ACS Server and Downloading Certificate for LDAP External DB

Similar Messages

• I signed up for iCloud and downloaded everything for it. According to my iTunes account, everything should be swell, but when I try to sign into the Cloud, it tells me my Apple ID is valid but it's not an iCloud account. What do I do??

  I signed up for iCloud and downloaded everything for it. According to my iTunes account, everything should be swell, but when I try to sign into the Cloud, it tells me my Apple ID is valid but it's not an iCloud account. What do I do??IC

  Hi DesCoop,
  You must initiallly activate iCloud from an IOS device or a Mac. You cannot inititally activated from a PC.
  Sorry.
  GB

• Need to add print and download options for report in new window

  Hi,
  On one of the columns empid of the report1 (which is on the dashboard) , I am using navigation and pointing it to report2.
  Report1 has all the links, print, download and refresh (I enabled them using the section properties) but when I click on empid and it takes me to report2, then I don't see any links under that report. I want to include print and download links for report2 when it opens in the new window.
  I know, one way is to embedd that report in the dashboard page and hide it, but is there any other way of doing it?
  Any help would be highly appreciated.
  Thanks,
  Ronny

  Ronny wrote:
  Just to clarify again, I am using a navigation from report1 (which is on the dashboard) to report2 (which is not on the dashboard).
  As per the requirements, I can't put my report2 on any dashboard page and hide it and then use navigation. Also, I can't enable the print and download options for report1 which is already on the dashboard. Doing this gives me print and download options for report2 but that is not the requirement.
  Is there any way to have print and download options for report2 when I am directly navigating to the report2 from report1 and not the report2 on any dashboard page which is hidden.
  I will really appreciate any help on this.
  Thanks,
  RonnyPlease explain why you can't do what I said. What is the "requirements" that prevent this? It would be transparent to the user, really. They just click and get their report.

• How do I find and download ACR for Elements 9

  Having trouble finding and downloading ACR for Elements 9

  ACR is only updated for a particular version of Elements until the new version of Elements comes out.  A new version of Elements comes out in the Aug-Oct timeframe of each year.  PSE 11 came out in the fall of 2012 so PSE 10 came out in the fall of 2011.  Look for the last version of ACR that came out before PSE 10 came out.  You can find the various versions of ACR for your computer’s OS by going to http://www.adobe.com/downloads/updates/ and choosing Camera Raw – your-computer-platorm at the top.  On the camera-raw versions page that comes up click on the links for a late-summer/early-fall 2011 version of ACR.  In my estimation this could be either 6.5 or 6.4 depending on whether PSE 9 was replaced by PSE 10 before or after 9/28/2011 when ACR 6.5 came out.  The way to check is that once you’ve clicked over to the download page for a particular version of ACR, there are two more links on that page, one for PSE and one for PRE and click the PSE one to see what version of Elements that version of ACR is for.  Check this until the version of PSE is higher than the one you have and then one back one version.

• I purchased and downloaded CS6 for my MacBook Pro laptop. I now want to add CS6 to an iMac, how do I go about installing it on this new computer?

  I purchased and downloaded CS6 for my MacBook Pro laptop from Adobe. I now want to add CS6 to an iMac, how do I go about installing it on this new computer?

  Alibutlerdesigns you will use the same process to install on your second computer.  You can copy the installation files using a USB drive if you do not wish to download the installation files again.

• How do I activate/download my Adobe Creative Suite onto a new macbook? My previous computer and download was for Windows on a Dell.

  How do I activate/download my Adobe Creative Suite onto a new macbook? My previous computer and download was for Windows on a Dell.

  The answer depends on which version of Creative Suite.
  Either
  install Windows on your Mac using Bootcamp or Parallels then install Creative Suite in the Windows Virtual Machine on your Mac.
  Or, if you want to install natively on your Mac:
  If CS6 then you can apply to Adobe for a platform swap
  Order product | Platform, language swap
  If CS5 then you must pay to upgrade from CS5 Win to CS6 Mac
  Creative Suite 6
  If CS4 or earlier then you're out of luck. You'll have to buy a new copy of CS6 for Mac or pay to join the Cloud.

• When I go to my iTunes Store and download something, for some reason it's not letting me download app it's saying there's a billing issue, when I correct it, it's says contact iTunes/ support can someone please help me, I really want too listen to paying

  When I go to my iTunes Store and download something, for some reason it's not letting me download app it's saying there's a billing issue, when I correct it, it's says contact iTunes/ support can someone please help me, I really want too listen to paying

  You need to do as provided - contact iTunes Store support.
  http://www.apple.com/emea/support/itunes/contact.html

• TS3276 Is there a way to sync POP subfolders and download them for backup in Mail on my MBP? I tried syncing the account with Mail and only the Inbox downloads onto my computer.

  Is there a way to sync POP subfolders and download them for backup in Mail on my MBP? I tried syncing the account with Mail and only the Inbox downloads onto my computer. I have Googled enough to find out that the answer is no, but no official answer or recent answer and I am hopeful that there has been a change.

  Sure-glad to help you. You will not lose any data by changing synching to MacBook Pro from imac. You have set up Time Machine, right? that's how you'd do your backup, so I was told, and how I do my backup on my mac.  You should be able to set a password for it. Save it.  Your stuff should be saved there. So if you want to make your MacBook Pro your primary computer,  I suppose,  back up your stuff with Time machine, turn off Time machine on the iMac, turn it on on the new MacBook Pro, select the hard drive in your Time Capsule, enter your password, and do a backup from there. It might work, and it might take a while, but it should go. As for clogging the hard drive, I can't say. Depends how much stuff you have, and the hard drive's capacity.  As for moving syncing from your iMac to your macbook pro, should be the same. Your phone uses iTunes to sync and so that data should be in the cloud. You can move your iTunes Library to your new Macbook pro
  you should be able to sync your phone on your new MacBook Pro. Don't know if you can move the older backups yet-maybe try someone else, anyways,
  This handy article from Apple explains how
  How to move your iTunes library to a new computer - Apple Support''
  don't forget to de-authorize your iMac if you don't want to play purchased stuff there
  and re-authorize your new macBook Pro
  time machine is an application, and should be found in the Applications folder. it is built in to OS X, so there is nothing else to buy. double click on it, get it going, choose the Hard drive in your Time capsule/Airport as your backup Time Machine  and go for it.  You should see a circle with an arrow on the top right hand of your screen (the Desktop), next to the bluetooth icon, and just after the wifi and eject key (looks sorta like a clock face). This will do automatic backups  of your stuff.

• Cisco ACS Server . Download Evaluation Version For Testing.

  Hello.
  I want to try to install ACS server for windows to check how this is working with Microsoft AD. Does anyone know where i can download an evaluation version of Cisco ACS Server for Windows ?

  Hello Michael-
  The ACS version for Windows is no longer available. The product is EOL/EOS:
  http://www.cisco.com/c/en/us/products/collateral/security/secure-access-control-server-windows/end_of_life_notice_c51-664639.html
  The product was replaced with a Linux based version (5.x) and it is a lot easier of a product to install and manage. 
  If you want to evaluate the product I would recommend that you contact your local Cisco partner:
  https://tools.cisco.com/WWChannels/LOCATR/openBasicSearch.do
  Thank you for rating helpful posts!

• Loading and download SWFs for AIR apps on iOS from server

  Dear
  I develop app for ios using adobe air i need to loading and download swf in my server to my local device
  i make it loading from server and play but i need to download it locally in device to play offline
  Please Help
  Thank You

  If I undestand correct, the unload() is unsuported yet, so it just hangs in the memory
  In the tests I did, when I put two loads for the same swf, the app freezes, so I don´t know what you can do there.
  For the "code", you just need to put the LoaderContext on the loads, something like this:
  Frame 1:
  var myLoader:Loader;
  var loaderContext:LoaderContext = new LoaderContext(false, ApplicationDomain.currentDomain, null);
  if(myLoader == null){myLoader = new Loader(); addChild(myLoader); }
  else {myLoader.unload();}
  Frame 2:
  myLoader.unload();
  myLoader.load(new URLRequest("file1.swf"),loaderContext);
  Frame 3:
  myLoader.unload();
  myLoader.load(new URLRequest("file2.swf"),loaderContext);
  Frame 4:
  myLoader.unload();
  myLoader.load(new URLRequest("file3.swf"),loaderContext);
  Regards,
  Rogério Gonzalez

• Project server and exhcnage certificate or EWS url problem

  We are having trouble enabling synchronization between our Project 2010 Server and our Exchange 2010 CAS server. 
  When we initially saw this error below,
  “The root of the certificate chain is not a trusted root authority.”, we then downloaded the GoDaddy intermediates certificate that goes with the “mail.sfbcic.com” cert and    imported it as a trusted root authority
  on the project server.  However, we are still getting the error you see below. 
  You can see that we have two certificates that are valid. 
  Our CAS server has 2 certificates: (Both are valid certificates)
                  1 – Self-Signed      HOSEXCHCAS4
                  2 – Third-party (GoDaddy) certificate      mail.sfbcic.com
  Our Questions:
  1. In PWA, do the computer names of the cas servers need to match the third party certificate (is that what's causing the error)?  Currently, we have the CAS server names listed (cas2, cas3, cas 4).  The Go Daddy certificate
  is for mail.ourdomain.com
  2 If the answer is no, do you have any idea what we are missing?
  3. Do we need to get a new third party certificate and not use the self-signed certificate?
  4.  Would one of the CAS servers not being active right now cause this issue?
  -------  Event logs ---------------------
  Log Name:      Application
  Source:        Microsoft-SharePoint Products-SharePoint Foundation
  Date:          4/18/2012 4:11:08 PM
  Event ID:      8311
  Task Category: Topology
  Level:         Error
  Keywords:     
  User:          DOMAIN1\svc_spfarm
  Computer:      HOPROJECTSVR.sfbcic.com
  Description:
  An operation failed because the following certificate has validation errors:\n\nSubject Name: CN=mail.sfbcic.com, OU=Information Technology, O=Southern Farm Bureau Casualty Insurance Company, L=Ridgeland, S=MS, C=US\nIssuer Name:
  SERIALNUMBER=xxxxxx, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US\nThumbprint:
  xxxxxxxxxxxxxxxxxxxxxxxxxxxx\n\nErrors:\n\n The root of the certificate chain is not a trusted root authority..
  Event Xml:
  <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
    <System>
      <Provider Name="Microsoft-SharePoint Products-SharePoint Foundation" Guid="{6FB7E0CD-52E7-47DD-997A-241563931FC2}" />
      <EventID>8311</EventID>
      <Version>14</Version>
      <Level>2</Level>
      <Task>13</Task>
      <Opcode>0</Opcode>
      <Keywords>0x4000000000000000</Keywords>
      <TimeCreated SystemTime="2012-04-18T21:11:08.362997800Z" />
      <EventRecordID>12044</EventRecordID>
      <Correlation ActivityID="{09F06ACB-9929-4F57-A7E8-9786C165ECAE}" />
      <Execution ProcessID="5424" ThreadID="1200" />
      <Channel>Application</Channel>
      <Computer>HOPROJECTSVR.sfbcic.com</Computer>
      <Security UserID="xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" />
    </System>
    <EventData>
      <Data Name="string0">CN=mail.sfbcic.com, OU=Information Technology, O=Southern Farm Bureau Casualty Insurance Company, L=Ridgeland, S=MS, C=US</Data>
      <Data Name="string1">SERIALNUMBER=xxxxxxxxx, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository,
  O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US</Data>
      <Data Name="string2">xxxxxxxxxxxxxxxxxxxxxxxxxxx</Data>
      <Data Name="string3">The root of the certificate chain is not a trusted root authority.</Data>
    </EventData>
  </Event>
  Exchange queue errors…..
  ExchangeSync() failed to retrieve specified user_s      (c3d0c753-21b3-4ff1-8312-61fba2defe8e) Exchange Server url. No exception     
  was thrown, but EWS url came back empty.:
  ExchangeSyncEWSUrlFailed (40509). Details: id='40509'      
  name='ExchangeSyncEWSUrlFailed' uid='42585c0c-d4b2-4dfc-9303-af128e5e3a00'       teamMemberUid='c3d0c753-21b3-4ff1-8312-61fba2defe8e'.
  ExchangeSyncEWSUrlFailed (40509). Details: id='40509'      
  name='ExchangeSyncEWSUrlFailed'       uid='5a607457-2eb4-4d53-a80e-13e538fb46ff'       teamMemberUid='c3d0c753-21b3-4ff1-8312-61fba2defe8e'.
  ExchangeSyncEWSUrlFailed (40509). Details: id='40509'      
  name='ExchangeSyncEWSUrlFailed'       uid='490d7241-a2b9-42f5-b81b-a4f3ee67c2a6'       teamMemberUid='c3d0c753-21b3-4ff1-8312-61fba2defe8e'.
  ExchangeSyncEWSUrlFailed (40509). Details: id='40509'      
  name='ExchangeSyncEWSUrlFailed'       uid='eefd753b-a3da-4a17-a278-bf12fc68e58c'       teamMemberUid='c3d0c753-21b3-4ff1-8312-61fba2defe8e'.
  ExchangeSyncEWSUrlFailed (40509). Details: id='40509'      
  name='ExchangeSyncEWSUrlFailed' uid='f525cd5e-2a57-414b-a20d-1dc2528733e9'       teamMemberUid='c3d0c753-21b3-4ff1-8312-61fba2defe8e'.
  ExchangeSyncEWSUrlFailed (40509). Details: id='40509'      
  name='ExchangeSyncEWSUrlFailed'       uid='34f74c12-a812-4a80-85a3-0ece1e426f33'       teamMemberUid='c3d0c753-21b3-4ff1-8312-61fba2defe8e'.
  ExchangeSync() handle ExchangeSyncStatusingMessage for      user c3d0c753-21b3-4ff1-8312-61fba2defe8e queue message caused an     
  exception.:
  ExchangeSyncGeneralProcessingFailure (40512). Details: id='40512'      
  name='ExchangeSyncGeneralProcessingFailure' uid='7b7ab045-ba46-47cd-8504-23272e09dbcc'       teamMemberUid='c3d0c753-21b3-4ff1-8312-61fba2defe8e'       exception='Microsoft.Office.Project.Server.BusinessLayer.Queue.ExchangeSyncEmailAddressInvalidException:
        Could not find Exchange server for resource       c3d0c753-21b3-4ff1-8312-61fba2defe8e at       Microsoft.Office.Project.Server.BusinessLayer.Queue.ProcessExchangeSyncMessage.ExecuteSync(ExchangeSyncTasks
        exchangeSyncTasks) at       Microsoft.Office.Project.Server.BusinessLayer.Queue.ProcessExchangeSyncMessage.HandleMessage(Message       msg, Group messageGroup, JobTicket jobTicket,
  MessageContext mContext)'.
  ExchangeSyncGeneralProcessingFailure (40512). Details: id='40512'      
  name='ExchangeSyncGeneralProcessingFailure'       uid='a3783e9a-2b39-4878-8099-20681a4715d3'       teamMemberUid='c3d0c753-21b3-4ff1-8312-61fba2defe8e'       exception='Microsoft.Office.Project.Server.BusinessLayer.Queue.ExchangeSyncEmailAddressInvalidException:
        Could not find Exchange server for resource       c3d0c753-21b3-4ff1-8312-61fba2defe8e at       Microsoft.Office.Project.Server.BusinessLayer.Queue.ProcessExchangeSyncMessage.ExecuteSync(ExchangeSyncTasks
        exchangeSyncTasks) at       Microsoft.Office.Project.Server.BusinessLayer.Queue.ProcessExchangeSyncMessage.HandleMessage(Message       msg, Group messageGroup, JobTicket jobTicket,
  MessageContext mContext)'.
  ExchangeSyncGeneralProcessingFailure (40512). Details: id='40512'      
  name='ExchangeSyncGeneralProcessingFailure'       uid='71656d71-38d4-4acf-a26d-9f0d6f84da0b'       teamMemberUid='c3d0c753-21b3-4ff1-8312-61fba2defe8e'       exception='Microsoft.Office.Project.Server.BusinessLayer.Queue.ExchangeSyncEmailAddressInvalidException:
        Could not find Exchange server for resource       c3d0c753-21b3-4ff1-8312-61fba2defe8e at       Microsoft.Office.Project.Server.BusinessLayer.Queue.ProcessExchangeSyncMessage.ExecuteSync(ExchangeSyncTasks
        exchangeSyncTasks) at       Microsoft.Office.Project.Server.BusinessLayer.Queue.ProcessExchangeSyncMessage.HandleMessage(Message       msg, Group messageGroup, JobTicket jobTicket,
  MessageContext mContext)'.
  ExchangeSyncGeneralProcessingFailure (40512). Details: id='40512' name='ExchangeSyncGeneralProcessingFailure'
        uid='2454abb1-6a2b-4716-bd45-03a7edf80347'       teamMemberUid='c3d0c753-21b3-4ff1-8312-61fba2defe8e'       exception='Microsoft.Office.Project.Server.BusinessLayer.Queue.ExchangeSyncEmailAddressInvalidException:
        Could not find Exchange server for resource       c3d0c753-21b3-4ff1-8312-61fba2defe8e at       Microsoft.Office.Project.Server.BusinessLayer.Queue.ProcessExchangeSyncMessage.ExecuteSync(ExchangeSyncTasks
        exchangeSyncTasks) at       Microsoft.Office.Project.Server.BusinessLayer.Queue.ProcessExchangeSyncMessage.HandleMessage(Message       msg, Group messageGroup, JobTicket jobTicket,
  MessageContext mContext)'.
  ExchangeSyncGeneralProcessingFailure (40512). Details: id='40512'      
  name='ExchangeSyncGeneralProcessingFailure'       uid='3dbd4f65-f478-47e7-aeb3-d05575be69fe'       teamMemberUid='c3d0c753-21b3-4ff1-8312-61fba2defe8e'       exception='Microsoft.Office.Project.Server.BusinessLayer.Queue.ExchangeSyncEmailAddressInvalidException:
        Could not find Exchange server for resource       c3d0c753-21b3-4ff1-8312-61fba2defe8e at Microsoft.Office.Project.Server.BusinessLayer.Queue.ProcessExchangeSyncMessage.ExecuteSync(ExchangeSyncTasks      
  exchangeSyncTasks) at       Microsoft.Office.Project.Server.BusinessLayer.Queue.ProcessExchangeSyncMessage.HandleMessage(Message       msg, Group messageGroup, JobTicket jobTicket, MessageContext mContext)'.
  ExchangeSyncGeneralProcessingFailure (40512). Details: id='40512'      
  name='ExchangeSyncGeneralProcessingFailure'       uid='17a05fda-8702-4e20-93d1-068bf9182cf1'       teamMemberUid='c3d0c753-21b3-4ff1-8312-61fba2defe8e' exception='Microsoft.Office.Project.Server.BusinessLayer.Queue.ExchangeSyncEmailAddressInvalidException:
        Could not find Exchange server for resource       c3d0c753-21b3-4ff1-8312-61fba2defe8e at       Microsoft.Office.Project.Server.BusinessLayer.Queue.ProcessExchangeSyncMessage.ExecuteSync(ExchangeSyncTasks
        exchangeSyncTasks) at       Microsoft.Office.Project.Server.BusinessLayer.Queue.ProcessExchangeSyncMessage.HandleMessage(Message       msg, Group messageGroup, JobTicket jobTicket,
  MessageContext mContext)'.
  Queue:     
  GeneralQueueJobFailed (26000) -
  ExchangeSyncTasks.ExchangeSyncTasks. Details: id='26000' name='GeneralQueueJobFailed' uid='cfd94c57-78c0-4c1a-b343-22e36d940276' JobUID='11ff22eb-364b-4ff6-a05f-10e29407e04a' ComputerName='HOPROJECTSVR' GroupType='ExchangeSyncTasks' MessageType='ExchangeSyncTasks'
  MessageId='1' Stage=''. For more details, check the ULS logs on machine
  HOPROJECTSVR for entries with JobUID 11ff22eb-364b-4ff6-a05f-10e29407e04a.
  Cletus51

  We found the problem. 
  We downloaded the "Go Daddy Class 2 Certification Authority Root Certificate".  Via Sharepoint 2010 Central Administration, we created a new trust relationship using the certificate we downloaded. 
  Cletus51

• How to download certificate for the first time programmatically?

  Hi, I'm accessing a https server which has a self signed certificate for the first time. I was trying to download the certificate using like
  cert = sslsession.getPeerCertificates()[0]
  However I got the following exception: SSLPeerUnverifiedException
  If I have the certificate on disk and I installed it using keytool to the keystore, I could see the keychain using this method. But is there a way in java to download the certificate for the first time?
  Many thanks.
  minji

  hi ejp, thanks a lot for the link, it really helps a lot.
  Now I'm having another problem. I could now download the certificate and store in my keystore. but if I immediately reconnect to the https web page, I still got the exception telling me the certificate was not found:
  javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
  This should not happen as I have already had this certificate in my keystore. If I rerun the program, there's no problem, indicating the certificate was really there. I first guessed I might have to again call System.setProperty("javax.net.ssl.trustStore", "mycacerts") but that does not help.
  anybody with an idea?

• ANN: Complete File Upload and Download Power For Dreamweaver

  WebAssist is proud to announce the availability of Digital
  File Pro, an
  extension for Dreamweaver that brings complete upload and
  download
  functionality to ASP, ColdFusion and PHP – without
  server-side components.
  Digital File Pro is now available for $79.99 until September
  19, 2006
  (regular price, $99.99). Owners of eCommerce Suite, Super
  Suite or Admin
  Suite from WebAssist can upgrade for only $49.99.
  For more information, visit:
  http://webassist.com/professional/products/productdetails.asp?PID=112&CouponID=0x62xd
  enthusiastically,
  mark haynes
  webassist sales
  Check out our Special Offers at:
  http://www.webassist.com/professional/products/specials.asp

  Mark:
  Were you aware your page
  http://webassist.com/professional/products/productdetails.asp?PID=112&CouponID=0x62xd)
  doesn't render correctly in IE BETA 7 (text cut off on the
  right)?
  Don't know if you knew (or even care since it IS a beta) but
  I thought I'd
  let you know.
  Rick in Tacoma

• Why does the advisory for downloading update 28.0 run but never contact the server or download anything for my Mac Firefox 27.0.1?

  I'm running OS X 10.9.2 on an iMac with a 2.66 GHz Intel Core 2 Duo processor and 4 GB 1067 MHz DDR3 memory. All previous updates have downloaded and installed flawlessly, but every time it arrives -- and that's been several times so far -- this one has simply shown that blue-and-white striped busy bar, says it's contacting the server, and does nothing, no matter how long I leave it running.

  That's weird but you should be able to manually install the update like this:
  #Download a fresh copy from [http://www.mozilla.org/en-US/firefox/all/ here] - direct link (https://download.mozilla.org/?product=firefox-28.0-SSL&os=osx&lang=en-US)
  #Install the new version. For details, see [[How to download and install Firefox on Mac]]
  Usually this fixes this issue with automatic updates. There will be new version available starting next Tuesday. The automatic update will happen sometime over the following week or so.
  Let me know how it goes.<br>
  Thanks,<br>
  Michael

• ID Server and Policy Agent for AS .. is secure?

  Hello there,
  I have a question. Quite critical question, concerning iPlanetDirectoryPro cookie. If I've got it right, this cookie contains SSO Token. And the SSO token can be used with identity server to obtain any SSO assetion. I've experimentaly confirmed this.
  Now, can anyone tell me why this cookie is sent to any host in my domain? The default after instalation is "bgs.sk". This default value enables any host in my domain to impersonate me. Well, I still can change this, but it is now good to have insecure default values anyway, is it?
  Second, and more critical problem: I have Policy Agent installed on my Application Server. It looks like the agent requires access to the iPlanetDirectoryPro cookie to work correctly. But, if my application server has my SSO token, it can impersonate me anywhere. Not a good situation at all. That would mean security hole as big as hangar doors.
  Are my assumptions correct? Am I overlooking something?
  (All valid for ID server 6.0 and Liberty protocols)
  Thanks for any help.

  Although Sun promote Identity Server by emphasizing its Liberty/SAML feature, the product itself use a proprietary protocol for SSO and CDSSO.
  As all we know, this product could be totally useless without Sun's Policy/J2EE Agent deployed. But ironically these agents communicate with Identity Server in its own way, nothing to do with SAML, XACML, or even SOAP.
  The agent approach is usually not a good idea. We saw more and more problem raised from fields related to agent stability and scalability. We never see any performance benchmark data from Sun. Since the communication between agt and Identity Server are proprietary, no ISV can make agent for this product. You have to wait for Sun for agent support if you have new system not on the support matrix.
  In addition to agent, another big issue of Identity Server is its complex DIT structure. In fact, we prefer to have RDBMS as Identity Server's repository. Sun abuse ldap just because this company doesn't have any database product but still want to provide a pure Sun platform (JES) to customer. So they compromise the architecture for business reason, I'd like to tell you, I don't like the way Identity Server store data in DIT, I don't like the console UI (its for technical geek), and on one in our company dare to do any configuration change.
  Now Sun put Identity Server as the core of its JES product stack. If you have time to take a look at how the SJS Portal use Identity Server and how SSO between Portal channel and Email/Calendar Server are achieved, you'll find that you just buy a "framework" (I mean Identity server), not a product, because you have to do every integration work by intensively coding.
  I predict that Identity Server will be significantly rearchitctured in the near future, otherwise we don't see any benefit this product can bring to me. It is a headache for deployment as well as maintenance. If you just need Single Sign-On, there are lots alternative to achieve, Sun's Identity Server is really overkill. It's authentication feature is ok, but authorization feature (policy, role) is very limited. If you have lots of Windows/IIS web app need to do SSO with Identity Server, god bless you... you better have a sharp programmer to wrap up the C API so as your ASP programmer can leverage Identity Server SDK, and you got to pray for IIS agent behave well. In addition, don't forget to learn more about JATO if you want to do some fancy customization on the default login page.