Can the IS 6.0 Policy Agent run on FreeBSD?

I see the policy agent can run on Apache 1.3.26 for Red Hat Linux 7.2. Could you get it to work on Apache 1.3.26 for FreeBSD 4.x?

thanks for your reply....
But in the landscape there are two portal server on ep 6.0 and they are trying upgrade only one to EP 7, but they both are pointing to same r3 4.6c which is getting upgraded to ECC 6.0.
than in such a scenario will the existing EP 6.0 based on WAS 620 work with the integrated ITS.
Regards,
Ravi

Similar Messages

Does the 2.1 web policy agent for Windows 2003 work on a 64 bit OS ?

Does the 2.1 web policy agent for Windows 2003 work on a 64 bit OS ?
I have a customer having a world of issues getting the agent to start.
Jeff Courtade

No. 64bit support is not there for 2.1 agents on Windows.
-Subba

Can the new Intel Mac Mini really run Win XP?

I have had my Mac Mini for almost two years now and i love it, i love it because i switched from Windows, but now i kind of miss Windows so i was going to buy a Windows PC but then i read somewhere that the new 1.66GHz Intel Core Duo Mac Mini can run Windows XP, so i have few questions if that is true...
1. How well will Win XP run on the new 1.66 GHz Mini with 1 Gig of RAM?
2. Which version of XP do i need to buy and where is the best place to buy it?
3. I know this might be a dumb question since Windows Vista is not out yet but do you think i will be able to use Vista as well?
Vista requires 512 of RAM for the basics and 1 Gig of RAM for max performance.
That's all i have for now, thanks in advance.
Any help and advice would be greatly appreciated!
Mac Mini 1.42 GHz G4 Mac OS X (10.3.9) It's small...?

1) If ou run it with Boot Camp (i.e. in a dual-boot environment, rather than through virtualization), it will run as well as on a PC with 1 GB of RAM, a 1.66 Ghz Core Duo processor and GMA 950 integrated graphics (quite well, but unsuitable for recent 3D games).
2) You need a standalone (non-OEM) version of Windows XP Home or Pro with SP2 included, any retail version of Windows XP should do. There are also workarounds that allow you to install other versions of Windows (like Windows XP Media Center).
3) The Mini should be able to run Vista (some people have already installed Beta versions of Vista on Intel Minis) but how well, I don't know.
BTW Boot Camp is actually Beta software, and its license ends in February 2007 (or earlier if Leopard is released before then).
If you need more information, you can also ask in the Boot Camp forum.

Can the lid be closed and still run the computer with an external display?

I purchased a 19" LCD display to hook to my G3, everything works fine but I cannot find any reference on whether the lid for the laptop can be closed while running the computer. Can anyone help answer this for me? Currently I am looking at my laptop with the lid half-closed, or is that open...Any help would be greatly appreciated.
Thanks!
PowerBook G3 333MHz Mac OS X (10.3.9) The Lombard, 384MB RAM

Make sure the computer is plugged in on the AC power adapter. (this is because the power requirements are higher for an external display.)
- Close the PowerBook's display. The PowerBook will go to sleep.
- Connect the external monitor.
- Turn on the external monitor.
- Connect an external Apple USB keyboard and mouse.
- Now the PowerBook will wake from sleep.
Next time when you want your Powerbook to sleep use the "sleep" option from the Blue Apple menu (on the left top).
Hopefully this is helpfull or solved your problem. Consider rewarding some points!
Please see the "helpfull" and "solved" button's on top off this message! Apple: Why reward points?

Can the current Macbook Pro 13 inch run Color?

Under Minimum Requirements, it says it needs a bigger display. Can it still run, even if it is a little small, or will it refuse to run altogether?

Double click on the screen icon and find out!
I doubt it, though. The minimums are pretty hard-and-fast, mostly because the UI is absolutely inflexible. There are hacks for re-setting the minimums at an OS level, but the results are unpredictable and usually result in an unusable install. Mostly because users can't read the tiny print on the buttons.
jPo

Can the Late 2012 Mac Mini Server run on Lion, instead of Mountain Lion?

Since I plan to use this (USB 2) device http://plugable.com/products/UGA-2K-A
on a (yet to be ordered) Late 2012 Mac Mini Server, I am wondering:
could that box run on Lion, instead of Mountain Lion ? (the usb 2 device has some M.L. issues still)
I would not really need the server-part (only want the box because of the 2 disk drives), maybe that influences things.
Would there be any possibility to order it from Apple with Lion instead of Mountain Lion pre-installed ?
Could the latest hardware in the box not-function under Lion, thereby necessitating Mountain Lion ?
Thanks to all for thinking with me!
Best,
Arie

It's simple: you cannot use a version of OS X older than the version that the Mac shipped with. At the very least, this is because the hardware may not be supported.

Can the Zen 4gb work on Macbook running Bootcamp Windows Vist

With the falling Macbook prices from Apple, I am considering getting one within the next few month. I know that officially the Creative Zen 4gb would not work nati'vely on the Macbook however I am planning to install Windows Vista via Bootcamp and was wondering if I would face any problem syncing the Zen 4gb under Windows Vista on the Macbook hardware ?
Thanks.

I had a similar problem trying to install Win7 x64 on my 2009 iMac. I finally copied the entire Boot Camp driver folder from the OS X installation DVD to Windows. Then I went to \drivers\bootcamp64.msi, right-clicked on it and selected Troubleshoot Compatibility. Windows chugged a bit and came up with a dialog that said Try Recommended Settings. Click on that, then Start Program. The Boot Camp installer now worked great.
Give it a shot.

Can Xgrid controller and agent run on the same controller?

I am trying to setup an Xgrid on 2 Mac OS X Leopard computers. My intention was setting up one computer as a controller/agent and other computer as an agent so that I can have a grid with 2 agents running on different computers. I setup my grid with xgridctl and using Xgrid Admin, I am able to view the grid on a GUI program. In Xgrid Admin, I also see 2 computers (One is local, other one is remote computer) listed with their IP addresses. Only the remote computer's status is "Available". Local computer's status is "Unavailable".
I was about to conclude that you can not have controller and agent on the same computer but I decided to shoot an email to apple mailing list and expect some clarification.
Thanks in advance for the support,
Umut Tezduyar

You might get a better response to this in either the [OS X Server forum|http://discussions.apple.com/category.jspa?categoryID=96] or even the [Xgrid area!|http://discussions.apple.com/forum.jspa?forumID=722]

While configuring a 2nd Essbaseserver to SS can the 1st one be up & running

Hi,
While installing and configuring a new(second one) essbase server to an existing Shared services database which already has an essbase server(1st one) registered to it, can the 1st one be up and running or does it have to be shut down. Also is there any other precaution to take note of while doing this. Thanks in advance.
Ted.

It shouldn't matter whether it is running or not, personally I like to have things stopped when configuring but that is just my preference.
Cheers
John
http://john-goodwin.blogspot.com/

No log for am policy agent for iis6

Hello!
Im trying to get Policy Agent for IIS to run on my Win Srv 2003 with IIS6 and Sharepoint Services.
I am running the OpenSSO version of Access Manager.
I have installed the agent and done the initial cofiguration.
When i try to browse the resource i get a login prompt (IIS Basic Auth)and cannot login followed by "Not Authorized 401.3"
I should get redirected to the AM Login page, shouldn't I?
I tried to look for answers in the log file but the /debug/<id> directory i empty.
Anyone know what to do?
The amAgent.properties file:
# $Id: AMAgent.properties,v 1.103 2005/09/19 22:08:34 madan Exp $
# The syntax of this file is that of a standard Java properties file,
# see the documentation for the java.util.Properties.load method for a
# complete description. (CAVEAT: The SDK in the parser does not currently
# support any backslash escapes except for wrapping long lines.)
# All property names in this file are case-sensitive.
# NOTE: The value of a property that is specified multiple times is not
# defined.
# WARNING: The contents of this file are classified as an UNSTABLE
# interface by Sun Microsystems, Inc. As such, they are subject to
# significant, incompatible changes in any future release of the
# software.
# The name of the cookie passed between the Access Manager
# and the SDK.
# WARNING: Changing this property without making the corresponding change
# to the Access Manager will disable the SDK.
com.sun.am.cookie.name = iPlanetDirectoryPro
# The URL for the Access Manager Naming service.
com.sun.am.naming.url = http://login.lta.mil.se:8080/opensso/namingservice
# The URL of the login page on the Access Manager.
com.sun.am.policy.am.login.url = http://login.lta.mil.se:8080/opensso/UI/Login
# Name of the file to use for logging messages.
com.sun.am.policy.agents.config.local.log.file = C:/Sun/Access_Manager/Agents/2.2/debug/Identifier_1414639615/amAgent
# This property is used for Log Rotation. The value of the property specifies
# whether the agent deployed on the server supports the feature of not. If set
# to false all log messages are written to the same file.
com.sun.am.policy.agents.config.local.log.rotate = true
# Name of the Access Manager log file to use for logging messages to
# Access Manager.
# Just the name of the file is needed. The directory of the file
# is determined by settings configured on the Access Manager.
com.sun.am.policy.agents.config.remote.log = amAuthLog.sharepoint.lta.mil.se.80
# Set the logging level for the specified logging categories.
# The format of the values is
# <ModuleName>[:<Level>][,<ModuleName>[:<Level>]]*
# The currently used module names are: AuthService, NamingService,
# PolicyService, SessionService, PolicyEngine, ServiceEngine,
# Notification, PolicyAgent, RemoteLog and all.
# The all module can be used to set the logging level for all currently
# none logging modules. This will also establish the default level for
# all subsequently created modules.
# The meaning of the 'Level' value is described below:
# 0 Disable logging from specified module*
# 1 Log error messages
# 2 Log warning and error messages
# 3 Log info, warning, and error messages
# 4 Log debug, info, warning, and error messages
# 5 Like level 4, but with even more debugging messages
# 128 log url access to log file on AM server.
# 256 log url access to log file on local machine.
# If level is omitted, then the logging module will be created with
# the default logging level, which is the logging level associated with
# the 'all' module.
# for level of 128 and 256, you must also specify a logAccessType.
# *Even if the level is set to zero, some messages may be produced for
# a module if they are logged with the special level value of 'always'.
com.sun.am.log.level = 5
# The org, username and password for Agent to login to AM.
com.sun.am.policy.am.username = UrlAccessAgent
com.sun.am.policy.am.password = PN4rEZ1uhx1404ivWY6HPQ==
# Name of the directory containing the certificate databases for SSL.
com.sun.am.sslcert.dir = C:/Sun/Access_Manager/Agents/2.2/iis6/cert
# Set this property if the certificate databases in the directory specified
# by the previous property have a prefix.
com.sun.am.certdb.prefix =
# Should agent trust all server certificates when Access Manager
# is running SSL?
# Possible values are true or false.
com.sun.am.trust_server_certs = true
# Should the policy SDK use the Access Manager notification
# mechanism to maintain the consistency of its internal cache? If the value
# is false, then a polling mechanism is used to maintain cache consistency.
# Possible values are true or false.
com.sun.am.notification.enable = true
# URL to which notification messages should be sent if notification is
# enabled, see previous property.
com.sun.am.notification.url = http://sharepoint.lta.mil.se:80/amagent/UpdateAgentCacheServlet?shortcircuit=false
# This property determines whether URL string case sensitivity is
# obeyed during policy evaluation
com.sun.am.policy.am.url_comparison.case_ignore = true
# This property determines the amount of time (in minutes) an entry
# remains valid after it has been added to the cache. The default
# value for this property is 3 minutes.
com.sun.am.policy.am.polling.interval=3
# This property allows the user to configure the User Id parameter passed
# by the session information from the access manager. The value of User
# Id will be used by the agent to set the value of REMOTE_USER server
# variable. By default this parameter is set to "UserToken"
com.sun.am.policy.am.userid.param=UserToken
# Profile attributes fetch mode
# String attribute mode to specify if additional user profile attributes should
# be introduced into the request. Possible values are:
# NONE - no additional user profile attributes will be introduced.
# HTTP_HEADER - additional user profile attributes will be introduced into
# HTTP header.
# HTTP_COOKIE - additional user profile attributes will be introduced through
# cookies.
# If not within these values, it will be considered as NONE.
com.sun.am.policy.agents.config.profile.attribute.fetch.mode=NONE
# The user profile attributes to be added to the HTTP header. The
# specification is of the format ldap_attribute_name|http_header_name[,...].
# ldap_attribute_name is the attribute in data store to be fetched and
# http_header_name is the name of the header to which the value needs
# to be assigned.
# NOTE: In most cases, in a destination application where a "http_header_name"
# shows up as a request header, it will be prefixed by HTTP_, and all
# lower case letters will become upper case, and any - will become _;
# For example, "common-name" would become "HTTP_COMMON_NAME"
com.sun.am.policy.agents.config.profile.attribute.map=cn|common-name,ou|organiz ational-unit,o|organization,mail|email,employeenumber|employee-number,c|country
# Session attributes mode
# String attribute mode to specify if additional user session attributes should
# be introduced into the request. Possible values are:
# NONE - no additional user session attributes will be introduced.
# HTTP_HEADER - additional user session attributes will be introduced into HTTP header.
# HTTP_COOKIE - additional user session attributes will be introduced through cookies.
# If not within these values, it will be considered as NONE.
com.sun.am.policy.agents.config.session.attribute.fetch.mode=NONE
# The session attributes to be added to the HTTP header. The specification is
# of the format session_attribute_name|http_header_name[,...].
# session_attribute_name is the attribute in session to be fetched and
# http_header_name is the name of the header to which the value needs to be
# assigned.
# NOTE: In most cases, in a destination application where a "http_header_name"
# shows up as a request header, it will be prefixed by HTTP_, and all
# lower case letters will become upper case, and any - will become _;
# For example, "common-name" would become "HTTP_COMMON_NAME"
com.sun.am.policy.agents.config.session.attribute.map=
# Response Attribute Fetch Mode
# String attribute mode to specify if additional user response attributes should
# be introduced into the request. Possible values are:
# NONE - no additional user response attributes will be introduced.
# HTTP_HEADER - additional user response attributes will be introduced into
# HTTP header.
# HTTP_COOKIE - additional user response attributes will be introduced through
# cookies.
# If not within these values, it will be considered as NONE.
com.sun.am.policy.agents.config.response.attribute.fetch.mode=NONE
# The response attributes to be added to the HTTP header. The specification is
# of the format response_attribute_name|http_header_name[,...].
# response_attribute_name is the attribute in policy response to be fetched and
# http_header_name is the name of the header to which the value needs to be
# assigned.
# NOTE: In most cases, in a destination application where a "http_header_name"
# shows up as a request header, it will be prefixed by HTTP_, and all
# lower case letters will become upper case, and any - will become _;
# For example, "common-name" would become "HTTP_COMMON_NAME"
com.sun.am.policy.agents.config.response.attribute.map=
# The cookie name used in iAS for sticky load balancing
com.sun.am.policy.am.lb.cookie.name = GX_jst
# indicate where a load balancer is used for Access Manager
# services.
# true | false
com.sun.am.load_balancer.enable = false
####Agent Configuration####
# this is for product versioning, please do not modify it
com.sun.am.policy.agents.config.version=2.2
# Set the url access logging level. the choices are
# LOG_NONE - do not log user access to url
# LOG_DENY - log url access that was denied.
# LOG_ALLOW - log url access that was allowed.
# LOG_BOTH - log url access that was allowed or denied.
com.sun.am.policy.agents.config.audit.accesstype = LOG_BOTH
# Agent prefix
com.sun.am.policy.agents.config.agenturi.prefix = http://sharepoint.lta.mil.se:80/amagent
# Locale setting.
com.sun.am.policy.agents.config.locale = en_US
# The unique identifier for this agent instance.
com.sun.am.policy.agents.config.instance.name = unused
# Do SSO only
# Boolean attribute to indicate whether the agent will just enforce user
# authentication (SSO) without enforcing policies (authorization)
com.sun.am.policy.agents.config.do_sso_only = true
# The URL of the access denied page. If no value is specified, then
# the agent will return an HTTP status of 403 (Forbidden).
com.sun.am.policy.agents.config.accessdenied.url =
# This property indicates if FQDN checking is enabled or not.
com.sun.am.policy.agents.config.fqdn.check.enable = true
# Default FQDN is the fully qualified hostname that the users should use
# in order to access resources on this web server instance. This is a
# required configuration value without which the Web server may not
# startup correctly.
# The primary purpose of specifying this property is to ensure that if
# the users try to access protected resources on this web server
# instance without specifying the FQDN in the browser URL, the Agent
# can take corrective action and redirect the user to the URL that
# contains the correct FQDN.
# This property is set during the agent installation and need not be
# modified unless absolutely necessary to accommodate deployment
# requirements.
# WARNING: Invalid value for this property can result in the Web Server
# becoming unusable or the resources becoming inaccessible.
# See also: com.sun.am.policy.agents.config.fqdn.check.enable,
# com.sun.am.policy.agents.config.fqdn.map
com.sun.am.policy.agents.config.fqdn.default = sharepoint.lta.mil.se
# The FQDN Map is a simple map that enables the Agent to take corrective
# action in the case where the users may have typed in an incorrect URL
# such as by specifying partial hostname or using an IP address to
# access protected resources. It redirects the browser to the URL
# with fully qualified domain name so that cookies related to the domain
# are received by the agents.
# The format for this property is:
# com.sun.am.policy.agents.config.fqdn.map = [invalid_hostname|valid_hostname][,...]
# This property can also be used so that the agents use the name specified
# in this map instead of the web server's actual name. This can be
# accomplished by doing the following.
# Say you want your server to be addressed as xyz.hostname.com whereas the
# actual name of the server is abc.hostname.com. The browsers only knows
# xyz.hostname.com and you have specified polices using xyz.hostname.com at
# the Access Manager policy console, in this file set the mapping as
# com.sun.am.policy.agents.fqdn.map = valid|xyz.hostname.com
# Another example is if you have multiple virtual servers say rst.hostname.com,
# uvw.hostname.com and xyz.hostname.com pointing to the same actual server
# abc.hostname.com and each of the virtual servers have their own policies
# defined, then the fqdnMap should be defined as follows:
# com.sun.am.policy.agents.fqdn.map = valid1|rst.hostname.com,valid2|uvw.hostname.com,valid3|xyz.hostname.com
# WARNING: Invalid value for this property can result in the Web Server
# becoming unusable or the resources becoming inaccessible.
com.sun.am.policy.agents.config.fqdn.map =
# Cookie Reset
# This property must be set to true, if this agent needs to
# reset cookies in the response before redirecting to
# Access Manager for Authentication.
# By default this is set to false.
# Example : com.sun.am.policy.agents.config.cookie.reset.enable=true
com.sun.am.policy.agents.config.cookie.reset.enable=false
# This property gives the comma separated list of Cookies, that
# need to be included in the Redirect Response to Access Manager.
# This property is used only if the Cookie Reset feature is enabled.
# The Cookie details need to be specified in the following Format
# name[=value][;Domain=value]
# If "Domain" is not specified, then the default agent domain is
# used to set the Cookie.
# Example : com.sun.am.policy.agents.config.cookie.reset.list=LtpaToken,
# token=value;Domain=subdomain.domain.com
com.sun.am.policy.agents.config.cookie.reset.list=
# This property gives the space separated list of domains in
# which cookies have to be set in a CDSSO scenario. This property
# is used only if CDSSO is enabled.
# If this property is left blank then the fully qualified cookie
# domain for the agent server will be used for setting the cookie
# domain. In such case it is a host cookie instead of a domain cookie.
# Example : com.sun.am.policy.agents.config.cookie.domain.list=.sun.com .iplanet.com
com.sun.am.policy.agents.config.cookie.domain.list=
# user id returned if accessing global allow page and not authenticated
com.sun.am.policy.agents.config.anonymous_user=anonymous
# Enable/Disable REMOTE_USER processing for anonymous users
# true | false
com.sun.am.policy.agents.config.anonymous_user.enable=false
# Not enforced list is the list of URLs for which no authentication is
# required. Wildcards can be used to define a pattern of URLs.
# The URLs specified may not contain any query parameters.
# Each service have their own not enforced list. The service name is suffixed
# after "# com.sun.am.policy.agents.notenforcedList." to specify a list
# for a particular service. SPACE is the separator between the URL.
com.sun.am.policy.agents.config.notenforced_list = SERVER_PROTO://SERVER_HOST:SERVER_PORTSERVER_DEPLOY_URI/UI/* SERVER_PROTO://SERVER_HOST:SERVER_PORTCONSOLE_DEPLOY_URI/* SERVER_PROTO://SERVER_HOST:SERVER_PORTSERVER_DEPLOY_URI/login_images/* SERVER_PROTO://SERVER_HOST:SERVER_PORT/docs* SERVER_PROTO://SERVER_HOST:SERVER_PORTSERVER_DEPLOY_URI/namingservice SERVER_PROTO://SERVER_HOST:SERVER_PORTSERVER_DEPLOY_URI/sessionservice SERVER_PROTO://SERVER_HOST:SERVER_PORTSERVER_DEPLOY_URI/loggingservice SERVER_PROTO://SERVER_HOST:SERVER_PORTSERVER_DEPLOY_URI/profileservice SERVER_PROTO://SERVER_HOST:SERVER_PORTSERVER_DEPLOY_URI/policyservice SERVER_PROTO://SERVER_HOST:SERVER_PORTSERVER_DEPLOY_URI/config* SERVER_PROTO://SERVER_HOST:SERVER_PORTSERVER_DEPLOY_URI/js/* SERVER_PROTO://SERVER_HOST:SERVER_PORTSERVER_DEPLOY_URI/css/* SERVER_PROTO://SERVER_HOST:SERVER_PORTSERVER_DEPLOY_URI/authservice SERVER_PROTO://SERVER_HOST:SERVER_PORTSERVER_DEPLOY_URI/SAMLAwareServlet SERVER_PROTO://SERVER_HOST:SERVER_PORTSERVER_DEPLOY_URI/SAMLSOAPReceiver SERVER_PROTO://SERVER_HOST:SERVER_PORTSERVER_DEPLOY_URI/SAMLPOSTProfileServlet
# Boolean attribute to indicate whether the above list is a not enforced list
# or an enforced list; When the value is true, the list means enforced list,
# or in other words, the whole web site is open/accessible without
# authentication except for those URLs in the list.
com.sun.am.policy.agents.config.notenforced_list.invert = false
# Not enforced client IP address list is a list of client IP addresses.
# No authentication and authorization are required for the requests coming
# from these client IP addresses. The IP address must be in the form of
# eg: 192.168.12.2 1.1.1.1
com.sun.am.policy.agents.config.notenforced_client_ip_list =
# Enable POST data preservation; By default it is set to false
com.sun.am.policy.agents.config.postdata.preserve.enable = false
# POST data preservation : POST cache entry lifetime in minutes,
# After the specified interval, the entry will be dropped
com.sun.am.policy.agents.config.postcache.entry.lifetime = 10
# Cross-Domain Single Sign On URL
# Is CDSSO enabled.
com.sun.am.policy.agents.config.cdsso.enable=false
# This is the URL the user will be redirected to for authentication
# in a CDSSO Scenario.
com.sun.am.policy.agents.config.cdcservlet.url =
# Enable/Disable client IP address validation. This validate
# will check if the subsequent browser requests come from the
# same ip address that the SSO token is initially issued against
com.sun.am.policy.agents.config.client_ip_validation.enable = false
# Below properties are used to define cookie prefix and cookie max age
com.sun.am.policy.agents.config.profile.attribute.cookie.prefix = HTTP_
com.sun.am.policy.agents.config.profile.attribute.cookie.maxage = 300
# Logout URL - application's Logout URL.
# This URL is not enforced by policy.
# if set, agent will intercept this URL and destroy the user's session,
# if any. The application's logout URL will be allowed whether or not
# the session destroy is successful.
com.sun.am.policy.agents.config.logout.url=
# Any cookies to be reset upon logout in the same format as cookie_reset_list
com.sun.am.policy.agents.config.logout.cookie.reset.list =
# By default, when a policy decision for a resource is needed,
# agent gets and caches the policy decision of the resource and
# all resource from the root of the resource down, from the Access Manager.
# For example, if the resource is http://host/a/b/c, the the root of the
# resource is http://host/. This is because more resources from the
# same path are likely to be accessed subsequently.
# However this may take a long time the first time if there
# are many many policies defined under the root resource.
# To have agent get and cache the policy decision for the resource only,
# set the following property to false.
com.sun.am.policy.am.fetch_from_root_resource = true
# Whether to get the client's hostname through DNS reverse lookup for use
# in policy evaluation.
# It is true by default, if the property does not exist or if it is
# any value other than false.
com.sun.am.policy.agents.config.get_client_host_name = true
# The following property is to enable native encoding of
# ldap header attributes forwarded by agents. If set to true
# agent will encode the ldap header value in the default
# encoding of OS locale. If set to false ldap header values
# will be encoded in UTF-8
com.sun.am.policy.agents.config.convert_mbyte.enable = false
#When the not enforced list or policy has a wildcard '*' character, agent
#strips the path info from the request URI and uses the resulting request
#URI to check against the not enforced list or policy instead of the entire
#request URI, in order to prevent someone from getting access to any URI by
#simply appending the matching pattern in the policy or not enforced list.
#For example, if the not enforced list has the value http://host/*.gif,
#stripping the path info from the request URI will prevent someone from
#getting access to http://host/index.html by using the URL http://host/index.html?hack.gif.
#However when a web server (for exmample apache) is configured to be a reverse
#proxy server for a J2EE application server, path info is interpreted in a different
#manner since it maps to a resource on the proxy instead of the app server.
#This prevents the not enforced list or policy from being applied to part of
#the URI below the app serverpath if there is a wildcard character. For example,
#if the not enforced list has value http://host/webapp/servcontext/* and the
#request URL is http://host/webapp/servcontext/example.jsp the path info
#is /servcontext/example.jsp and the resulting request URL with path info stripped
#is http://host/webapp, which will not match the not enforced list. By setting the
#following property to true, the path info will not be stripped from the request URL
#even if there is a wild character in the not enforced list or policy.
#Be aware though that if this is set to true there should be nothing following the
#wildcard character '*' in the not enforced list or policy, or the
#security loophole described above may occur.
com.sun.am.policy.agents.config.ignore_path_info = false
# Override the request url given by the web server with
# the protocol, host or port of the agent's uri specified in
# the com.sun.am.policy.agents.agenturiprefix property.
# These may be needed if the agent is sitting behind a ssl off-loader,
# load balancer, or proxy, and either the protocol (HTTP scheme),
# hostname, or port of the machine in front of agent which users go through
# is different from the agent's protocol, host or port.
com.sun.am.policy.agents.config.override_protocol =
com.sun.am.policy.agents.config.override_host =
com.sun.am.policy.agents.config.override_port = true
# Override the notification url in the same way as other request urls.
# Set this to true if any one of the override properties above is true,
# and if the notification url is coming through the proxy or load balancer
# in the same way as other request url's.
com.sun.am.policy.agents.config.override_notification.url =
# The following property defines how long to wait in attempting
# to connect to an Access Manager AUTH server.
# The default value is 2 seconds. This value needs to be increased
# when receiving the error "unable to find active Access Manager Auth server"
com.sun.am.policy.agents.config.connection_timeout =
# Time in milliseconds the agent will wait to receive the
# response from Access Manager. After the timeout, the connection
# will be drop.
# A value of 0 means that the agent will wait until receiving the response.
# WARNING: Invalid value for this property can result in
# the resources becoming inaccessible.
com.sun.am.receive_timeout = 0
# The three following properties are for IIS6 agent only.
# The two first properties allow to set a username and password that will be
# used by the authentication filter to pass the Windows challenge when the Basic
# Authentication option is selected in Microsoft IIS 6.0. The authentication
# filter is named amiis6auth.dll and is located in
# Agent_installation_directory/iis6/bin. It must be installed manually on
# the web site ("ISAPI Filters" tab in the properties of the web site).
# It must also be uninstalled manually when unintalling the agent.
# The last property defines the full path for the authentication filter log file.
com.sun.am.policy.agents.config.iis6.basicAuthentication.username =
com.sun.am.policy.agents.config.iis6.basicAuthentication.password =
com.sun.am.policy.agents.config.iis6.basicAuthentication.logFile = C:/Sun/Access_Manager/Agents/2.2/debug/Identifier_1414639615/amAuthFilter

If the agent doesnot start properly you would always get redirected to com.sun.am.policy.agents.config.accessdenied.url , if thats not specified you will get a 403.
For the agent itself check that the naming.url is correct. the agent username and passwords are correct, and see that the user has priviledges to write to the agent log files. Apart from these post the windows event logs.

Problem Installing Policy Agent 2.2 on Apache 2.2.3

Hi all,
I'm trying to configure policy agent 2.2 on apache 2.2.3 on linux platform CentOS (red hat 5.1).
The configuration and the installation seem to work properly, in effect in the log file install.log you can find :
[06/10/2008 16:38:49:865 CEST] Creating directory layout and configuring Agent file for Agent_001 instance ...SUCCESSFUL.
[06/10/2008 16:38:49:936 CEST] Reading data from file /opt/web_agents/apache22_agent/passwordFile and encrypting it ...SUCCESSFUL.
[06/10/2008 16:38:49:937 CEST] Generating audit log file name ...SUCCESSFUL.
[06/10/2008 16:38:50:022 CEST] Creating tag swapped AMAgent.properties file for instance Agent_001 ...SUCCESSFUL.
[06/10/2008 16:38:50:026 CEST] Creating a backup for file /etc/httpd/conf/httpd.conf ...SUCCESSFUL.
[06/10/2008 16:38:50:031 CEST] Adding Agent parameters to /opt/web_agents/apache22_agent/Agent_001/config/dsame.conf file ...SUCCESSFUL.
[06/10/2008 16:38:50:032 CEST] Adding Agent parameters to /etc/httpd/conf/httpd.conf file ...SUCCESSFUL.
But, when I try to restart Apache it gives me an error and in the error.log file in Apache you can read:
[Tue Jun 10 16:57:33 2008] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Tue Jun 10 16:57:34 2008] [notice] Digest: generating secret for digest authentication ...
[Tue Jun 10 16:57:34 2008] [notice] Digest: done
[Tue Jun 10 16:57:34 2008] [alert] Policy web agent configuration failed: NSPR error
Configuration Failed
Well, I found in the Sun documentation a well known bug about the NSPR and NSS library :
Error message issued during installation of Policy Agent 2.2 on Linux systems
When the Linux operating system is installed, specific components can be selected. Occasionally the specific components of the operating system selected lack the libraries necessary for Policy Agent 2.2 to function. When the complete Linux operating system is installed, all the required libraries are available. The libraries that are required for the agent to function are as follows: NSPR, NSS, and libxml2.
Workaround: If the Linux operating system you are using is not complete, install the latest versions of these libraries as described in the steps that follow:
At the time this note was added, the latest version of the NSPR library packages was NSPR 4.6.x , while the latest version of the NSS library package was NSS 3.11.x.
To Install Missing Libraries for Policy Agent 2.2 on Linux Systems
*+
Install the NSS, and libxml2 libraries. These libraries are usually available as part of Linux installation media. NSPR and NSS are available as part of Mozilla binaries/development packages. You can also check the following sites:
o
NSPR: http://www.mozilla.org/projects/nspr/
o
NSS: http://www.mozilla.org/projects/security/pki/nss/
So, I checked my libraries but they are upgraded to the latest version.
If I comment the line that includes the libamapc22.so in the apache configuration file
LoadModule dsame_module /opt/web_agents/apache22_agent/lib/libamapc22.so
Apache can restart but the agent is misconfigurated!
Any Idea?

thank you Subhodeep for your reply,
I didn't try to change the library file and I didn't find in licterature any information about library file changing in the Policy agent installation. Please, could you suggest me something more about which library to use instead of libamapc22.so?
ps. I am using red hat 5.1, and from the release note of the policy agent seems that the latest platform version supported is red hat enterprise linux 4.0 versions.....
this one could definitely be the reason of the misconfiguration.

Policy Agent doesn't reset Sun Access Manager session time idle value

Hi,
We have the following setup in our environment:
- apache web server/web and policy agent 2.2 for apache 2.0.54
- webmethods portal server (jetty)
-Sun Access Manager (with Sun Directory Server)
We use policy agent for authentication purpose only (via Sun Access Manager/LDAP) when the users access the portal. We have custom code that creates session in Sun Access Manager for custom LDAP services. For testing purpose, we configure SAM session to have Max Session Timeout at 120mins and Time Idle at 15mins. I would assume that, after the initial login request, for all subsequent accesses to the portal the policy agent should intercept the request and reset the Time Idle value of SAM session. However, when I monitor time idle value using SAM console, session tab, the time idle value didn't change when the portal user access pages, submit actions, etc. I can see in the debug log of policy agent that requests are being intercepted/processed, but the time idle didn't get reset.
Does anyone know if this is a bug in configuration or in policy agent itself or am I making the wrong assumption?
Thanks a lot for the help.

Thanks for the reply, Shivaram. The issue appears to occur at random time, not accurately at the 3 min interval as you mention. I tested changing this value to 1, theoretically, after one 1 minute of idle time, accessing a link would make the agent reset the time idle value for the user session in SAM, but it didn't even after 3 minutes. This seems to be either a policy agent or system access manager bug.
We performed a 'vanilla' test using the apache server manual pages (only plain HTML, no POST requests), the pages are protected by the policy agent. At the first login, rwe were prompted to enter credential to be validated by SAM/LDAP, and then a user session is created in SAM session table. We browse around the manual pages, once in a while, certain pages cause the policy agent to reset the time idle. However, revisiting these links after a few minutes doesn't reset the idle value. Caching setting has been disable as well. Could there be or lack of some settings in AMConfig.properties or AMAgent.properties that might have caused this behavior?
Thanks for all your help,

Extending WebLogic policy agent

Hello all;
I am using AM policy agent for WebLogic portal server. Is there a way to extend the functionality of this policy agent. I need to make the agent do more than what it provides OOTB. Is there a way to do that? Any suggestions?
Thanks

Hi Aaron;
I am trying to see if I can force the policy agent to be invoked on non-protected resources. The agent is in J2EE mode. The scenario that I have is the whole site is open and nothing is protected so I have to make the policy agent recognize requests for both protected and non protected resources. The other issue I have is that even if I create a cookie the policy agent doesn't maintain the session state since the requests are for unprotected resources. It (PA) doesn't "touch" the cookie since the requests didn't go through it.
Thanks,

Policy Agent 2.2 with Tomcat connector (isapi_redirect.dll)?

Dear All,
We have installed Policy agent 2.2 for IIS6 to enable SSO with SUN Access Manager 7.1. Policy agent 2.2 was installed in IIS6 as wild card application mapping extension.
Our IIS6 also contains Apache tomcat connector (isapi_redirect.dll) as it needs to front JBOSS application server.
When we access protected resource Policy agent presents login screen. With the correct login details, policy agent authenticates successfully with SAM 7.1 and creates SSO token, which is good. But policyagent creates "goto" URL as /tomcat/isapi_redirect.dll rather than the original resource that user asked for as below?
2010-12-23 18:57:57.397 Info 3220:1e5b0d0 PolicyAgent: do_redirect(): redirect_header = Location: http://am-server.com:8080/amserver/login?goto=http%3A%2F%2Ftest-server%3A80%2Ftomcat%2Fisapi_redirect.dll
Any ideas on how to configure Policy agent for IIS6 when it has isapi_redirect.dll already installed on it.
Thanks,
Surya

Hello Surya
Did you find a solution for this issue? How did you solve it?
Thank you
Prashanth
Edited by: user8605028 on Jun 15, 2011 1:24 PM

Has anyone got the IIS Policy Agent 3.0 working with an ASP web application

Hi,
Can anyone pllease please confirm if they have managed to get the IIS Policy Agent 3.0 working for a asp/asp.net web site on IIS 7 running on Windows Server 2008 64 bit.?
I have installed the 32bit version of the agent as my web site must support 32 bit applications.
I have created a simple web site which works fine with the policy agent configured if the page is html, If I rename the html page to be of type asp I get an Object Move error.
I would much appreciate if someone could confirm if they have managed to get an asp web site working with the policy agent.
Note: The Policy Agent 2.2 worked perfectly with asp on IIS 6.0.
Thanks in advance,
Tommy.

I managed to make Agent 3 work with IIS 7 for a sample application based on aspx in Dev environment .... after modifying the sample application, I got the same errors as "Object removed" and others .... I have no idea what the hell. Fortunately, a super .Net start here spent a few minutes to do some twicking on IIS, and make it work again .... don't ask me what he did, I am pretty dump, and no idea. :)
Thanks

Can the IS 6.0 Policy Agent run on FreeBSD?

Similar Messages

Maybe you are looking for