Is WebLogic 9 supported by Policy Agent ?

Hi,
We are planning to use WebLogic 9. I�m wondering if this version 9 of WebLogic is supported by the Policy Agent (or only the version 8.1) ?
Thanks,
Adel

Please read this User Tip..
Latest OS X & Logic Pro Compatibility Information

Similar Messages

  • Problem in POST data preserve in Policy Agent 2.2 for SJSWS 6.1

    Hi
    I am using Policy Agent 2.2 for SJSWS 6.1
    I have a requirement to preserve the POST data when during the following situation.
    Consider a situation where in the user has logged in to our webapp and the user remains in a page which has a form with Post method .
    Mean while the session (of AM) times out and now the user enters the data in the data and submits the form.
    The user will be redirected to the login page and then the requested service should be performed, which is not happening in this case(POST). Suppose in if the form used a GET method this works fine.
    I have tried by configuring the following property in AMAgent.properties file.
    com.sun.am.policy.agents.config.postdata.preserve.enable = true
    But it doesn't work. When I tried to troubleshoot, I learned from the following resource that, POST data preservation is only supported on Policy Agent 2.2 for Sun Java System Web Server 7.0 Is it not supported on 6.1?
    http://docs.sun.com/app/docs/doc/820-1130/gaueu
    I get the following error in the log file of SJSWS.
    trying to POST /dummypost/sunpostpreserve2007-09-2804:48:53.379, send-file reports: HTTP4142: can't find /opt/SUNWwbsvr/docs/dummypost/sunpostpreserve2007-09-2804:48:53.379 (File not found)
    I have verified that the following entry is made in the obj.conf
    PathCheck fn=validate_session_policy
    <Object ppath="*/dummypost/sunpostpreserve*">
    Service type=text/* method=(GET) fn=append_post_data
    </Object>
    <Object ppath="*/UpdateAgentCacheServlet*">
    Service type=text/* method=(POST) fn=process_notification
    </Object>
    I am using the PA 2.2 which says that the following bug is fixed.
    Bug(s) fixed in 2.2 RTM Hotpatch 8
    ==================================
    Bug#: 6545159
    Agent type: Sun Java System Web Server agent
    Description: CDSSO mode wipes out form post data
    Appreciate your help.
    thanks & regards
    Madhu

    Hi
    Now I get 404 error and the logs in amAgent is
    2007-10-03 04:56:20.922 Error 22356:a51e558 PolicyAgent: Error Registering POST content body
    2007-10-03 04:56:20.922MaxDebug 22356:a51e558 PolicyAgent: Register POST content body : (null)
    2007-10-03 04:56:20.923 Debug 22356:a51e558 PolicyAgent: Register POST data key :2007-10-0304:56:20.922
    2007-10-03 04:56:20.923 Error 22356:a51e558 PolicyAgent: am_web_postcache_insert(): Unknown exception encountered.
    2007-10-03 04:56:20.923 Warning 22356:a51e558 PolicyAgent: Register POST data insert into hash table failed:2007-10-0304:56:20.922
    And in the errors log file of SJSWS is+_
    [03/Oct/2007:05:13:05] finest (22515): for host 27.63.254.1 trying to POST /dummypost/sunpostpreserve2007-10-0304:56:20.922, func_exec reports: executing fn="uri-clean" Directive="PathCheck"
    [03/Oct/2007:05:13:05] finest (22515): for host 27.63.254.1 trying to POST /dummypost/sunpostpreserve2007-10-0304:56:20.922, func_exec reports: fn="uri-clean" Directive="PathCheck" returned 0 (REQ_PROCEED)
    [03/Oct/2007:05:13:05] finest (22515): for host 27.63.254.1 trying to POST /dummypost/sunpostpreserve2007-10-0304:56:20.922, func_exec reports: executing fn="find-pathinfo" Directive="PathCheck"
    [03/Oct/2007:05:13:05] finest (22515): for host 27.63.254.1 trying to POST /dummypost/sunpostpreserve2007-10-0304:56:20.922, func_exec reports: fn="find-pathinfo" Directive="PathCheck" returned -2 (REQ_NOACTION)
    [03/Oct/2007:05:13:05] finest (22515): for host 27.63.254.1 trying to POST /dummypost/sunpostpreserve2007-10-0304:56:20.922, func_exec reports: executing fn="find-index-j2ee" Directive="PathCheck"
    [03/Oct/2007:05:13:05] finest (22515): for host 27.63.254.1 trying to POST /dummypost/sunpostpreserve2007-10-0304:56:20.922, func_exec reports: fn="find-index-j2ee" Directive="PathCheck" returned -2 (REQ_NOACTION)
    [03/Oct/2007:05:13:05] finest (22515): for host 27.63.254.1 trying to POST /dummypost/sunpostpreserve2007-10-0304:56:20.922, func_exec reports: executing fn="find-index" index-names="index.html,home.html,index.jsp" Directive="PathCheck"
    [03/Oct/2007:05:13:05] finest (22515): for host 27.63.254.1 trying to POST /dummypost/sunpostpreserve2007-10-0304:56:20.922, func_exec reports: fn="find-index" index-names="index.html,home.html,index.jsp" Directive="PathCheck" returned -2 (REQ_NOACTION)
    [03/Oct/2007:05:13:05] finest (22515): for host 27.63.254.1 trying to POST /dummypost/sunpostpreserve2007-10-0304:56:20.922, func_exec reports: executing fn="validate_session_policy" Directive="PathCheck"
    [03/Oct/2007:05:13:05] fine (22515): Updating accelerator cache
    [03/Oct/2007:05:13:14] finest (22515): for host 27.63.254.1 trying to POST /dummypost/sunpostpreserve2007-10-0304:56:20.922, func_exec reports: fn="validate_session_policy" Directive="PathCheck" returned 0 (REQ_PROCEED)
    [03/Oct/2007:05:13:14] finest (22515): for host 27.63.254.1 trying to POST /dummypost/sunpostpreserve2007-10-0304:56:20.922, func_exec reports: executing fn="type-j2ee" Directive="ObjectType"
    [03/Oct/2007:05:13:14] finest (22515): for host 27.63.254.1 trying to POST /dummypost/sunpostpreserve2007-10-0304:56:20.922, func_exec reports: fn="type-j2ee" Directive="ObjectType" returned 0 (REQ_PROCEED)
    [03/Oct/2007:05:13:14] finest (22515): for host 27.63.254.1 trying to POST /dummypost/sunpostpreserve2007-10-0304:56:20.922, func_exec reports: executing fn="type-by-extension" Directive="ObjectType"
    [03/Oct/2007:05:13:14] finest (22515): for host 27.63.254.1 trying to POST /dummypost/sunpostpreserve2007-10-0304:56:20.922, func_exec reports: fn="type-by-extension" Directive="ObjectType" returned 0 (REQ_PROCEED)
    [03/Oct/2007:05:13:14] finest (22515): for host 27.63.254.1 trying to POST /dummypost/sunpostpreserve2007-10-0304:56:20.922, func_exec reports: executing fn="force-type" type="text/plain" Directive="ObjectType"
    [03/Oct/2007:05:13:14] finest (22515): for host 27.63.254.1 trying to POST /dummypost/sunpostpreserve2007-10-0304:56:20.922, func_exec reports: fn="force-type" type="text/plain" Directive="ObjectType" returned 0 (REQ_PROCEED)
    [03/Oct/2007:05:13:14] finest (22515): for host 27.63.254.1 trying to POST /dummypost/sunpostpreserve2007-10-0304:56:20.922, func_exec reports: executing method="(GET|HEAD|POST)" type="*~magnus-internal/*" fn="send-file" Directive="Service"
    [03/Oct/2007:05:13:14] warning (22515): for host 27.63.254.1 trying to POST /dummypost/sunpostpreserve2007-10-0304:56:20.922, send-file reports: HTTP4142: can't find /opt/WMS/rel/www/webserver7/https-localhost.localdomain/docs/dummypost/sunpostpreserve2007-10-0304:56:20.922 (File not found)
    [03/Oct/2007:05:13:14] finest (22515): for host 27.63.254.1 trying to POST /dummypost/sunpostpreserve2007-10-0304:56:20.922, func_exec reports: method="(GET|HEAD|POST)" type="*~magnus-internal/*" fn="send-file" Directive="Service" returned -1 (REQ_ABORTED)
    [03/Oct/2007:05:13:14] finest (22515): for host 27.63.254.1 trying to POST /dummypost/sunpostpreserve2007-10-0304:56:20.922, func_exec reports: executing fn="error-j2ee" Directive="Error"
    [03/Oct/2007:05:13:14] finest (22515): for host 27.63.254.1 trying to POST /dummypost/sunpostpreserve2007-10-0304:56:20.922, func_exec reports: fn="error-j2ee" Directive="Error" returned -2 (REQ_NOACTION)
    [03/Oct/2007:05:13:14] finest (22515): for host 27.63.254.1 trying to POST /dummypost/sunpostpreserve2007-10-0304:56:20.922, func_exec reports: executing fn="flex-log" Directive="AddLog"
    [03/Oct/2007:05:13:14] finest (22515): for host 27.63.254.1 trying to POST /dummypost/sunpostpreserve2007-10-0304:56:20.922, func_exec reports: fn="flex-log" Directive="AddLog" returned 0 (REQ_PROCEED)
    thanks
    Madhu

  • Identity Server Policy agent for BEA Weblogic Server 8.0

    Hi all,
    I donot find policy agents for BEA weblogic 8.X.
    Is the 6.1SP2 version forward compatible?
    Thanks

    You didn't specified the OS. Please find the PA support with different platforms & softwares..
    http://docs.sun.com/source/816-6884-10/chapter1.html#wp21986

  • Urgent :Authentication fails for Policy Agent on weblogic 8 SP3

    Hi
    I am using policy agent for perimeter authentication for an application deployed on weblogic.When i try and access the application using any user which exists on Identity server i get the following exception in the amRealm log.
    09/20/2005 06:17:07:378 PM IST: Thread[ExecuteThread: '14' for queue: 'weblogic.kernel.Default',5,Thread Group for Queue: 'weblogic.kernel.Default']
    AmMappingRealm: authenticateAndFetchAllRoles amAdmin, ...) = []
    09/20/2005 06:17:07:378 PM IST: Thread[ExecuteThread: '14' for queue: 'weblogic.kernel.Default',5,Thread Group for Queue: 'weblogic.kernel.Default']
    WARNING: AmLoginModule.login() : Empty list of principals for user = amAdmin
    09/20/2005 06:17:07:379 PM IST: Thread[ExecuteThread: '14' for queue: 'weblogic.kernel.Default',5,Thread Group for Queue: 'weblogic.kernel.Default']
    AmLoginModule.abort()
    09/20/2005 06:17:12:505 PM IST: Thread[ExecuteThread: '14' for queue: 'weblogic.kernel.Default',5,Thread Group for Queue: 'weblogic.kernel.Default']
    AmLoginModule.authenticate() Initialized callback handler for Subject:
    09/20/2005 06:17:12:506 PM IST: Thread[ExecuteThread: '14' for queue: 'weblogic.kernel.Default',5,Thread Group for Queue: 'weblogic.kernel.Default']
    AmLoginModule.login()
    09/20/2005 06:17:12:506 PM IST: Thread[ExecuteThread: '14' for queue: 'weblogic.kernel.Default',5,Thread Group for Queue: 'weblogic.kernel.Default']
    AmLoginModule.login() : User name from Callback amAdmin
    09/20/2005 06:17:12:506 PM IST: Thread[ExecuteThread: '14' for queue: 'weblogic.kernel.Default',5,Thread Group for Queue: 'weblogic.kernel.Default']
    WARNING: SSOTokenValidator failed with exception
    [AgentException Stack]
    com.sun.identity.agents.arch.AgentException: Invalid transport string version
    at com.sun.identity.agents.util.TransportToken.initializeFromString(Unknown Source)
    at com.sun.identity.agents.util.TransportToken.<init>(Unknown Source)
    at com.sun.identity.agents.common.SSOTokenValidator.validate(Unknown Source)
    at com.sun.identity.agents.realm.AmMappingRealm.authenticateAndFetchAllRoles(Unknown Source)
    at com.sun.identity.agents.weblogic.AmLoginModule.login(Unknown Source)
    at weblogic.security.service.DelegateLoginModuleImpl.login(DelegateLoginModuleImpl.java:71)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
    at java.lang.reflect.Method.invoke(Method.java:324)
    at javax.security.auth.login.LoginContext.invoke(LoginContext.java:675)
    at javax.security.auth.login.LoginContext.access$000(LoginContext.java:129)
    at javax.security.auth.login.LoginContext$4.run(LoginContext.java:610)
    at java.security.AccessController.doPrivileged(Native Method)
    at javax.security.auth.login.LoginContext.invokeModule(LoginContext.java:607)
    at javax.security.auth.login.LoginContext.login(LoginContext.java:534)
    at weblogic.security.service.PrincipalAuthenticator.authInternal(PrincipalAuthenticator.java:326)
    at weblogic.security.service.PrincipalAuthenticator.authenticate(PrincipalAuthenticator.java:279)
    at weblogic.servlet.security.internal.SecurityModule.checkAuthenticate(SecurityModule.java:389)
    at weblogic.servlet.security.internal.SecurityModule.checkAuthenticate(SecurityModule.java:296)
    at weblogic.servlet.security.internal.BasicSecurityModule.checkUserPerm(BasicSecurityModule.java:125)
    at weblogic.servlet.security.internal.SecurityModule.beginCheck(SecurityModule.java:199)
    at weblogic.servlet.security.internal.BasicSecurityModule.checkA(BasicSecurityModule.java:47)
    at weblogic.servlet.security.internal.ServletSecurityManager.checkAccess(ServletSecurityManager.java:145)
    at weblogic.servlet.internal.WebAppServletContext.invokeServlet(WebAppServletContext.java:3568)
    at weblogic.servlet.internal.ServletRequestImpl.execute(ServletRequestImpl.java:2630)
    at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:219)
    at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:178)
    09/20/2005 06:17:12:507 PM IST: Thread[ExecuteThread: '14' for queue: 'weblogic.kernel.Default',5,Thread Group for Queue: 'weblogic.kernel.Default']
    AmMappingRealm: authenticateAndFetchAllRoles amAdmin, ...) = []
    09/20/2005 06:17:12:507 PM IST: Thread[ExecuteThread: '14' for queue: 'weblogic.kernel.Default',5,Thread Group for Queue: 'weblogic.kernel.Default']
    WARNING: AmLoginModule.login() : Empty list of principals for user = amAdmin
    09/20/2005 06:17:12:507 PM IST: Thread[ExecuteThread: '14' for queue: 'weblogic.kernel.Default',5,Thread Group for Queue: 'weblogic.kernel.Default']
    AmLoginModule.abort()

    Hi,
    I have not set it up as a window service but can try to help. for one thing, this step is not permanent and if it does not work then you can undo this step by re-editting the script to remove the line you added. This step has you change the bea startup script for that domain to call the agent script setAgentEnv_AdminServer(it ws copied into bea domain directory during installation of agent) which just sets some agent resources in the classpath. If you start bea and those things are not in the classpath etc then agent wont work. So no permanent damage, you can change it if it doesnt work.
    I suggest you try it out and start the bea server as a service and see if it works - if not try again.
    I am not sure what the windows service would use to start the app server, but somehow it must specify some environment properties and things in its classpath, so if this script doesnt work then you can just do the things in the setAgentEnv_AdminServer script like setting those things in classpath.
    Please let us know if it works and if any extra steps required? Would be helpful to others to know how to configure as a windows service.
    hth,
    Sean

  • OpenAM Weblogic Policy Agent

    Hi Everyone,
    I have installed Weblogic Policy Agent in OpenAM. Followed the URL “http://openam.forgerock.org/openam-documentation/openam-doc-source/doc/agent-install-guide/index/chap-weblogic.html” to install the policy Agent.
    I am using Oracle Weblogic server 10.3.5.0 to use deploy the .war file. Same Weblogic server used for Oracle Identity Manager 11.1.1.5.0.
    In Weblogic Policy Agent post-installation steps need to select Agent Authenticator for the security Realm.
    I have doubt here. Whether i want to create the *"new realm"* or i can use the existing realm *"myrealm"*? But , "myrealm" is consists the details of OIM.
    I am thinking to create the new realm for openAM Weblogic policy Agent, if so what are the things i need to do create new realm for OpenAM.
    Please suggest me on this.
    Thanks & Regards,
    Karthick

    Hi Aaron;
    I am trying to see if I can force the policy agent to be invoked on non-protected resources. The agent is in J2EE mode. The scenario that I have is the whole site is open and nothing is protected so I have to make the policy agent recognize requests for both protected and non protected resources. The other issue I have is that even if I create a cookie the policy agent doesn't maintain the session state since the requests are for unprotected resources. It (PA) doesn't "touch" the cookie since the requests didn't go through it.
    Thanks,

  • SUn Policy Agent 2.2 for Weblogic 92

    We are using SUN POlicy agent 2.2. (for Weblogic) for Access Manager 6.3
    For this particular application I intermittantly get SSOToken invald message
    Its a sporadic behavior (sometimes work sometime does not)
    error -
    02/02/2007 12:22:41:057 PM EST: Thread[[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)',5,Pooled Threads]
    SSOTokenValidator.validate(): Exception caught
    com.iplanet.sso.SSOException: AQIC5wM2LY4Sfcw k8CIsj Jujq92ltM5fNZJxh2qFYpAyw=@AAJTSQACMDE=# Invalid session ID.AQIC5wM2LY4Sfcw k8CIsj Jujq92ltM5fNZJxh2qFYpAyw=@AAJTSQACMDE=#

    check the patch level of AM 6.3, it should be higher than 1

  • Weblogic Policy Agent

    Hi All,
    I am using policy agnet in front of the app that is running on weblogic. I installed the policy agent created the agent profile and other necessary steps. Also, copied the following line in my startWebLogic.cmd file
    call "%DOMAIN_HOME%\bin\setDomainEnv.cmd" %*
    call "D:\bea\user_projects\domains\portalDomain\setAgentEnv_%SERVER_NAME%.cmd"
    Below is my classpath info, this loads the sun policy agent jars.
    java.class.path = ;D:\bea\patch_weblogic922\profiles\default\sys_manifest_classpath\weblogic_patch.jar;D:\bea\JDK150~1\lib\tools.jar;D:\bea\WEBLOG~1\server\lib\weblogic_sp.jar;D:\bea\WEBLOG~1\server\lib\weblogic.jar;D:\bea\WEBLOG~1\server\lib\webservices.jar;;D:\bea\WEBLOG~1\common\eval\pointbase\lib\pbembedded51.jar;D:\bea\WEBLOG~1\common\eval\pointbase\lib\pbupgrade51.jar;D:\bea\WEBLOG~1\common\eval\pointbase\lib\pbclient51.jar;D:\bea\WEBLOG~1\server\lib\xqrl.jar;D:\bea\WEBLOG~1\server\lib\xquery.jar;D:\bea\WEBLOG~1\server\lib\binxml.jar;D:/SunPolicyAgent/j2ee_agents/am_wl92_agent/lib/amauthprovider.jar;D:/SunPolicyAgent/j2ee_agents/am_wl92_agent/lib/agent.jar;D:/SunPolicyAgent/j2ee_agents/am_wl92_agent/lib/amclientsdk.jar;D:/SunPolicyAgent/j2ee_agents/am_wl92_agent/locale;D:/SunPolicyAgent/j2ee_agents/am_wl92_agent/agent_001/config;
    Also, in the log file I found the following information
    com.iplanet.security.encryptor = com.iplanet.services.util.JCEEncryption
    which is different than what is in the error below.
    When I run the agenadmin command to get the getUuid I get the following error.
    D:\SunPolicyAgent\j2ee_agents\am_wl92_agent\bin>agentadmin --getUuid bkrishna us
    er dc=ad,dc=nsf,dc=gov
    Failed to create debug directory
    Failed to create debug directory
    Failed to create debug directory
    Failed to create debug directory
    Failed to create debug directory
    10/12/2007 12:16:38:662 PM EDT: Thread[main,5,main]
    DataLayer: number of retry = 3
    10/12/2007 12:16:38:662 PM EDT: Thread[main,5,main]
    DataLayer: retry interval = 1000
    10/12/2007 12:16:38:662 PM EDT: Thread[main,5,main]
    DataLayer: retry error codes = []
    Failed to create debug directory
    10/12/2007 12:16:38:662 PM EDT: Thread[main,5,main]
    AdminUtils: Could not initialize admin info message: Got LDAPServiceException c
    ode=19
    10/12/2007 12:16:38:662 PM EDT: Thread[main,5,main]
    Crypt.static{}: Encryptor class= com.iplanet.services.util.JSSEncryption
    Exception in thread "main" java.lang.NoClassDefFoundError: org/mozilla/jss/Crypt
    oManager$NotInitializedException
    at java.lang.Class.forName0(Native Method)
    at java.lang.Class.forName(Class.java:164)
    at com.iplanet.services.util.Crypt.createInstance(Crypt.java:133)
    at com.iplanet.services.util.Crypt.<clinit>(Crypt.java:103)
    at com.iplanet.am.util.AdminUtils.getAdminDN(AdminUtils.java:106)
    at com.sun.identity.sm.SMSEntry.<clinit>(SMSEntry.java:166)
    at com.sun.identity.sm.DNMapper.<clinit>(DNMapper.java:59)
    at com.sun.identity.idm.AMIdentity.<init>(AMIdentity.java:135)
    at com.sun.identity.agents.tools.handler.GetUniversalIdHandler.handleReq
    uest(GetUniversalIdHandler.java:120)
    at com.sun.identity.agents.tools.admin.AgentAdmin.dispatch(AgentAdmin.ja
    va:251)
    at com.sun.identity.agents.tools.admin.AgentAdmin.run(AgentAdmin.java:15
    2)
    at com.sun.identity.agents.tools.launch.AgentAdminLauncher.launchAdminTo
    ol(AgentAdminLauncher.java:204)
    at com.sun.identity.agents.tools.launch.AgentAdminLauncher.main(AgentAdm
    inLauncher.java:308)
    I would appreciate if someone coule throw some light here to fix this issue.
    Thanks,
    bala.

    Hi Aaron;
    I am trying to see if I can force the policy agent to be invoked on non-protected resources. The agent is in J2EE mode. The scenario that I have is the whole site is open and nothing is protected so I have to make the policy agent recognize requests for both protected and non protected resources. The other issue I have is that even if I create a cookie the policy agent doesn't maintain the session state since the requests are for unprotected resources. It (PA) doesn't "touch" the cookie since the requests didn't go through it.
    Thanks,

  • AM policy agents for Weblogic help

    I installed a Policy Agent for Weblogic Server 8.1 When I try to start the Weblogic server after modifications, the portal server throws an exception....
    com.sun.identity.agents.AmAgentFilter not found
    When u enter the URL for that application running on Weblogic , it is supposed to be forwarded to the Identity Management page ...but this does not happen..
    It is apparently able to read the web.xml file in the Weblogic application but is not able to find the particular class above....nor is it able to contact the IDM.
    Any suggestions?
    Anand

    I am trying to install a PA with a Weblogic server. The installation works fine and I have also configured the necessary config files...and the concerned Weblogic server starts up successfully.
    But when I enter the URL , I see the following error in the Logs....
    <Jan 3, 2006 3:54:12 PM CST> <Error> <HTTP> <BEA-101020> <[ServletContext(id=20772999,name=sbm,context-path=/sbm)] Servlet failed with Exception
    java.lang.ExceptionInInitializerError
         at com.sun.identity.agents.filter.AmFilter.<init>(Unknown Source)
         at com.sun.identity.agents.filter.AmFilterManager.getAmFilter(Unknown Source)
         at com.sun.identity.agents.filter.AmFilterManager.getAmFilter(Unknown Source)
         at com.sun.identity.agents.filter.AmFilterManager.getAmFilterInstanceForModeConfigured(Unknown Source)
         at com.sun.identity.agents.filter.AmAgentFilter.doFilter(Unknown Source)
         at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:27)
         at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:6724)
         at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
         at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:121)
         at weblogic.servlet.internal.WebAppServletContext.invokeServlet(WebAppServletContext.java:3764)
         at weblogic.servlet.internal.ServletRequestImpl.execute(ServletRequestImpl.java:2644)
         at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:219)
         at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:178)
    Caused by: java.lang.RuntimeException: Exception caught in AmAgentLogManager initializer: Unable to initialize Local Log Handler
         at com.sun.identity.agents.log.AmAgentLogManager.<clinit>(Unknown Source)
    Can someone help me taclke this problem??
    Thanks!
    anand

  • Policy Agent on BEA WebLogic when server instance runs as windows service

    hi.
    my environment is: win2k3, bea weblogic server 8.1sp4, access manager 7.1 and policy agent 2.2. installation process of policy agent asks for server startup script (startWebLogic.cmd) which i found under my server instance catalogue. the only issue is that my server instance is installed as a windows service and should not be started in a command window.
    am i safe with just specifying the path to the startup script or is there another way of dealing with this issue?
    might be a dumb question, but it would be nice to be sure that i'm doing the right thing before i go ahead and install policy agent. :)
    thanks,
    tb

    Hi,
    I have not set it up as a window service but can try to help. for one thing, this step is not permanent and if it does not work then you can undo this step by re-editting the script to remove the line you added. This step has you change the bea startup script for that domain to call the agent script setAgentEnv_AdminServer(it ws copied into bea domain directory during installation of agent) which just sets some agent resources in the classpath. If you start bea and those things are not in the classpath etc then agent wont work. So no permanent damage, you can change it if it doesnt work.
    I suggest you try it out and start the bea server as a service and see if it works - if not try again.
    I am not sure what the windows service would use to start the app server, but somehow it must specify some environment properties and things in its classpath, so if this script doesnt work then you can just do the things in the setAgentEnv_AdminServer script like setting those things in classpath.
    Please let us know if it works and if any extra steps required? Would be helpful to others to know how to configure as a windows service.
    hth,
    Sean

  • Extending WebLogic policy agent

    Hello all;
    I am using AM policy agent for WebLogic portal server. Is there a way to extend the functionality of this policy agent. I need to make the agent do more than what it provides OOTB. Is there a way to do that? Any suggestions?
    Thanks

    Hi Aaron;
    I am trying to see if I can force the policy agent to be invoked on non-protected resources. The agent is in J2EE mode. The scenario that I have is the whole site is open and nothing is protected so I have to make the policy agent recognize requests for both protected and non protected resources. The other issue I have is that even if I create a cookie the policy agent doesn't maintain the session state since the requests are for unprotected resources. It (PA) doesn't "touch" the cookie since the requests didn't go through it.
    Thanks,

  • Sun Policy Agent 2.2 for BEA WebLogic Server/Portal 9.2

    Do you know where can I download this agent? I've searched a lot but no chance. The only available one in the download index page is the 9.0/9.1 agent. Any idea?
    Best regards

    All this time later, and the download for this agent isn't showing up in the right place.
    For now, my blog might be the easiest place to go for Policy Agent 2.2 docs and downloads:
    http://blogs.sun.com/JohnD/page/policyagent
    The quick and dirty answer to thge question is here:
    http://www.sun.com/download/products.xml?id=45cb8a2a
    John D.

  • J2EE policy agent notice

    Please note that as of July 27,2005; Sun JCE 1.2.1 has expiried. Detail see following url.
    http://jp.sunsolve.sun.com/search/document.do?assetkey=1-26-101796-1&searchclause=
    We have evaluated the impact and the following J2EE agents will stop functioning as of this date.
    1. J2EE policy agent for BEA WebLogic Server 6.1 SP2 : Solaris/HP-UX/Win2000 [version 2.1 and 2.1.1]
    2. J2EE policy agent for PeopleSoft 8.3/8.4/8.8 : Solaris/Win2000/AIX 5.1,5.2 [version 2.1 and 2.1.1]
    Both these agents should stop fully functioning as of 27th July/05. Please follow the steps listed below to rectify the situation :
    1. Download JCE 1.2.2 from URL : http://java.sun.com/products/jce/index-122.html
    2. Once you download the zip file, extract the following jar files
    * US_export_policy.jar
    * local_policy.jar
    * jce1_2_1.jar
    * sunjce_provider.jar
    3. Replace the four JCE lib jars in the agent installation with the jars downloaded from JCE 1.2.2
    Please note that excepting the two agents mentioned above will be affected; all other agent installations should not be impacted with the expiration of Sun JCE 1.2.1. Thanks, Jerry

    Hi Aaron,
    Let me take a stab at this and answer to the best of my ability.
    Currently J2EE agents are available only for web logic, in future will be available for other servers as well based on customer requirements.
    I am thinking about the scenario where I register a service with the identity server, assign the service and policy to users, and then deploy my service as a webapp to the sunone appserver. Whenever a client attempts access to my webapp, they would be redirected from the appserver to the Identity server login page for SSO and then forwarded back to my webapp, authenticated. The application could then read the users service properties and policy from the identity server to personalize the app. ** This sounds possible though you might have to run the identity server sdk from the app server machine.
    ** The next release of identity server would be supporting JAAS authentication module.
    ** In the next two or three months Identity Server and Portal Server will be available with support for App Servers instead of just running it on top of the web server as it is today.

  • Custom Authentication Issue with Policy Agent

    Hi,
    I have a custom authentication module which is hosted on the BEA application server and I am trying to access through the policy agent on apache.
    I have set the following property in AMAgent.properties file
    com.sun.am.policy.am.loginURL= http://host:port/amserver/UI/Login
    So When the user requests a protected resource, the policy agent forwards the user to Identity Server with the module as CustomLoginModule. However, after this, authentication is succeed, user sesion is being created and I get the following error message in the agent log file.
    2004-10-19 16:20:26.908 Error 27620:e1140 PolicyEngine: am_policy_evaluate: InternalException in Service::construct_auth_svc with error message:Application authentication failed during service creation. and code:3
    2004-10-19 16:20:26.908 128 27620:e1140 RemoteLog: User unknown was denied access to http://hostname:port/weblogic/protapp/protected/a.html.
    2004-10-19 16:20:26.908 Error 27620:e1140 LogService: LogService::logMessage() loggedBy SSOTokenID is invalid.
    2004-10-19 16:20:26.909 Error 27620:e1140 all: am_log_vlog() failed with status AM_REMOTE_LOG_FAILURE.
    2004-10-19 16:20:26.909 -1 27620:e1140 PolicyAgent: URL Access Agent: access denied to unknown user
    The necessary policy object is already created in Identity Server. Please send your suggestions to fix this problem.
    Thanks
    Neeraj

    Hi Neeraj,
    I still have not been able to resolve that issue. Let me know If you find a solution for the same.
    Thanks,
    Srinivas

  • No log for am policy agent for iis6

    Hello!
    Im trying to get Policy Agent for IIS to run on my Win Srv 2003 with IIS6 and Sharepoint Services.
    I am running the OpenSSO version of Access Manager.
    I have installed the agent and done the initial cofiguration.
    When i try to browse the resource i get a login prompt (IIS Basic Auth)and cannot login followed by "Not Authorized 401.3"
    I should get redirected to the AM Login page, shouldn't I?
    I tried to look for answers in the log file but the /debug/<id> directory i empty.
    Anyone know what to do?
    The amAgent.properties file:
    # $Id: AMAgent.properties,v 1.103 2005/09/19 22:08:34 madan Exp $
    # The syntax of this file is that of a standard Java properties file,
    # see the documentation for the java.util.Properties.load method for a
    # complete description. (CAVEAT: The SDK in the parser does not currently
    # support any backslash escapes except for wrapping long lines.)
    # All property names in this file are case-sensitive.
    # NOTE: The value of a property that is specified multiple times is not
    # defined.
    # WARNING: The contents of this file are classified as an UNSTABLE
    # interface by Sun Microsystems, Inc. As such, they are subject to
    # significant, incompatible changes in any future release of the
    # software.
    # The name of the cookie passed between the Access Manager
    # and the SDK.
    # WARNING: Changing this property without making the corresponding change
    # to the Access Manager will disable the SDK.
    com.sun.am.cookie.name = iPlanetDirectoryPro
    # The URL for the Access Manager Naming service.
    com.sun.am.naming.url = http://login.lta.mil.se:8080/opensso/namingservice
    # The URL of the login page on the Access Manager.
    com.sun.am.policy.am.login.url = http://login.lta.mil.se:8080/opensso/UI/Login
    # Name of the file to use for logging messages.
    com.sun.am.policy.agents.config.local.log.file = C:/Sun/Access_Manager/Agents/2.2/debug/Identifier_1414639615/amAgent
    # This property is used for Log Rotation. The value of the property specifies
    # whether the agent deployed on the server supports the feature of not. If set
    # to false all log messages are written to the same file.
    com.sun.am.policy.agents.config.local.log.rotate = true
    # Name of the Access Manager log file to use for logging messages to
    # Access Manager.
    # Just the name of the file is needed. The directory of the file
    # is determined by settings configured on the Access Manager.
    com.sun.am.policy.agents.config.remote.log = amAuthLog.sharepoint.lta.mil.se.80
    # Set the logging level for the specified logging categories.
    # The format of the values is
    # <ModuleName>[:<Level>][,<ModuleName>[:<Level>]]*
    # The currently used module names are: AuthService, NamingService,
    # PolicyService, SessionService, PolicyEngine, ServiceEngine,
    # Notification, PolicyAgent, RemoteLog and all.
    # The all module can be used to set the logging level for all currently
    # none logging modules. This will also establish the default level for
    # all subsequently created modules.
    # The meaning of the 'Level' value is described below:
    # 0 Disable logging from specified module*
    # 1 Log error messages
    # 2 Log warning and error messages
    # 3 Log info, warning, and error messages
    # 4 Log debug, info, warning, and error messages
    # 5 Like level 4, but with even more debugging messages
    # 128 log url access to log file on AM server.
    # 256 log url access to log file on local machine.
    # If level is omitted, then the logging module will be created with
    # the default logging level, which is the logging level associated with
    # the 'all' module.
    # for level of 128 and 256, you must also specify a logAccessType.
    # *Even if the level is set to zero, some messages may be produced for
    # a module if they are logged with the special level value of 'always'.
    com.sun.am.log.level = 5
    # The org, username and password for Agent to login to AM.
    com.sun.am.policy.am.username = UrlAccessAgent
    com.sun.am.policy.am.password = PN4rEZ1uhx1404ivWY6HPQ==
    # Name of the directory containing the certificate databases for SSL.
    com.sun.am.sslcert.dir = C:/Sun/Access_Manager/Agents/2.2/iis6/cert
    # Set this property if the certificate databases in the directory specified
    # by the previous property have a prefix.
    com.sun.am.certdb.prefix =
    # Should agent trust all server certificates when Access Manager
    # is running SSL?
    # Possible values are true or false.
    com.sun.am.trust_server_certs = true
    # Should the policy SDK use the Access Manager notification
    # mechanism to maintain the consistency of its internal cache? If the value
    # is false, then a polling mechanism is used to maintain cache consistency.
    # Possible values are true or false.
    com.sun.am.notification.enable = true
    # URL to which notification messages should be sent if notification is
    # enabled, see previous property.
    com.sun.am.notification.url = http://sharepoint.lta.mil.se:80/amagent/UpdateAgentCacheServlet?shortcircuit=false
    # This property determines whether URL string case sensitivity is
    # obeyed during policy evaluation
    com.sun.am.policy.am.url_comparison.case_ignore = true
    # This property determines the amount of time (in minutes) an entry
    # remains valid after it has been added to the cache. The default
    # value for this property is 3 minutes.
    com.sun.am.policy.am.polling.interval=3
    # This property allows the user to configure the User Id parameter passed
    # by the session information from the access manager. The value of User
    # Id will be used by the agent to set the value of REMOTE_USER server
    # variable. By default this parameter is set to "UserToken"
    com.sun.am.policy.am.userid.param=UserToken
    # Profile attributes fetch mode
    # String attribute mode to specify if additional user profile attributes should
    # be introduced into the request. Possible values are:
    # NONE - no additional user profile attributes will be introduced.
    # HTTP_HEADER - additional user profile attributes will be introduced into
    # HTTP header.
    # HTTP_COOKIE - additional user profile attributes will be introduced through
    # cookies.
    # If not within these values, it will be considered as NONE.
    com.sun.am.policy.agents.config.profile.attribute.fetch.mode=NONE
    # The user profile attributes to be added to the HTTP header. The
    # specification is of the format ldap_attribute_name|http_header_name[,...].
    # ldap_attribute_name is the attribute in data store to be fetched and
    # http_header_name is the name of the header to which the value needs
    # to be assigned.
    # NOTE: In most cases, in a destination application where a "http_header_name"
    # shows up as a request header, it will be prefixed by HTTP_, and all
    # lower case letters will become upper case, and any - will become _;
    # For example, "common-name" would become "HTTP_COMMON_NAME"
    com.sun.am.policy.agents.config.profile.attribute.map=cn|common-name,ou|organiz ational-unit,o|organization,mail|email,employeenumber|employee-number,c|country
    # Session attributes mode
    # String attribute mode to specify if additional user session attributes should
    # be introduced into the request. Possible values are:
    # NONE - no additional user session attributes will be introduced.
    # HTTP_HEADER - additional user session attributes will be introduced into HTTP header.
    # HTTP_COOKIE - additional user session attributes will be introduced through cookies.
    # If not within these values, it will be considered as NONE.
    com.sun.am.policy.agents.config.session.attribute.fetch.mode=NONE
    # The session attributes to be added to the HTTP header. The specification is
    # of the format session_attribute_name|http_header_name[,...].
    # session_attribute_name is the attribute in session to be fetched and
    # http_header_name is the name of the header to which the value needs to be
    # assigned.
    # NOTE: In most cases, in a destination application where a "http_header_name"
    # shows up as a request header, it will be prefixed by HTTP_, and all
    # lower case letters will become upper case, and any - will become _;
    # For example, "common-name" would become "HTTP_COMMON_NAME"
    com.sun.am.policy.agents.config.session.attribute.map=
    # Response Attribute Fetch Mode
    # String attribute mode to specify if additional user response attributes should
    # be introduced into the request. Possible values are:
    # NONE - no additional user response attributes will be introduced.
    # HTTP_HEADER - additional user response attributes will be introduced into
    # HTTP header.
    # HTTP_COOKIE - additional user response attributes will be introduced through
    # cookies.
    # If not within these values, it will be considered as NONE.
    com.sun.am.policy.agents.config.response.attribute.fetch.mode=NONE
    # The response attributes to be added to the HTTP header. The specification is
    # of the format response_attribute_name|http_header_name[,...].
    # response_attribute_name is the attribute in policy response to be fetched and
    # http_header_name is the name of the header to which the value needs to be
    # assigned.
    # NOTE: In most cases, in a destination application where a "http_header_name"
    # shows up as a request header, it will be prefixed by HTTP_, and all
    # lower case letters will become upper case, and any - will become _;
    # For example, "common-name" would become "HTTP_COMMON_NAME"
    com.sun.am.policy.agents.config.response.attribute.map=
    # The cookie name used in iAS for sticky load balancing
    com.sun.am.policy.am.lb.cookie.name = GX_jst
    # indicate where a load balancer is used for Access Manager
    # services.
    # true | false
    com.sun.am.load_balancer.enable = false
    ####Agent Configuration####
    # this is for product versioning, please do not modify it
    com.sun.am.policy.agents.config.version=2.2
    # Set the url access logging level. the choices are
    # LOG_NONE - do not log user access to url
    # LOG_DENY - log url access that was denied.
    # LOG_ALLOW - log url access that was allowed.
    # LOG_BOTH - log url access that was allowed or denied.
    com.sun.am.policy.agents.config.audit.accesstype = LOG_BOTH
    # Agent prefix
    com.sun.am.policy.agents.config.agenturi.prefix = http://sharepoint.lta.mil.se:80/amagent
    # Locale setting.
    com.sun.am.policy.agents.config.locale = en_US
    # The unique identifier for this agent instance.
    com.sun.am.policy.agents.config.instance.name = unused
    # Do SSO only
    # Boolean attribute to indicate whether the agent will just enforce user
    # authentication (SSO) without enforcing policies (authorization)
    com.sun.am.policy.agents.config.do_sso_only = true
    # The URL of the access denied page. If no value is specified, then
    # the agent will return an HTTP status of 403 (Forbidden).
    com.sun.am.policy.agents.config.accessdenied.url =
    # This property indicates if FQDN checking is enabled or not.
    com.sun.am.policy.agents.config.fqdn.check.enable = true
    # Default FQDN is the fully qualified hostname that the users should use
    # in order to access resources on this web server instance. This is a
    # required configuration value without which the Web server may not
    # startup correctly.
    # The primary purpose of specifying this property is to ensure that if
    # the users try to access protected resources on this web server
    # instance without specifying the FQDN in the browser URL, the Agent
    # can take corrective action and redirect the user to the URL that
    # contains the correct FQDN.
    # This property is set during the agent installation and need not be
    # modified unless absolutely necessary to accommodate deployment
    # requirements.
    # WARNING: Invalid value for this property can result in the Web Server
    # becoming unusable or the resources becoming inaccessible.
    # See also: com.sun.am.policy.agents.config.fqdn.check.enable,
    # com.sun.am.policy.agents.config.fqdn.map
    com.sun.am.policy.agents.config.fqdn.default = sharepoint.lta.mil.se
    # The FQDN Map is a simple map that enables the Agent to take corrective
    # action in the case where the users may have typed in an incorrect URL
    # such as by specifying partial hostname or using an IP address to
    # access protected resources. It redirects the browser to the URL
    # with fully qualified domain name so that cookies related to the domain
    # are received by the agents.
    # The format for this property is:
    # com.sun.am.policy.agents.config.fqdn.map = [invalid_hostname|valid_hostname][,...]
    # This property can also be used so that the agents use the name specified
    # in this map instead of the web server's actual name. This can be
    # accomplished by doing the following.
    # Say you want your server to be addressed as xyz.hostname.com whereas the
    # actual name of the server is abc.hostname.com. The browsers only knows
    # xyz.hostname.com and you have specified polices using xyz.hostname.com at
    # the Access Manager policy console, in this file set the mapping as
    # com.sun.am.policy.agents.fqdn.map = valid|xyz.hostname.com
    # Another example is if you have multiple virtual servers say rst.hostname.com,
    # uvw.hostname.com and xyz.hostname.com pointing to the same actual server
    # abc.hostname.com and each of the virtual servers have their own policies
    # defined, then the fqdnMap should be defined as follows:
    # com.sun.am.policy.agents.fqdn.map = valid1|rst.hostname.com,valid2|uvw.hostname.com,valid3|xyz.hostname.com
    # WARNING: Invalid value for this property can result in the Web Server
    # becoming unusable or the resources becoming inaccessible.
    com.sun.am.policy.agents.config.fqdn.map =
    # Cookie Reset
    # This property must be set to true, if this agent needs to
    # reset cookies in the response before redirecting to
    # Access Manager for Authentication.
    # By default this is set to false.
    # Example : com.sun.am.policy.agents.config.cookie.reset.enable=true
    com.sun.am.policy.agents.config.cookie.reset.enable=false
    # This property gives the comma separated list of Cookies, that
    # need to be included in the Redirect Response to Access Manager.
    # This property is used only if the Cookie Reset feature is enabled.
    # The Cookie details need to be specified in the following Format
    # name[=value][;Domain=value]
    # If "Domain" is not specified, then the default agent domain is
    # used to set the Cookie.
    # Example : com.sun.am.policy.agents.config.cookie.reset.list=LtpaToken,
    # token=value;Domain=subdomain.domain.com
    com.sun.am.policy.agents.config.cookie.reset.list=
    # This property gives the space separated list of domains in
    # which cookies have to be set in a CDSSO scenario. This property
    # is used only if CDSSO is enabled.
    # If this property is left blank then the fully qualified cookie
    # domain for the agent server will be used for setting the cookie
    # domain. In such case it is a host cookie instead of a domain cookie.
    # Example : com.sun.am.policy.agents.config.cookie.domain.list=.sun.com .iplanet.com
    com.sun.am.policy.agents.config.cookie.domain.list=
    # user id returned if accessing global allow page and not authenticated
    com.sun.am.policy.agents.config.anonymous_user=anonymous
    # Enable/Disable REMOTE_USER processing for anonymous users
    # true | false
    com.sun.am.policy.agents.config.anonymous_user.enable=false
    # Not enforced list is the list of URLs for which no authentication is
    # required. Wildcards can be used to define a pattern of URLs.
    # The URLs specified may not contain any query parameters.
    # Each service have their own not enforced list. The service name is suffixed
    # after "# com.sun.am.policy.agents.notenforcedList." to specify a list
    # for a particular service. SPACE is the separator between the URL.
    com.sun.am.policy.agents.config.notenforced_list = SERVER_PROTO://SERVER_HOST:SERVER_PORTSERVER_DEPLOY_URI/UI/* SERVER_PROTO://SERVER_HOST:SERVER_PORTCONSOLE_DEPLOY_URI/* SERVER_PROTO://SERVER_HOST:SERVER_PORTSERVER_DEPLOY_URI/login_images/* SERVER_PROTO://SERVER_HOST:SERVER_PORT/docs* SERVER_PROTO://SERVER_HOST:SERVER_PORTSERVER_DEPLOY_URI/namingservice SERVER_PROTO://SERVER_HOST:SERVER_PORTSERVER_DEPLOY_URI/sessionservice SERVER_PROTO://SERVER_HOST:SERVER_PORTSERVER_DEPLOY_URI/loggingservice SERVER_PROTO://SERVER_HOST:SERVER_PORTSERVER_DEPLOY_URI/profileservice SERVER_PROTO://SERVER_HOST:SERVER_PORTSERVER_DEPLOY_URI/policyservice SERVER_PROTO://SERVER_HOST:SERVER_PORTSERVER_DEPLOY_URI/config* SERVER_PROTO://SERVER_HOST:SERVER_PORTSERVER_DEPLOY_URI/js/* SERVER_PROTO://SERVER_HOST:SERVER_PORTSERVER_DEPLOY_URI/css/* SERVER_PROTO://SERVER_HOST:SERVER_PORTSERVER_DEPLOY_URI/authservice SERVER_PROTO://SERVER_HOST:SERVER_PORTSERVER_DEPLOY_URI/SAMLAwareServlet SERVER_PROTO://SERVER_HOST:SERVER_PORTSERVER_DEPLOY_URI/SAMLSOAPReceiver SERVER_PROTO://SERVER_HOST:SERVER_PORTSERVER_DEPLOY_URI/SAMLPOSTProfileServlet
    # Boolean attribute to indicate whether the above list is a not enforced list
    # or an enforced list; When the value is true, the list means enforced list,
    # or in other words, the whole web site is open/accessible without
    # authentication except for those URLs in the list.
    com.sun.am.policy.agents.config.notenforced_list.invert = false
    # Not enforced client IP address list is a list of client IP addresses.
    # No authentication and authorization are required for the requests coming
    # from these client IP addresses. The IP address must be in the form of
    # eg: 192.168.12.2 1.1.1.1
    com.sun.am.policy.agents.config.notenforced_client_ip_list =
    # Enable POST data preservation; By default it is set to false
    com.sun.am.policy.agents.config.postdata.preserve.enable = false
    # POST data preservation : POST cache entry lifetime in minutes,
    # After the specified interval, the entry will be dropped
    com.sun.am.policy.agents.config.postcache.entry.lifetime = 10
    # Cross-Domain Single Sign On URL
    # Is CDSSO enabled.
    com.sun.am.policy.agents.config.cdsso.enable=false
    # This is the URL the user will be redirected to for authentication
    # in a CDSSO Scenario.
    com.sun.am.policy.agents.config.cdcservlet.url =
    # Enable/Disable client IP address validation. This validate
    # will check if the subsequent browser requests come from the
    # same ip address that the SSO token is initially issued against
    com.sun.am.policy.agents.config.client_ip_validation.enable = false
    # Below properties are used to define cookie prefix and cookie max age
    com.sun.am.policy.agents.config.profile.attribute.cookie.prefix = HTTP_
    com.sun.am.policy.agents.config.profile.attribute.cookie.maxage = 300
    # Logout URL - application's Logout URL.
    # This URL is not enforced by policy.
    # if set, agent will intercept this URL and destroy the user's session,
    # if any. The application's logout URL will be allowed whether or not
    # the session destroy is successful.
    com.sun.am.policy.agents.config.logout.url=
    # Any cookies to be reset upon logout in the same format as cookie_reset_list
    com.sun.am.policy.agents.config.logout.cookie.reset.list =
    # By default, when a policy decision for a resource is needed,
    # agent gets and caches the policy decision of the resource and
    # all resource from the root of the resource down, from the Access Manager.
    # For example, if the resource is http://host/a/b/c, the the root of the
    # resource is http://host/. This is because more resources from the
    # same path are likely to be accessed subsequently.
    # However this may take a long time the first time if there
    # are many many policies defined under the root resource.
    # To have agent get and cache the policy decision for the resource only,
    # set the following property to false.
    com.sun.am.policy.am.fetch_from_root_resource = true
    # Whether to get the client's hostname through DNS reverse lookup for use
    # in policy evaluation.
    # It is true by default, if the property does not exist or if it is
    # any value other than false.
    com.sun.am.policy.agents.config.get_client_host_name = true
    # The following property is to enable native encoding of
    # ldap header attributes forwarded by agents. If set to true
    # agent will encode the ldap header value in the default
    # encoding of OS locale. If set to false ldap header values
    # will be encoded in UTF-8
    com.sun.am.policy.agents.config.convert_mbyte.enable = false
    #When the not enforced list or policy has a wildcard '*' character, agent
    #strips the path info from the request URI and uses the resulting request
    #URI to check against the not enforced list or policy instead of the entire
    #request URI, in order to prevent someone from getting access to any URI by
    #simply appending the matching pattern in the policy or not enforced list.
    #For example, if the not enforced list has the value http://host/*.gif,
    #stripping the path info from the request URI will prevent someone from
    #getting access to http://host/index.html by using the URL http://host/index.html?hack.gif.
    #However when a web server (for exmample apache) is configured to be a reverse
    #proxy server for a J2EE application server, path info is interpreted in a different
    #manner since it maps to a resource on the proxy instead of the app server.
    #This prevents the not enforced list or policy from being applied to part of
    #the URI below the app serverpath if there is a wildcard character. For example,
    #if the not enforced list has value http://host/webapp/servcontext/* and the
    #request URL is http://host/webapp/servcontext/example.jsp the path info
    #is /servcontext/example.jsp and the resulting request URL with path info stripped
    #is http://host/webapp, which will not match the not enforced list. By setting the
    #following property to true, the path info will not be stripped from the request URL
    #even if there is a wild character in the not enforced list or policy.
    #Be aware though that if this is set to true there should be nothing following the
    #wildcard character '*' in the not enforced list or policy, or the
    #security loophole described above may occur.
    com.sun.am.policy.agents.config.ignore_path_info = false
    # Override the request url given by the web server with
    # the protocol, host or port of the agent's uri specified in
    # the com.sun.am.policy.agents.agenturiprefix property.
    # These may be needed if the agent is sitting behind a ssl off-loader,
    # load balancer, or proxy, and either the protocol (HTTP scheme),
    # hostname, or port of the machine in front of agent which users go through
    # is different from the agent's protocol, host or port.
    com.sun.am.policy.agents.config.override_protocol =
    com.sun.am.policy.agents.config.override_host =
    com.sun.am.policy.agents.config.override_port = true
    # Override the notification url in the same way as other request urls.
    # Set this to true if any one of the override properties above is true,
    # and if the notification url is coming through the proxy or load balancer
    # in the same way as other request url's.
    com.sun.am.policy.agents.config.override_notification.url =
    # The following property defines how long to wait in attempting
    # to connect to an Access Manager AUTH server.
    # The default value is 2 seconds. This value needs to be increased
    # when receiving the error "unable to find active Access Manager Auth server"
    com.sun.am.policy.agents.config.connection_timeout =
    # Time in milliseconds the agent will wait to receive the
    # response from Access Manager. After the timeout, the connection
    # will be drop.
    # A value of 0 means that the agent will wait until receiving the response.
    # WARNING: Invalid value for this property can result in
    # the resources becoming inaccessible.
    com.sun.am.receive_timeout = 0
    # The three following properties are for IIS6 agent only.
    # The two first properties allow to set a username and password that will be
    # used by the authentication filter to pass the Windows challenge when the Basic
    # Authentication option is selected in Microsoft IIS 6.0. The authentication
    # filter is named amiis6auth.dll and is located in
    # Agent_installation_directory/iis6/bin. It must be installed manually on
    # the web site ("ISAPI Filters" tab in the properties of the web site).
    # It must also be uninstalled manually when unintalling the agent.
    # The last property defines the full path for the authentication filter log file.
    com.sun.am.policy.agents.config.iis6.basicAuthentication.username =
    com.sun.am.policy.agents.config.iis6.basicAuthentication.password =
    com.sun.am.policy.agents.config.iis6.basicAuthentication.logFile = C:/Sun/Access_Manager/Agents/2.2/debug/Identifier_1414639615/amAuthFilter

    If the agent doesnot start properly you would always get redirected to com.sun.am.policy.agents.config.accessdenied.url , if thats not specified you will get a 403.
    For the agent itself check that the naming.url is correct. the agent username and passwords are correct, and see that the user has priviledges to write to the agent log files. Apart from these post the windows event logs.

  • Does the 2.1 web policy agent for Windows 2003 work on a 64 bit OS ?

    Does the 2.1 web policy agent for Windows 2003 work on a 64 bit OS ?
    I have a customer having a world of issues getting the agent to start.
    Jeff Courtade

    No. 64bit support is not there for 2.1 agents on Windows.
    -Subba

Maybe you are looking for

  • I have Ipad and Mac air. How do I use face time between them

    I have Mac air and Ipad 3. when i take I PAD while travelling, can I connect to Mac air using face time. Guest account doesn't show face time.

  • Pagination issues in Word output from RoboHelp HTML 8

    Hi All, We're generating a Word document from our online help (RoboHelp HTML 8) with MS Word 2003 installed. The page numbers inserted automatically are wrong in that it's skipping numbers. For example, in scrolling down through the document, the pag

  • Changeability of Purchasing Document During/After Release

    Dear All I want that whenever there is any kind of change in PR/PO after start of release process the PR/PO should get de-released.I mean if PR/PO quantity is increased or decreased by 1 ea or price is increased or decreased by even 1 Re or any kind

  • Correlation Conflict inside BPEL

    Hi , I am getting correlation conflict inside the BPEL process. Can any body suggest some solution to it. Conflicting receive. A similar receive activity is being declared in the same process. Another receive activity or equivalent (currently, onMess

  • JUnit to test abstract class?

    Folks: I am new to JUnit and currently writing some testing code using it. I am wondering if it's necessary to test an abstract class/interface. If so, how? Do I need to create a mock object that extends it to test it? Thanks a lot!!!