying to connect to the sgd server with the wrong port number, I change this to be the correct SGD server address in the browser, and it automatically logs in like in Step 2 above.
    So my question really is can the authentication details provided at the first level apache web agent be passed down to other apache web server agents running on other servers?
    Any ideas.
    Thanks,
    Carl

  • Novell Access Manager J2EE Agent Installation

    First post and first time attempting to install NETIQ unto my desktop. I'm a little confused as to the section of "Novell Access Manager J2EE Agent Installation" and what to enter for my Admin Console IP Address, username, password, & Application Server IP Address?... I'm not sure as to where to get this information from,..so if anyone could assist me, I'd greatly appreciate it very much, thanks in advance.

    kpjones76,
    It appears that in the past few days you have not received a response to your
    posting. That concerns us, and has triggered this automated reply.
    Has your problem been resolved? If not, you might try one of the following options:
    - Visit http://support.novell.com and search the knowledgebase and/or check all
    the other self support options and support programs available.
    - You could also try posting your message again. Make sure it is posted in the
    correct newsgroup. (http://forums.novell.com)
    Be sure to read the forum FAQ about what to expect in the way of responses:
    http://forums.novell.com/faq.php
    If this is a reply to a duplicate posting, please ignore and accept our apologies
    and rest assured we will issue a stern reprimand to our posting bot.
    Good luck!
    Your Novell Product Support Forums Team
    http://forums.novell.com/

  • Policy agent and normal portal logon on one portal

    We run a shared portal infrastructure and want to use multiple logon methods for accessing ESS MSS portal applications.
    Is it possible to logon via Policy Agent and with normal sap poral logon to the same application?

    We have 3 bespoke types of SSO logon methods, JAAS, SAML and PKI.
    This means users can logon via our bespoke SSO solutions or via the normal SAP standard delivered logon method with UID and password.
    Currently we are investigating if we can also implement the Sun policy agent as logon method for the Poral and WAS. It should run in parallel with our current solutions without harming them.

  • Difference between web policy agent and j2ee Policy agent ?

    Difference between web policy agent and j2ee Policy agent ?

    http://docs.sun.com/app/docs/doc/820-5816/ghscr?a=view

  • Oracle access manager - Policy domain - Return Type

    Hi,
    I have a requirement where I need to return few LDAP parameter values through Policy domain while redirecting. But the return type should be propertytype and not headervar or cookie. This is SSO integration with websphere using JAAS subject. We have inhouse TAI connector developed for integration between websphere and oracle access manager.
    Please help me to resolve this issue.
    Regards,
    Prashant

    Hi Prashant,
    OAM can return any type that you want, and OAM will set the name/value for that type - you can put "propertytype" in the type column, and the name and return attribute in the respective fields. "Cookie" and "HeaderVar" are the only types used by OAM WebGates, but your AccessGate (custom in-house connector) should be able to retrieve the values of propertytype that OAM sets.
    Regards,
    Colin

  • How to manage coexistance of IIS policy agent and sun-passthrough from AS

    We have an ISS 6 with Policy Agent 2.2 and on same instance we have the sun-passthrough plugin installed to redirect certain pages to an Application mounted on Sun App Server 8,2. We need to apply policies to requests to those pages before redirection is done but seams that passthrough plugin is taking precedence over Policy Agent. Therefore, policies are not evaluated and all traffic is passed. PA agent is installed as a wild card and passthrough as an ISAPI filter. We do not see a way to change priority (already set to HIGH) for the passthrough plugin. PA has the option on amAgent.properties and we set it allready to HIGH. Any hint?
    Edited by: blancay on Sep 20, 2008 9:47 AM

    1) How to restrict the new employee from availing any type of leave company have a policy only after completion of probation employee can avail sick leave?
    Note 897623 User Exits in PT
    Use user exit to check It0019 or monitoring of tasks or reminder of dates or 0041 IT
    2) Sick leaves can be availed only after completion of 1 year wht are the settings do i need to set?
    You can use quota deduction and user exit and read dates from 0041 for his entry date in company
    3) Earned leaves can be given to employees those who complete 2 years of service? what are the settings for this?
    base entitlement ie seniority quota check table v_t559l
    4) Intervening holidays and weekly offs can be treated as leaves in sick leave as well as earned leaves what are the customizing settings for this?
    counting rule and exit
    5) only female employees are entitled to avail maternity leave?what are the settings for this?
    feature pe03 MASEX  Set Infotype 80 Admissability for Employees
    read more on help.sap.com

  • Oracle Access Manager (IDM suite) And Jdev

    We plan to use Access manager et the front end of Jdev ADFBC JSF web application ..
    How can we integrate our java application with Access Manager
    We can't find any code or application sample about that...
    Any extention planned for Access Manager like portlet extention ?
    (is true forum here ?)
    Thanks for your help....

    repost...

  • Policy Agent and WebMethods Portal

    Hi,
    Is the PolicyAgent required to authenticate users and control the access to resources ?
    If yes, can we use the PolicyAgent/AccessManager with any server like for example WebMethods Portal ?
    Thanks,
    Adel

    Thanks for the reply, Shivaram. The issue appears to occur at random time, not accurately at the 3 min interval as you mention. I tested changing this value to 1, theoretically, after one 1 minute of idle time, accessing a link would make the agent reset the time idle value for the user session in SAM, but it didn't even after 3 minutes. This seems to be either a policy agent or system access manager bug.
    We performed a 'vanilla' test using the apache server manual pages (only plain HTML, no POST requests), the pages are protected by the policy agent. At the first login, rwe were prompted to enter credential to be validated by SAM/LDAP, and then a user session is created in SAM session table. We browse around the manual pages, once in a while, certain pages cause the policy agent to reset the time idle. However, revisiting these links after a few minutes doesn't reset the idle value. Caching setting has been disable as well. Could there be or lack of some settings in AMConfig.properties or AMAgent.properties that might have caused this behavior?
    Thanks for all your help,

  • Oracle Access Manager 11g r2 with Oracle Entitlement Server 11g r2

    Hello,
    I would like to set up a configuration with Oracle Access Manager 11g r2 where Authentication is against Active Directory, and Authorisation is against Oracle internet Directory
    Access Manager has to get authorizations from Oracle internet Directory via Oracle Entitlement Server
    I cant find any document describing how to integrate Oracle Access Manager with Oracle Entitlement Server
    could any one help ?
    Regards

    Hi all,
    I am facing some issue with the distribution of the policy in the security module of OES.
    The "application" distribution tab allows me to distribute the policy created but does not generate any distribution ID or address for webservice access.
    I am using OES 11.1.5
    Thanks in advance.

Maybe you are looking for

  • Can´t connect iphone to macbook air  using bluetooth

    The bluetooth is on in both devices, they get connected for a few seconds, but then they go "not connected", i´m trying to use airdrop, but nothing i do seems to work.

  • Suddenly No Images in Bridge

    I am running CS3 with Bridge. When I open Bridge no images show in the preview area. It shows how many images we have in the file, but the image area is totally blank. It was working fine until today. Help! Update: Now Bridge won't open at all...It s

  • DBMS_JOBS

    Hi , On a production system a job is failing . The reason for the same i know are 1. Either the procedure being called is returning an exception . 2. JOB_QUEUE_PROCESSES=0 except for that is there enviornment setting that might not make the job work

  • Question: using Adobe CS6 on Windows 8

    I am about to purchase Adobe CS6 soon. Noticed that the specifcations say it needs at least Win XP or Win 7. I will be using Windows 8 & need clear clarification that Adobe CS6 will work perfectly and smoothly on Windows 8.  If there are serious setb

  • Color blend mode / Color brush mode doesn't work

    Hello, I have CS3, working on Windows 7/64.  For some reason, I cannot get color modes to work.  I would like to be able to sample a color from one area, and use a brush set on "color" instead of "normal" to paint.  Instead, all it does is darken and