Apache Policy Agent : Broken Installer?

Similar Messages

• OpenAM Weblogic Policy Agent

  Hi Everyone,
  I have installed Weblogic Policy Agent in OpenAM. Followed the URL “http://openam.forgerock.org/openam-documentation/openam-doc-source/doc/agent-install-guide/index/chap-weblogic.html” to install the policy Agent.
  I am using Oracle Weblogic server 10.3.5.0 to use deploy the .war file. Same Weblogic server used for Oracle Identity Manager 11.1.1.5.0.
  In Weblogic Policy Agent post-installation steps need to select Agent Authenticator for the security Realm.
  I have doubt here. Whether i want to create the *"new realm"* or i can use the existing realm *"myrealm"*? But , "myrealm" is consists the details of OIM.
  I am thinking to create the new realm for openAM Weblogic policy Agent, if so what are the things i need to do create new realm for OpenAM.
  Please suggest me on this.
  Thanks & Regards,
  Karthick

  Hi Aaron;
  I am trying to see if I can force the policy agent to be invoked on non-protected resources. The agent is in J2EE mode. The scenario that I have is the whole site is open and nothing is protected so I have to make the policy agent recognize requests for both protected and non protected resources. The other issue I have is that even if I create a cookie the policy agent doesn't maintain the session state since the requests are for unprotected resources. It (PA) doesn't "touch" the cookie since the requests didn't go through it.
  Thanks,

• Problem Installing Policy Agent 2.2 on Apache 2.2.3

  Hi all,
  I'm trying to configure policy agent 2.2 on apache 2.2.3 on linux platform CentOS (red hat 5.1).
  The configuration and the installation seem to work properly, in effect in the log file install.log you can find :
  [06/10/2008 16:38:49:865 CEST] Creating directory layout and configuring Agent file for Agent_001 instance ...SUCCESSFUL.
  [06/10/2008 16:38:49:936 CEST] Reading data from file /opt/web_agents/apache22_agent/passwordFile and encrypting it ...SUCCESSFUL.
  [06/10/2008 16:38:49:937 CEST] Generating audit log file name ...SUCCESSFUL.
  [06/10/2008 16:38:50:022 CEST] Creating tag swapped AMAgent.properties file for instance Agent_001 ...SUCCESSFUL.
  [06/10/2008 16:38:50:026 CEST] Creating a backup for file /etc/httpd/conf/httpd.conf ...SUCCESSFUL.
  [06/10/2008 16:38:50:031 CEST] Adding Agent parameters to /opt/web_agents/apache22_agent/Agent_001/config/dsame.conf file ...SUCCESSFUL.
  [06/10/2008 16:38:50:032 CEST] Adding Agent parameters to /etc/httpd/conf/httpd.conf file ...SUCCESSFUL.
  But, when I try to restart Apache it gives me an error and in the error.log file in Apache you can read:
  [Tue Jun 10 16:57:33 2008] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
  [Tue Jun 10 16:57:34 2008] [notice] Digest: generating secret for digest authentication ...
  [Tue Jun 10 16:57:34 2008] [notice] Digest: done
  [Tue Jun 10 16:57:34 2008] [alert] Policy web agent configuration failed: NSPR error
  Configuration Failed
  Well, I found in the Sun documentation a well known bug about the NSPR and NSS library :
  Error message issued during installation of Policy Agent 2.2 on Linux systems
  When the Linux operating system is installed, specific components can be selected. Occasionally the specific components of the operating system selected lack the libraries necessary for Policy Agent 2.2 to function. When the complete Linux operating system is installed, all the required libraries are available. The libraries that are required for the agent to function are as follows: NSPR, NSS, and libxml2.
  Workaround: If the Linux operating system you are using is not complete, install the latest versions of these libraries as described in the steps that follow:
  At the time this note was added, the latest version of the NSPR library packages was NSPR 4.6.x , while the latest version of the NSS library package was NSS 3.11.x.
  To Install Missing Libraries for Policy Agent 2.2 on Linux Systems
  *+
  Install the NSS, and libxml2 libraries. These libraries are usually available as part of Linux installation media. NSPR and NSS are available as part of Mozilla binaries/development packages. You can also check the following sites:
  o
  NSPR: http://www.mozilla.org/projects/nspr/
  o
  NSS: http://www.mozilla.org/projects/security/pki/nss/
  So, I checked my libraries but they are upgraded to the latest version.
  If I comment the line that includes the libamapc22.so in the apache configuration file
  LoadModule dsame_module /opt/web_agents/apache22_agent/lib/libamapc22.so
  Apache can restart but the agent is misconfigurated!
  Any Idea?

  thank you Subhodeep for your reply,
  I didn't try to change the library file and I didn't find in licterature any information about library file changing in the Policy agent installation. Please, could you suggest me something more about which library to use instead of libamapc22.so?
  ps. I am using red hat 5.1, and from the release note of the policy agent seems that the latest platform version supported is red hat enterprise linux 4.0 versions.....
  this one could definitely be the reason of the misconfiguration.

• Error while Installing Apache Tomcat policy agent in openAM

  Hi,
  I trying to install Apache Tomcat Policy agent in Linux environment but I am getting the following error after i provided all the details.
  Updating the /EBS/TomCat/apache-tomcat-7.0.33/bin/setenv.sh script
  with the Agent configuration JVM option ...DONE.
  FAILED.
  In Agentlog file, i have received the error like below:
  Note: I am installing it as "oracle" user not as root.
  -r-------- 1 oracle oracle 9583 Apr 25 14:55 Agent.log
  [04/25/2013 14:58:58:256 IST] FileUtils.copyJarFile(): Error occurred while copying jar file: /EBS/openAM/tomcat_v6_agent_3.1.0-Xpress/j2ee_agents/tomcat_v6_agent/lib/agent.jar to: /EBS/TomCat/apache-tomcat-7.0.33/lib/agent.jar
  java.io.FileNotFoundException: /EBS/TomCat/apache-tomcat-7.0.33/lib/agent.jar (Permission denied)
  at java.io.FileOutputStream.open(Native Method)
  at java.io.FileOutputStream.<init>(FileOutputStream.java:194)
  at java.io.FileOutputStream.<init>(FileOutputStream.java:84)
  at com.sun.identity.install.tools.util.FileUtils.copyJarFile(FileUtils.java:131)
  at com.sun.identity.agents.tools.tomcat.v6.CopyAgentFilesTask.copyAgentJarFiles(CopyAgentFilesTask.java:74)
  at com.sun.identity.agents.tools.tomcat.v6.CopyAgentFilesTask.execute(CopyAgentFilesTask.java:56)
  at com.sun.identity.install.tools.configurator.TaskRunner.executeTask(TaskRunner.java:105)
  at com.sun.identity.install.tools.configurator.TaskRunner.runTasks(TaskRunner.java:72)
  at com.sun.identity.install.tools.configurator.InstallDriver.install(InstallDriver.java:95)
  at com.sun.identity.install.tools.configurator.InstallDriver.install(InstallDriver.java:40)
  at com.sun.identity.install.tools.handler.InstallHandler.handleRequest(InstallHandler.java:63)
  at com.sun.identity.install.tools.admin.AdminTool.dispatch(AdminTool.java:230)
  at com.sun.identity.install.tools.admin.AdminTool.run(AdminTool.java:133)
  at com.sun.identity.install.tools.launch.AdminToolLauncher.launchAdminTool(AdminToolLauncher.java:201)
  at com.sun.identity.install.tools.launch.AdminToolLauncher.main(AdminToolLauncher.java:313)
  [04/25/2013 14:58:58:258 IST] CopyAgentFilesTask.copyAgentJarFiles() - Error occured while copying jar files from /EBS/openAM/tomcat_v6_agent_3.1.0-Xpress/j2ee_agents/tomcat_v6_agent/lib to /EBS/TomCat/apache-tomcat-7.0.33/lib: /EBS/TomCat/apache-tomcat-7.0.33/lib/agent.jar (Permission denied)
  I tried to do this do this installation through root also but i got the same error.
  Please help me to resolve this.
  Thanks & regards,
  Karthick

  Hi,
  I got the below error in log files:
  [04/26/2013 11:02:48:828 IST] LayoutHandlerTask.execute() - Creating instance directory layout for 'Agent_001
  [04/26/2013 11:02:48:828 IST] LayoutHandlerTask.createDir() - Creating Dir for: /EBS/openAM/tomcat_v6_agent_3.1.0-Xpress/j2ee_agents/tomcat_v6_agent/Agent_001
  [04/26/2013 11:02:48:828 IST] LayoutHandlerTask.createDir() - Error Unable to create Dir for: /EBS/openAM/tomcat_v6_agent_3.1.0-Xpress/j2ee_agents/tomcat_v6_ag/Agent_001
  [04/26/2013 11:02:48:828 IST] InstallHandler: Failed to process install request
  [ProductInstallException Stack]com.sun.identity.install.tools.configurator.InstallException: Failed to create directory /EBS/openAM/tomcat_v6_agent_3.1.0-Xpress/j2ee_agents/tomcat_v6_agent/Agent_001.
  at com.sun.identity.install.tools.configurator.CreateLayoutTask.createDir(CreateLayoutTask.java
  :126)
  at com.sun.identity.install.tools.configurator.CreateLayoutTask.execute(CreateLayoutTask.java:6
  3)
  at com.sun.identity.install.tools.configurator.TaskRunner.executeTask(TaskRunner.java:105)
  at com.sun.identity.install.tools.configurator.TaskRunner.runTasks(TaskRunner.java:72)
  at com.sun.identity.install.tools.configurator.InstallDriver.install(InstallDriver.java:95)
  at com.sun.identity.install.tools.configurator.InstallDriver.install(InstallDriver.java:40)
  at com.sun.identity.install.tools.handler.InstallHandler.handleRequest(InstallHandler.java:63)
  at com.sun.identity.install.tools.admin.AdminTool.dispatch(AdminTool.java:230)
  at com.sun.identity.install.tools.admin.AdminTool.run(AdminTool.java:133)
  at com.sun.identity.install.tools.launch.AdminToolLauncher.launchAdminTool(AdminToolLauncher.ja
  va:201)
  at com.sun.identity.install.tools.launch.AdminToolLauncher.main(AdminToolLauncher.java:313)
  [04/26/2013 11:02:48:831 IST] Exiting with code: 0
  Thanks,
  Karthick

• Web Policy Agent 2.1 for Apache 1.3.27 with Identity Server 6.1

  Web Policy Agent 2.1 for Apache 1.3.27 with Identity Server 6.1
  Does anybody has a working combination of the above ? I get a ID login page and after that I always get a access denied page. I get this exception on the agent logs:
  2004-10-14 16:28:00.917 Warning 6347:c1818 PolicyAgent: in get_cookie: no cooki
  e in ap_table
  2004-10-14 16:28:01.895 Warning 6359:c1818 PolicyAgent: Invalid URL for propert
  y (com.sun.am.policy.agents.accessDeniedURL) specified
  2004-10-14 16:28:56.742 Warning 6349:c1818 PolicyAgent: am_web_is_access_allowe
  d(http://xx.xx.xx.net:8080/, GET) denying access: status = access de
  nied (20)
  2004-10-14 16:28:56.743 128 6349:c1818 RemoteLog: User testuser1 was denie
  d access to http://xx.xx.xx.net:8080/.
  2004-10-14 16:28:56.831 -1 6349:c1818 PolicyAgent: URL Access Agent: acces
  s denied to testuser1
  We can ignore Invalid URL property part because its just looking for a custom url in place there. I have cookies enabled in my browser. I even turned on the prompt option. No luck yet.
  Any suggestions would be of great help.
  Thanks,
  Sunil.

  From your description, since the agent installs file with a different JRE, I would suspect it has something to do with the availability of JCE provider in the first JRE. By default, WebSphere's JRE is equipped with IBM JCE provider which is what the agent uses to encrypt the necessary
  information. If this provider is not configured correctly it could result in the error that you are seeing. Please check the WebSphere installation and make sure that the JRE used by it has the necessary IBM JCE provider configured. The java.security file for this should contain something like:
  security.provider.1=sun.security.provider.Sun
  security.provider.2=com.ibm.crypto.provider.IBMJCE
  security.provider.3=com.ibm.jsse.IBMJSSEProvider
  security.provider.4=com.ibm.security.cert.IBMCertPath
  security.provider.5=com.ibm.crypto.pkcs11.provider.IBMPKCS11
  Also, make sure that when you are installing the agent you specify the Java Home as prompted by the agent to point to the location where this JRE is installed. Typically this is under WebSphere/AppServer/java directory. HTH, Jerry

• Policy Agent Installation : Path to password file to identify the agent ???

  Hi,
  I am trying to install Policy Agent 2.2 on Sun App Server 9.1 which was installed via "Java EE5 SDK Update2" (java tools bundle) on Windows XP Pro.
  In the installation process, I have reached a question to which I want to know the answer.
  "Enter the path to a file that contains the password to be used for identifying the Agent."
  Could someone pls tell me the exact name of the file to find in the server hierarchy?, whose path I can search for.
  My AM is installed at location:
  "D:\Sun\SDK\domains\domain1\applications\j2ee-modules\amserver"
  Thanks in advance.
  Rahul A Honrao

  This is the way I solved it:
  1. copy default pkgadd to pkgadd.orig
  cp /usr/sbin/pkgadd /usr/sbin/pkgadd.orig
  2. create new pkgadd
  cat > /usr/sbin/pkgadd
  #!/bin/sh
  /usr/sbin/pkgadd.orig -G $*
  ^D
  3. Make /usr/sbin/pkgadd executable
  chmod 755 /usr/sbin/pkgadd
  Now install the agent.
  HTH

• Policy agent fot apache tomcat opensso

  Hi,
  I am looking for policy agent fot apache tomcat opensso 8 u2. Can anyone post the url for the same

  Go to https://edelivery.oracle.com and go to Sun Products Media Pack for Oracle Solaris on SPARC (64-bit)
  There you will find OpenSSO Policy Agents 3.0 which includes the tomcat agent. Don't worry about the hardware platform or OS, the tomcat agent is pure java so it doesn't matter.

• Policy Agent 2.2 for Apache HTTP Server

  hi,
  I'm trying to configure Policy Agent 2.2 for apache http server.
  The agent seems to be installed properly, in fact when I access the protected resource, I get the Access Manager login page.
  Then I log into access manager, but I'm redirected to an error page.
  Looking in log files I can see:
  agent's "amAgent" log file:
  Debug 10763:f8fe0 AuthService: HTTP Status = 200 (OK)
  Debug 10763:f8fe0 AuthService: Http::Response::readAndParse(): No content length in response.
  Debug 10763:f8fe0 ServiceEngine: Service::do_agent_auth_login(): Setting password callback.
  Debug 10763:f8fe0 ServiceEngine: Service::do_agent_auth_login(): Setting name callback to 'apache2Agent'.
  Debug 10763:f8fe0 AuthService: BaseService::sendRequest Cookie and Headers =Host: crmzone.company.icteam.it     
                 Cookie: JSESSIONID=193E5E1590C924A42B95A00A51DC0479;amlbcookie=01
  Debug 10763:f8fe0 AuthService: BaseService::sendRequest Content-Length =Content-Length: 620
  Debug 10763:f8fe0 AuthService: BaseService::sendRequest Header Suffix =Accept: text/xml
                 Content-Type: text/xml; charset=UTF-8
  Debug 10763:f8fe0 AuthService: HTTP Status = 200 (OK)
  Debug 10763:f8fe0 AuthService: Http::Response::readAndParse(): No content length in response.
  Error 10763:f8fe0 AuthService: AuthService::processLoginStatus() Exception message=[Application user ID is not valid.] errorCode='107' templateName=login_failed_template.jsp.
  Error 10763:f8fe0 PolicyEngine: am_policy_evaluate: InternalException in AuthService::processLoginStatus() with error message:Exception message=[Application user ID is not valid.] errorCode='107' templateName=login_failed_template.jsp and code:3
  Warning 10763:f8fe0 PolicyAgent: am_web_is_access_allowed()(http://10.0.0.31:80/SugarOS-Full-4.5.0f, GET) denying access: status = Access Manager authentication service failure
  Debug 10763:f8fe0 PolicyAgent: am_web_is_access_allowed(): Successfully logged to remote server for GET action by user unknown user to resource http://10.0.0.31:80/SugarOS-Full-4.5.0f.
  Info 10763:f8fe0 PolicyAgent: am_web_is_access_allowed()(http://10.0.0.31:80/SugarOS-Full-4.5.0f, GET) returning status: Access Manager authentication service failure.
  Info 10763:f8fe0 PolicyAgent: process_request(): Access check for URL http://10.0.0.31/SugarOS-Full-4.5.0f returned Access Manager authentication service failure.
  Debug 10763:f8fe0 PolicyAgent: process_request(): returning web result AM_WEB_RESULT_ERROR, data []
  Debug 10763:f8fe0 PolicyAgent: am_web_process_request(): Rendering web result AM_WEB_RESULT_ERROR
  Debug 10763:f8fe0 PolicyAgent: am_web_process_request(): render result function returned AM_SUCCESS.
  Access Manager's "amAuthentication.error" log file:
  "Login Failed|module_instance|Application" Application AUTHENTICATION-268 dc=opensso,dc=java,dc=net "Not Available" INFO apache2Agent 10.0.0.31 "cn=dsameuser,ou=DSAME Users,dc=opensso,dc=java,dc=net" CRMzone
  I tried to change the name of the agent either in its AMAgent.properties or in Access Manager "Agents" configuration page.
  I also used "crypt_util" to generate a new passoword, but nothing seems to happen.
  Where should I look to get more info about this problem? Specific log file?
  Is it due to wrong name/id/password of the agent? I really checked them many times...
  Thanks
  Fabio

  I think the error message "Application user ID is not valid" is pretty self evident.
  Log into the amconsole and go to the root realm/organization. Make sure the Agent profile exists and reset the password again to know value. If you created the agent profile in a sub realm/organization, you will need to make sure the subrealm/organization is set in the AMAgent.properties since the default value is / for the root realm/organization. Update the AMAgent.properties file will the Agent ID and the password generated by the crypt_it tool (com.sun.am.policy.am.username, com.sun.am.policy.am.password)
  If that doesn't work, check the amApplication debug log and then look at the ldap server access logs to see why the auth bind failed.

• Building OpenSSO Policy Agent 2.2 for Apache 2.x

  Hi,
  I've been trying to build OpenSSO policy agent using sources from opensso_agentbranch22 on WINNT for Apache 2.0 web server. The reason I can't use the pre-build binary is because we are trying to customize the agent to integrate with another SSO app which sends us data. The compilation itself seems to work OK. But the libamapc2.dll (Apache module dll) created seems to be only 24-26k in size vs the 700k size in the binary distributed by Sun.
  Apache fails to start when this agent is installed, saying that the dll is invalid. Am I missing something in my compilation and linking process? I'm using VS 6 for the cl and link, Ant and Cygwin.
  Any input from the Sun OpenSSO gurus is greatly appreciated.

  I can show a snapshot from the Depends tool that clearly shows that amsdk.dll is dynamically linked. It creates all sorts of issues with Apache 2.0 as it doesn't like the dynamic linking. Until I changed the Makefile in the am directory to use the static library, I could not get my libamapc2.dll to match the libamapc2.dll distributed by Sun. Even now there are issues with libnspr4 and msvcrt.dll. Apache crashes as soon as it loads the libamapc2.dll and the issue has been narrowed down to the strlen() method. This method is used for logging messages by the agent.
  I wish Sun maintained a copy of the 3rd party libs they use to build the agent in their CVS instead of asking us to fetch those libraries from another website, in which case libraries may not correspond 1:1.

• Compiling/running Policy Agent 2.2 for Apache (Linux)

  Hi,
  I know that running the policy agent for Linux is not supported by Sun on other platforms than Red Hat Enterprise Linux, but anyway I'm qurious to see if others have looked into this.
  I've done some testing on my Ubuntu Dapper Linux, using the precompiled version for Red Hat Enterprise, and I kind of made it work. Only problem: I have to start apache using "strace" to have it running. If I run /usr/sbin/apache2 I get "Segmentation Fault", but if I run "strace /usr/sbin/apache2" it runs... I'm able to create a core-dump, but to get something out of it I guess I have to compile the policy agent myself, so I've tried that as well.
  To compile I've checked out the opensso package by CVS and installed libxml2-2.6.23, nss-3.11, nspr-4.6.1 and apache-2.0.59, sort of like what it says in the Readme for compiling under Red Hat Enterprise Linux. Result from running "make BUILD_DEBUG=optimize BUILD_AGENT=apache" is:
  hash_table.h: In member function �typename smi::HashTable<Element>::EntryType smi::HashTable<Element>::findEntry(const std::string&)�:
  hash_table.h:319: error: expected �;� before �__null�
  hash_table.h:319: warning: statement has no effect
  The test with the precompiled version was done on Ubuntu Dapper Linux using the standard apache 2.0.55 package that comes with Ubuntu. As I said: I've managed to get it running (doing SSO login through Federation Manager running on the same machine, with Access Manager running on another Solaris server) but I would prefer to have a setup that doesn't involve using "strace" to have apache whith the policy agent module running... Anyone else done something like this?
  In the end I guess I would like to have some kind of release of the policy agent that doesn't have to be packaged as RPMs just for Red Hat Enterprise servers. It doesn't have to be flagged as "supported by Sun" but more like "you're on your own this release". ;-) That goes for the Federation Manager as well. I've managed to have the FM running on Ubuntu Dapper as well, so I know it's possible...
  - Anders

  The notes in this thread date from about October of 2006.
  Does anyone know why current versions of the gcc compiler refuse to compile the statement that leads to the reported error?
  The statement that is failing is:
      if (entry && entry->getExpirationTime() < PR_Now()) {
       return (HashTable<Element>::EntryType)NULL;with the error
  [exec] hash_table.h:320: error: expected �;� before �__null�Is this a problem with the compiler or with the definition of the NULL macro?

• Policy agent 2.1 for apache 1.3.27 reinstallation problem

  hi
  i've uninstalled Apache_1.3.27_agent_2.1_sparc-sun-solaris2.8 policy agent [Java(TM) 2 Runtime Environment, Standard Edition (build 1.4.2_04-b05)] to reinstall it from scratch.
  during the reinstallation i've the problem listed below. i did remove all remaining parts of agent but doesn't work.
  Any idea ?
  Thanks
  Installing Sun ONE Identity Server Policy Agent
  Listener:com.iplanet.am.installer.listeners.ApacheInstallListener@1372656 threw exception during "installFinishing" method while listening to SUNWamapc install directory=[DETERMINED AT RUNTIME]:java.lang.reflect.InvocationTargetException
  Target Exception trace:
  java.lang.RuntimeException: error executing ///bin/config at com.iplanet.am.installer.listeners.InstallListenerBase.executeCommand(InstallListenerBase.java:829) at com.iplanet.am.installer.listeners.InstallListenerBase.configureSolarisWebAgent(InstallListenerBase.java:294) at com.iplanet.am.installer.listeners.InstallListenerBase.installFinishing(InstallListenerBase.java:150) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:324)
  at com.sun.install.products.Product.processEvents(Product.java:753) at com.sun.install.products.Product.processEvents(Product.java:787) at com.sun.install.products.Product.processEvents(Product.java:787) at com.sun.install.products.Product.performInstallation(Product.java:643) at com.sun.install.tasks.ProductTask.perform(ProductTask.java:191) at com.sun.wizards.core.Sequence.perform(Sequence.java:336) at com.sun.wizards.core.SequenceManager.run(SequenceManager.java:226) at java.lang.Thread.run(Thread.java:534)

  I had the same problem because of a missconfiguration in AMAgent.properties. I changed manually all URLs to the Identity Server from http to https and found out the port number has definitly to be specified (bad URL parsing of Policy Agent). You should check your configuration...
  HTH
  J�rgen

• Setup-Problem while installing AM Policy Agent 2.1 on Solaris 10

  I'm new with AccessManager and try to get it working on Solaris 10 on a Sparc.
  I'm using LDAP-Server, WEB-Server 6.1 and AccessManager from the software-paket: "Sun Java System Access Manager 6 2005Q1" .
  While trying to install policy-agents on the Sparc (by starting setup program), I've got the message: "The installer ist intended for Solaris Operating System only".
  The agent-software I'm trying to install is "Access Manager Policy Agent 2.1 for Sun Java System Web Server 6.1" From there I choosed "Solaris SPARC 8".
  (so I've got the paket "S1WebServer_6[1].1_agent_2.1_sparc-sun-solaris2.8.tar.gz").
  In my opinion, it must be correct. Ist there anything i'done wronge?
  thanks, Paul

  Even when there is no agent available for Solaris 10 now:
  If you don't have any doubt to use an unsupported configuration, at
  least the apache agent is installable.
  You have to extract the packages "SUNWamapc" and "SUNWcom"
  from the tar-archive and install it using pkgadd.
  Then, you have to configure it manually ("include" in "httpd.conf",
  "AMAgent.properties").
  Maybe, it is possible to do something similiar with the agent for
  SUN webserver.
  Be aware that noone will guarantee that such unsupported
  installations won't raise any problems.
  Juergen

• No log for am policy agent for iis6

  Hello!
  Im trying to get Policy Agent for IIS to run on my Win Srv 2003 with IIS6 and Sharepoint Services.
  I am running the OpenSSO version of Access Manager.
  I have installed the agent and done the initial cofiguration.
  When i try to browse the resource i get a login prompt (IIS Basic Auth)and cannot login followed by "Not Authorized 401.3"
  I should get redirected to the AM Login page, shouldn't I?
  I tried to look for answers in the log file but the /debug/<id> directory i empty.
  Anyone know what to do?
  The amAgent.properties file:
  # $Id: AMAgent.properties,v 1.103 2005/09/19 22:08:34 madan Exp $
  # The syntax of this file is that of a standard Java properties file,
  # see the documentation for the java.util.Properties.load method for a
  # complete description. (CAVEAT: The SDK in the parser does not currently
  # support any backslash escapes except for wrapping long lines.)
  # All property names in this file are case-sensitive.
  # NOTE: The value of a property that is specified multiple times is not
  # defined.
  # WARNING: The contents of this file are classified as an UNSTABLE
  # interface by Sun Microsystems, Inc. As such, they are subject to
  # significant, incompatible changes in any future release of the
  # software.
  # The name of the cookie passed between the Access Manager
  # and the SDK.
  # WARNING: Changing this property without making the corresponding change
  # to the Access Manager will disable the SDK.
  com.sun.am.cookie.name = iPlanetDirectoryPro
  # The URL for the Access Manager Naming service.
  com.sun.am.naming.url = http://login.lta.mil.se:8080/opensso/namingservice
  # The URL of the login page on the Access Manager.
  com.sun.am.policy.am.login.url = http://login.lta.mil.se:8080/opensso/UI/Login
  # Name of the file to use for logging messages.
  com.sun.am.policy.agents.config.local.log.file = C:/Sun/Access_Manager/Agents/2.2/debug/Identifier_1414639615/amAgent
  # This property is used for Log Rotation. The value of the property specifies
  # whether the agent deployed on the server supports the feature of not. If set
  # to false all log messages are written to the same file.
  com.sun.am.policy.agents.config.local.log.rotate = true
  # Name of the Access Manager log file to use for logging messages to
  # Access Manager.
  # Just the name of the file is needed. The directory of the file
  # is determined by settings configured on the Access Manager.
  com.sun.am.policy.agents.config.remote.log = amAuthLog.sharepoint.lta.mil.se.80
  # Set the logging level for the specified logging categories.
  # The format of the values is
  # <ModuleName>[:<Level>][,<ModuleName>[:<Level>]]*
  # The currently used module names are: AuthService, NamingService,
  # PolicyService, SessionService, PolicyEngine, ServiceEngine,
  # Notification, PolicyAgent, RemoteLog and all.
  # The all module can be used to set the logging level for all currently
  # none logging modules. This will also establish the default level for
  # all subsequently created modules.
  # The meaning of the 'Level' value is described below:
  # 0 Disable logging from specified module*
  # 1 Log error messages
  # 2 Log warning and error messages
  # 3 Log info, warning, and error messages
  # 4 Log debug, info, warning, and error messages
  # 5 Like level 4, but with even more debugging messages
  # 128 log url access to log file on AM server.
  # 256 log url access to log file on local machine.
  # If level is omitted, then the logging module will be created with
  # the default logging level, which is the logging level associated with
  # the 'all' module.
  # for level of 128 and 256, you must also specify a logAccessType.
  # *Even if the level is set to zero, some messages may be produced for
  # a module if they are logged with the special level value of 'always'.
  com.sun.am.log.level = 5
  # The org, username and password for Agent to login to AM.
  com.sun.am.policy.am.username = UrlAccessAgent
  com.sun.am.policy.am.password = PN4rEZ1uhx1404ivWY6HPQ==
  # Name of the directory containing the certificate databases for SSL.
  com.sun.am.sslcert.dir = C:/Sun/Access_Manager/Agents/2.2/iis6/cert
  # Set this property if the certificate databases in the directory specified
  # by the previous property have a prefix.
  com.sun.am.certdb.prefix =
  # Should agent trust all server certificates when Access Manager
  # is running SSL?
  # Possible values are true or false.
  com.sun.am.trust_server_certs = true
  # Should the policy SDK use the Access Manager notification
  # mechanism to maintain the consistency of its internal cache? If the value
  # is false, then a polling mechanism is used to maintain cache consistency.
  # Possible values are true or false.
  com.sun.am.notification.enable = true
  # URL to which notification messages should be sent if notification is
  # enabled, see previous property.
  com.sun.am.notification.url = http://sharepoint.lta.mil.se:80/amagent/UpdateAgentCacheServlet?shortcircuit=false
  # This property determines whether URL string case sensitivity is
  # obeyed during policy evaluation
  com.sun.am.policy.am.url_comparison.case_ignore = true
  # This property determines the amount of time (in minutes) an entry
  # remains valid after it has been added to the cache. The default
  # value for this property is 3 minutes.
  com.sun.am.policy.am.polling.interval=3
  # This property allows the user to configure the User Id parameter passed
  # by the session information from the access manager. The value of User
  # Id will be used by the agent to set the value of REMOTE_USER server
  # variable. By default this parameter is set to "UserToken"
  com.sun.am.policy.am.userid.param=UserToken
  # Profile attributes fetch mode
  # String attribute mode to specify if additional user profile attributes should
  # be introduced into the request. Possible values are:
  # NONE - no additional user profile attributes will be introduced.
  # HTTP_HEADER - additional user profile attributes will be introduced into
  # HTTP header.
  # HTTP_COOKIE - additional user profile attributes will be introduced through
  # cookies.
  # If not within these values, it will be considered as NONE.
  com.sun.am.policy.agents.config.profile.attribute.fetch.mode=NONE
  # The user profile attributes to be added to the HTTP header. The
  # specification is of the format ldap_attribute_name|http_header_name[,...].
  # ldap_attribute_name is the attribute in data store to be fetched and
  # http_header_name is the name of the header to which the value needs
  # to be assigned.
  # NOTE: In most cases, in a destination application where a "http_header_name"
  # shows up as a request header, it will be prefixed by HTTP_, and all
  # lower case letters will become upper case, and any - will become _;
  # For example, "common-name" would become "HTTP_COMMON_NAME"
  com.sun.am.policy.agents.config.profile.attribute.map=cn|common-name,ou|organiz ational-unit,o|organization,mail|email,employeenumber|employee-number,c|country
  # Session attributes mode
  # String attribute mode to specify if additional user session attributes should
  # be introduced into the request. Possible values are:
  # NONE - no additional user session attributes will be introduced.
  # HTTP_HEADER - additional user session attributes will be introduced into HTTP header.
  # HTTP_COOKIE - additional user session attributes will be introduced through cookies.
  # If not within these values, it will be considered as NONE.
  com.sun.am.policy.agents.config.session.attribute.fetch.mode=NONE
  # The session attributes to be added to the HTTP header. The specification is
  # of the format session_attribute_name|http_header_name[,...].
  # session_attribute_name is the attribute in session to be fetched and
  # http_header_name is the name of the header to which the value needs to be
  # assigned.
  # NOTE: In most cases, in a destination application where a "http_header_name"
  # shows up as a request header, it will be prefixed by HTTP_, and all
  # lower case letters will become upper case, and any - will become _;
  # For example, "common-name" would become "HTTP_COMMON_NAME"
  com.sun.am.policy.agents.config.session.attribute.map=
  # Response Attribute Fetch Mode
  # String attribute mode to specify if additional user response attributes should
  # be introduced into the request. Possible values are:
  # NONE - no additional user response attributes will be introduced.
  # HTTP_HEADER - additional user response attributes will be introduced into
  # HTTP header.
  # HTTP_COOKIE - additional user response attributes will be introduced through
  # cookies.
  # If not within these values, it will be considered as NONE.
  com.sun.am.policy.agents.config.response.attribute.fetch.mode=NONE
  # The response attributes to be added to the HTTP header. The specification is
  # of the format response_attribute_name|http_header_name[,...].
  # response_attribute_name is the attribute in policy response to be fetched and
  # http_header_name is the name of the header to which the value needs to be
  # assigned.
  # NOTE: In most cases, in a destination application where a "http_header_name"
  # shows up as a request header, it will be prefixed by HTTP_, and all
  # lower case letters will become upper case, and any - will become _;
  # For example, "common-name" would become "HTTP_COMMON_NAME"
  com.sun.am.policy.agents.config.response.attribute.map=
  # The cookie name used in iAS for sticky load balancing
  com.sun.am.policy.am.lb.cookie.name = GX_jst
  # indicate where a load balancer is used for Access Manager
  # services.
  # true | false
  com.sun.am.load_balancer.enable = false
  ####Agent Configuration####
  # this is for product versioning, please do not modify it
  com.sun.am.policy.agents.config.version=2.2
  # Set the url access logging level. the choices are
  # LOG_NONE - do not log user access to url
  # LOG_DENY - log url access that was denied.
  # LOG_ALLOW - log url access that was allowed.
  # LOG_BOTH - log url access that was allowed or denied.
  com.sun.am.policy.agents.config.audit.accesstype = LOG_BOTH
  # Agent prefix
  com.sun.am.policy.agents.config.agenturi.prefix = http://sharepoint.lta.mil.se:80/amagent
  # Locale setting.
  com.sun.am.policy.agents.config.locale = en_US
  # The unique identifier for this agent instance.
  com.sun.am.policy.agents.config.instance.name = unused
  # Do SSO only
  # Boolean attribute to indicate whether the agent will just enforce user
  # authentication (SSO) without enforcing policies (authorization)
  com.sun.am.policy.agents.config.do_sso_only = true
  # The URL of the access denied page. If no value is specified, then
  # the agent will return an HTTP status of 403 (Forbidden).
  com.sun.am.policy.agents.config.accessdenied.url =
  # This property indicates if FQDN checking is enabled or not.
  com.sun.am.policy.agents.config.fqdn.check.enable = true
  # Default FQDN is the fully qualified hostname that the users should use
  # in order to access resources on this web server instance. This is a
  # required configuration value without which the Web server may not
  # startup correctly.
  # The primary purpose of specifying this property is to ensure that if
  # the users try to access protected resources on this web server
  # instance without specifying the FQDN in the browser URL, the Agent
  # can take corrective action and redirect the user to the URL that
  # contains the correct FQDN.
  # This property is set during the agent installation and need not be
  # modified unless absolutely necessary to accommodate deployment
  # requirements.
  # WARNING: Invalid value for this property can result in the Web Server
  # becoming unusable or the resources becoming inaccessible.
  # See also: com.sun.am.policy.agents.config.fqdn.check.enable,
  # com.sun.am.policy.agents.config.fqdn.map
  com.sun.am.policy.agents.config.fqdn.default = sharepoint.lta.mil.se
  # The FQDN Map is a simple map that enables the Agent to take corrective
  # action in the case where the users may have typed in an incorrect URL
  # such as by specifying partial hostname or using an IP address to
  # access protected resources. It redirects the browser to the URL
  # with fully qualified domain name so that cookies related to the domain
  # are received by the agents.
  # The format for this property is:
  # com.sun.am.policy.agents.config.fqdn.map = [invalid_hostname|valid_hostname][,...]
  # This property can also be used so that the agents use the name specified
  # in this map instead of the web server's actual name. This can be
  # accomplished by doing the following.
  # Say you want your server to be addressed as xyz.hostname.com whereas the
  # actual name of the server is abc.hostname.com. The browsers only knows
  # xyz.hostname.com and you have specified polices using xyz.hostname.com at
  # the Access Manager policy console, in this file set the mapping as
  # com.sun.am.policy.agents.fqdn.map = valid|xyz.hostname.com
  # Another example is if you have multiple virtual servers say rst.hostname.com,
  # uvw.hostname.com and xyz.hostname.com pointing to the same actual server
  # abc.hostname.com and each of the virtual servers have their own policies
  # defined, then the fqdnMap should be defined as follows:
  # com.sun.am.policy.agents.fqdn.map = valid1|rst.hostname.com,valid2|uvw.hostname.com,valid3|xyz.hostname.com
  # WARNING: Invalid value for this property can result in the Web Server
  # becoming unusable or the resources becoming inaccessible.
  com.sun.am.policy.agents.config.fqdn.map =
  # Cookie Reset
  # This property must be set to true, if this agent needs to
  # reset cookies in the response before redirecting to
  # Access Manager for Authentication.
  # By default this is set to false.
  # Example : com.sun.am.policy.agents.config.cookie.reset.enable=true
  com.sun.am.policy.agents.config.cookie.reset.enable=false
  # This property gives the comma separated list of Cookies, that
  # need to be included in the Redirect Response to Access Manager.
  # This property is used only if the Cookie Reset feature is enabled.
  # The Cookie details need to be specified in the following Format
  # name[=value][;Domain=value]
  # If "Domain" is not specified, then the default agent domain is
  # used to set the Cookie.
  # Example : com.sun.am.policy.agents.config.cookie.reset.list=LtpaToken,
  # token=value;Domain=subdomain.domain.com
  com.sun.am.policy.agents.config.cookie.reset.list=
  # This property gives the space separated list of domains in
  # which cookies have to be set in a CDSSO scenario. This property
  # is used only if CDSSO is enabled.
  # If this property is left blank then the fully qualified cookie
  # domain for the agent server will be used for setting the cookie
  # domain. In such case it is a host cookie instead of a domain cookie.
  # Example : com.sun.am.policy.agents.config.cookie.domain.list=.sun.com .iplanet.com
  com.sun.am.policy.agents.config.cookie.domain.list=
  # user id returned if accessing global allow page and not authenticated
  com.sun.am.policy.agents.config.anonymous_user=anonymous
  # Enable/Disable REMOTE_USER processing for anonymous users
  # true | false
  com.sun.am.policy.agents.config.anonymous_user.enable=false
  # Not enforced list is the list of URLs for which no authentication is
  # required. Wildcards can be used to define a pattern of URLs.
  # The URLs specified may not contain any query parameters.
  # Each service have their own not enforced list. The service name is suffixed
  # after "# com.sun.am.policy.agents.notenforcedList." to specify a list
  # for a particular service. SPACE is the separator between the URL.
  com.sun.am.policy.agents.config.notenforced_list = SERVER_PROTO://SERVER_HOST:SERVER_PORTSERVER_DEPLOY_URI/UI/* SERVER_PROTO://SERVER_HOST:SERVER_PORTCONSOLE_DEPLOY_URI/* SERVER_PROTO://SERVER_HOST:SERVER_PORTSERVER_DEPLOY_URI/login_images/* SERVER_PROTO://SERVER_HOST:SERVER_PORT/docs* SERVER_PROTO://SERVER_HOST:SERVER_PORTSERVER_DEPLOY_URI/namingservice SERVER_PROTO://SERVER_HOST:SERVER_PORTSERVER_DEPLOY_URI/sessionservice SERVER_PROTO://SERVER_HOST:SERVER_PORTSERVER_DEPLOY_URI/loggingservice SERVER_PROTO://SERVER_HOST:SERVER_PORTSERVER_DEPLOY_URI/profileservice SERVER_PROTO://SERVER_HOST:SERVER_PORTSERVER_DEPLOY_URI/policyservice SERVER_PROTO://SERVER_HOST:SERVER_PORTSERVER_DEPLOY_URI/config* SERVER_PROTO://SERVER_HOST:SERVER_PORTSERVER_DEPLOY_URI/js/* SERVER_PROTO://SERVER_HOST:SERVER_PORTSERVER_DEPLOY_URI/css/* SERVER_PROTO://SERVER_HOST:SERVER_PORTSERVER_DEPLOY_URI/authservice SERVER_PROTO://SERVER_HOST:SERVER_PORTSERVER_DEPLOY_URI/SAMLAwareServlet SERVER_PROTO://SERVER_HOST:SERVER_PORTSERVER_DEPLOY_URI/SAMLSOAPReceiver SERVER_PROTO://SERVER_HOST:SERVER_PORTSERVER_DEPLOY_URI/SAMLPOSTProfileServlet
  # Boolean attribute to indicate whether the above list is a not enforced list
  # or an enforced list; When the value is true, the list means enforced list,
  # or in other words, the whole web site is open/accessible without
  # authentication except for those URLs in the list.
  com.sun.am.policy.agents.config.notenforced_list.invert = false
  # Not enforced client IP address list is a list of client IP addresses.
  # No authentication and authorization are required for the requests coming
  # from these client IP addresses. The IP address must be in the form of
  # eg: 192.168.12.2 1.1.1.1
  com.sun.am.policy.agents.config.notenforced_client_ip_list =
  # Enable POST data preservation; By default it is set to false
  com.sun.am.policy.agents.config.postdata.preserve.enable = false
  # POST data preservation : POST cache entry lifetime in minutes,
  # After the specified interval, the entry will be dropped
  com.sun.am.policy.agents.config.postcache.entry.lifetime = 10
  # Cross-Domain Single Sign On URL
  # Is CDSSO enabled.
  com.sun.am.policy.agents.config.cdsso.enable=false
  # This is the URL the user will be redirected to for authentication
  # in a CDSSO Scenario.
  com.sun.am.policy.agents.config.cdcservlet.url =
  # Enable/Disable client IP address validation. This validate
  # will check if the subsequent browser requests come from the
  # same ip address that the SSO token is initially issued against
  com.sun.am.policy.agents.config.client_ip_validation.enable = false
  # Below properties are used to define cookie prefix and cookie max age
  com.sun.am.policy.agents.config.profile.attribute.cookie.prefix = HTTP_
  com.sun.am.policy.agents.config.profile.attribute.cookie.maxage = 300
  # Logout URL - application's Logout URL.
  # This URL is not enforced by policy.
  # if set, agent will intercept this URL and destroy the user's session,
  # if any. The application's logout URL will be allowed whether or not
  # the session destroy is successful.
  com.sun.am.policy.agents.config.logout.url=
  # Any cookies to be reset upon logout in the same format as cookie_reset_list
  com.sun.am.policy.agents.config.logout.cookie.reset.list =
  # By default, when a policy decision for a resource is needed,
  # agent gets and caches the policy decision of the resource and
  # all resource from the root of the resource down, from the Access Manager.
  # For example, if the resource is http://host/a/b/c, the the root of the
  # resource is http://host/. This is because more resources from the
  # same path are likely to be accessed subsequently.
  # However this may take a long time the first time if there
  # are many many policies defined under the root resource.
  # To have agent get and cache the policy decision for the resource only,
  # set the following property to false.
  com.sun.am.policy.am.fetch_from_root_resource = true
  # Whether to get the client's hostname through DNS reverse lookup for use
  # in policy evaluation.
  # It is true by default, if the property does not exist or if it is
  # any value other than false.
  com.sun.am.policy.agents.config.get_client_host_name = true
  # The following property is to enable native encoding of
  # ldap header attributes forwarded by agents. If set to true
  # agent will encode the ldap header value in the default
  # encoding of OS locale. If set to false ldap header values
  # will be encoded in UTF-8
  com.sun.am.policy.agents.config.convert_mbyte.enable = false
  #When the not enforced list or policy has a wildcard '*' character, agent
  #strips the path info from the request URI and uses the resulting request
  #URI to check against the not enforced list or policy instead of the entire
  #request URI, in order to prevent someone from getting access to any URI by
  #simply appending the matching pattern in the policy or not enforced list.
  #For example, if the not enforced list has the value http://host/*.gif,
  #stripping the path info from the request URI will prevent someone from
  #getting access to http://host/index.html by using the URL http://host/index.html?hack.gif.
  #However when a web server (for exmample apache) is configured to be a reverse
  #proxy server for a J2EE application server, path info is interpreted in a different
  #manner since it maps to a resource on the proxy instead of the app server.
  #This prevents the not enforced list or policy from being applied to part of
  #the URI below the app serverpath if there is a wildcard character. For example,
  #if the not enforced list has value http://host/webapp/servcontext/* and the
  #request URL is http://host/webapp/servcontext/example.jsp the path info
  #is /servcontext/example.jsp and the resulting request URL with path info stripped
  #is http://host/webapp, which will not match the not enforced list. By setting the
  #following property to true, the path info will not be stripped from the request URL
  #even if there is a wild character in the not enforced list or policy.
  #Be aware though that if this is set to true there should be nothing following the
  #wildcard character '*' in the not enforced list or policy, or the
  #security loophole described above may occur.
  com.sun.am.policy.agents.config.ignore_path_info = false
  # Override the request url given by the web server with
  # the protocol, host or port of the agent's uri specified in
  # the com.sun.am.policy.agents.agenturiprefix property.
  # These may be needed if the agent is sitting behind a ssl off-loader,
  # load balancer, or proxy, and either the protocol (HTTP scheme),
  # hostname, or port of the machine in front of agent which users go through
  # is different from the agent's protocol, host or port.
  com.sun.am.policy.agents.config.override_protocol =
  com.sun.am.policy.agents.config.override_host =
  com.sun.am.policy.agents.config.override_port = true
  # Override the notification url in the same way as other request urls.
  # Set this to true if any one of the override properties above is true,
  # and if the notification url is coming through the proxy or load balancer
  # in the same way as other request url's.
  com.sun.am.policy.agents.config.override_notification.url =
  # The following property defines how long to wait in attempting
  # to connect to an Access Manager AUTH server.
  # The default value is 2 seconds. This value needs to be increased
  # when receiving the error "unable to find active Access Manager Auth server"
  com.sun.am.policy.agents.config.connection_timeout =
  # Time in milliseconds the agent will wait to receive the
  # response from Access Manager. After the timeout, the connection
  # will be drop.
  # A value of 0 means that the agent will wait until receiving the response.
  # WARNING: Invalid value for this property can result in
  # the resources becoming inaccessible.
  com.sun.am.receive_timeout = 0
  # The three following properties are for IIS6 agent only.
  # The two first properties allow to set a username and password that will be
  # used by the authentication filter to pass the Windows challenge when the Basic
  # Authentication option is selected in Microsoft IIS 6.0. The authentication
  # filter is named amiis6auth.dll and is located in
  # Agent_installation_directory/iis6/bin. It must be installed manually on
  # the web site ("ISAPI Filters" tab in the properties of the web site).
  # It must also be uninstalled manually when unintalling the agent.
  # The last property defines the full path for the authentication filter log file.
  com.sun.am.policy.agents.config.iis6.basicAuthentication.username =
  com.sun.am.policy.agents.config.iis6.basicAuthentication.password =
  com.sun.am.policy.agents.config.iis6.basicAuthentication.logFile = C:/Sun/Access_Manager/Agents/2.2/debug/Identifier_1414639615/amAuthFilter

  If the agent doesnot start properly you would always get redirected to com.sun.am.policy.agents.config.accessdenied.url , if thats not specified you will get a 403.
  For the agent itself check that the naming.url is correct. the agent username and passwords are correct, and see that the user has priviledges to write to the agent log files. Apart from these post the windows event logs.

• Policy Agent 2.0 redirect after auth

  Versions:
  Solaris 8
  Identity Server 6.0
  Policy Agent 2.0
  Web Server: iWS 6.0
  We are having a problem with redirecting users to a specific page after authentication.
  Here is our scenario:
  When a user tries to access a URL on our WS with the Policy Agent 2.0 installed, they get redirected to our login page on the Identity Server, which is fine.
  The problem is that the original URL is appended in a "goto," and after successfully logging in, the user is redirected to the page in the "goto," and not our default success URL.
  We are unable to force the user to a specific success URL after login.
  Is there a way to prevent the "goto" from being called, or to force a specific success URL regardless of what is being called in the "goto".
  We are unsure if this needs to occur in the setup of the organization in the IS, or if it needs to happen in the AMagent.properties file in the Policy Agent.
  Please help!

  Thanks for all replies.
  Apache: There is nothing special in access_log and error_log. However, there is no problem to use policy agent on Solaris 2.9 + Apache 1.3.26.
  IIS: The system path contains the right folder that holds the dll (i think that's done by the installation program), while the system was reboot several times but the situation didn't improve.
  Thanks again.
  Rgds.

• Policy Agent load error

  Installed Java system access manager policy agent 2.2 for Apache 2.0.54. Installation was OK with no error. It's RHEL version 4 (AS).
  Restart Apache to load the agent, it failed with following error:
  Starting httpd: Syntax error on line 1 of /etc/opt/agents/apache/config/_etc_httpd_conf/dsame.conf:
  Cannot load /usr/local/spa/agents/apache/lib/libamapc2.so into server: /usr/local/spa/agents/apache/lib/libamapc2.so: undefined symbol: ZNSt24_default_alloc_templateILb1ELi0EE12_S_free_listE
  [FAILED]
  Anyone has seen this? How to fix it? Thank you very much.

  First thank you for your help. I ran ldd command and got no errors:
  ldd /usr/local/spa/agents/apache/lib/libamapc2.so
  libxml2.so.2 => /usr/local/spa/agents/apache/lib/libxml2.so.2 (0x00111000)
  libssl3.so => /usr/lib/libssl3.so (0x0055d000)
  libnss3.so => /usr/lib/libnss3.so (0x002a0000)
  libplc4.so => /usr/lib/libplc4.so (0x00d04000)
  libplds4.so => /usr/lib/libplds4.so (0x00c5c000)
  libnspr4.so => /usr/lib/libnspr4.so (0x00d10000)
  libpthread.so.0 => /lib/tls/libpthread.so.0 (0x001f3000)
  libdl.so.2 => /lib/libdl.so.2 (0x00205000)
  libstdc++.so.5 => /usr/lib/libstdc++.so.5 (0x003c4000)
  libm.so.6 => /lib/tls/libm.so.6 (0x00209000)
  libc.so.6 => /lib/tls/libc.so.6 (0x0057d000)
  libgcc_s.so.1 => /lib/libgcc_s.so.1 (0x00e0f000)
  libz.so.1 => /usr/lib/libz.so.1 (0x0022c000)
  libsoftokn3.so => /usr/lib/libsoftokn3.so (0x00b74000)
  /lib/ld-linux.so.2 (0x003ad000)
  According to Sun, the agent is for Apache 2.0.54, but the Apache on my server is 2.0.52 bundled with OS. Without upgrading Apache, do you have any solution? Thanks again.