Need running java sample for sun access manager deployed on weblogic 8.1
Hi All,
I have deployed amserver.war in weblogic 8.1 through amserver.war.
I am able to login through user amAdmin. It's working fine. I have used file system at the time of configuration of access manager.
I want to communicate with the sunaccess manager deployed on weblogic through stand alone application. for example i want to access information stored in access manager from application by passing some input. What are the configuration that i need to do for this.
Use case: I have created a subject(user) now i want to retrieve user information that is stored in access manager or want to authenticate the user by passing the user name and password from a stand alone java application.
Thanks & Regs,
Deepak Dabas
[email protected]
Edited by: Deepak.Dabas on Jan 16, 2008 9:37 PM
Deepak.Dabas wrote:
Hi All,
I have deployed amserver.war in weblogic 8.1 through amserver.war.
I am able to login through user amAdmin. It's working fine. I have used file system at the time of configuration of access manager.
I want to communicate with the sunaccess manager deployed on weblogic through stand alone application. for example i want to access information stored in access manager from application by passing some input. What are the configuration that i need to do for this.
Use case: I have created a subject(user) now i want to retrieve user information that is stored in access manager or want to authenticate the user by passing the user name and password from a stand alone java application.
please refer http://docs.sun.com/app/docs/doc/819-4675/6n6qfk0ne?a=view#gbdlr
http://docs.sun.com/app/docs/doc/819-2139/adubn?a=view
you need to download the client samples SUNWamclnt from sun.com
>
Thanks & Regs,
Deepak Dabas
[email protected]
Edited by: Deepak.Dabas on Jan 16, 2008 9:37 PM
Similar Messages
-
Username and password for Sun Access Manager 7.1
Hi
Thank you for reading my post
I ge the new Java Application Platform SDK Update 2 which has access manager and portlet management inside it.
Can you tell me what is username and password for Sun access Manager 7.1 administration cosole?
thankswith me it was amadmin : admin123
in the readme file in the addons directory:
Done! Access the AM server URL and see if the Access Manager is working or not -
<amserver_protocol>://<amserver_host>:<amserver_port>/amserver
user : 'amadmin', password : <admin password>
in a config file i found the password was admin123 -
Does sun provide a training for sun access manager customizations
Hi,
Is there any training available from sun for sun access manager customizations.
I am aware of the following training from sun AM-3480
TIA,
SureshHi, Suresh,
There's some material about customization in AM-3480. What areas are you interested in?
Regards,.
David -
Is there a Forum for Sun Access Manager
Please send me the forum link for Sun Access Manager
Yes
http://forum.java.sun.com/forum.jspa?forumID=760 -
I have been trying to run one of the samples supplied with Access manager 2005q, namely the authentication samlpe in /SUNWam/samples/authentication/spi/providers.
The sample seems to compile fine (after changing the encoding used). The question I have is what to do next? Following the text in the developers guide and readme, it says to move the .jar file to SUNWam/web-src/services/WEB-INF/lib and the .xml file to SUNWam/web-src/services/WEB-INF/lib.
Im running access manager on a web-server, so i then rload amserver.war on the server, change the servers classpath so that the new .jar (LoginModuleSample.jar) file is there and restart the server.
Am I missing something in this process? The auth module never seems to work, either giving me an authentication failed message, or an internal authentication error.
Thanks for any help
KeanoHi Keano,
I don't know what steps you are missing but you can try the below example:
http://developers.sun.com/prodtech/identserver/reference/techart/authentication.html
Thanks,
Raj -
Securing web services with Sun Access Manager
Hi!
I have gone through some documentation about Sun Access Manager, and I'm a little bit confused.
What I want is to secure some web services which are deployed on a BEA WebLogic 9.1 server (WLS). Two solutions are possible: To install some kind of plugin into WLS or to place some kind of proxy in front of WLS. In both cases, the purpose would be to authenticate the caller based on some kind of ticket (SAML or similar) and authorize access to the web service.
I have read about the "Sun Java System Access Manager Policy Agent 2.2 for Weblogic 9.1" (those guys really like long names....), but in this documentation web services aren't mentioned at all. They only seem to care about HTTP requests from a browser.
I have also read about the Policy Agent 2.2 in the documentation called "Sun Java System Access Manager Policy Agent 2.2 Guide for Sun Java System Application Server 9.0/Web Services" (puh...). This document explicitly talks about securing web services the way I want.
My questions are:
1) Is it possible to secure WLS based web services in the same way using the Policy Agent for WLS?
2) Are there any documentation/tutorials/etc?
Thanks in advance :-)
Anderswhat you need is a webservices agent that would enable you to "protect" your webservice provider, which I assume is on a BEA weblogic provider.
the "Sun Java System Access Manager Policy Agent 2.2 for Weblogic 9.1" is "NOT" awebservices agent, but a normal J2EE policy agent.
So.. having said that. here's what I'd recommend.
1. install the webservices agent on bea weblogic. (note: NOT the J2EE policy agent)
2. configure it to use your access manager instance for authentication.
3. configure your webservices client to use the webservice provider. (note: you'd need the webservices APi's available on the client too... so the quick dirty method would be to install the webservices agent on your client too....) you can later bundle the webservices client independently and provide your"customers" with a webservices client bundle...
4. voila... your webservices are not "protected" by acces manager ;-) -
Configuring IIS6.0 with Sun Access manager
As I am new to Sun java Access manager .I have installed and configured the Sun Access manager 7.1 on Tomcat and able to login to the console also.Now I am looking to configure the web application which resides in IIS 6.0 with Sun Access manager,To do this are there any documents about how to configure the Windows IIS 6.0Policy agent with Sun Accessmanager?In the Sun website I didnt see any document related to this configuration,could anyone please help how to work on this?
Thanks in advance.http://docs.sun.com/app/docs/doc/819-4771?l=en
should give you all the information you need. For server changes like policy refer to AM 7.1 docs on docs.sun.com -
Access manager policyagent 2.1 fro webspher5.0 with sun access manager in
Help It is very urgent
I have installed my sun access manager and sun direcory server on same machine solaris10.SSL is diable in directory server.Access manager working on ssl mode means it is working on Http with port 80 and Https with port443.Access manager url is
http://lhostname:80/amconsole or https://hostname:443/amconsole and
http://host:80/amserver/UI/Login or https://host:443/amserver/UI/Login.it is displaying access manager login page.It is working properly standalone.
But when i configure it with policyagent2.1 for WebSphere5.0 .WebSphere installed on windows2000 server.when i type the application URL that is running on WebSphere it does not show access manager login page.It show u r not authurised to view this page.WebSphere running on Http.
and amService log detail is*****************************************************
03/02/2006 05:57:32:018 PM GMT+05:30: Thread[Servlet.Engine.Transports : 0,5,main]
Naming service URL list: [https://my.domain.com:443/amserver/namingservice]
03/02/2006 05:57:32:018 PM GMT+05:30: Thread[Servlet.Engine.Transports : 0,5,main]
Only one naming service URL specified. NamingServiceMonitor will be disabled.
03/02/2006 05:57:32:018 PM GMT+05:30: Thread[Servlet.Engine.Transports : 0,5,main]
getServiceURL for service: auth protocol: https host: my.domain.com port: 443
03/02/2006 05:57:32:112 PM GMT+05:30: Thread[Servlet.Engine.Transports : 0,5,main]
ERROR: Naming service connection failed
com.iplanet.services.comm.client.SendRequestException: com.ibm.ws.orbimpl.transport.protocol.https.HttpsURLConnection
at com.iplanet.services.comm.client.PLLClient.send(PLLClient.java:141)
at com.iplanet.services.comm.client.PLLClient.send(PLLClient.java:73)
at com.iplanet.services.naming.WebtopNaming.getNamingResponse(WebtopNaming.java:360)
at com.iplanet.services.naming.WebtopNaming.updateNamingTable(WebtopNaming.java:421)
at com.iplanet.services.naming.WebtopNaming.getNamingProfile(WebtopNaming.java:353)
at com.iplanet.services.naming.WebtopNaming.getServiceURL(WebtopNaming.java:187)
at com.sun.identity.authentication.AuthContext.setLocalFlag(AuthContext.java:1159)
at com.sun.identity.authentication.AuthContext.createAuthContext(AuthContext.java:1100)
at com.sun.identity.authentication.AuthContext.createAuthContext(AuthContext.java:1071)
at com.sun.identity.authentication.AuthContext.<init>(AuthContext.java:142)
at com.sun.identity.policy.client.AuthService.getAppSSOToken(AuthService.java:103)
at com.sun.identity.policy.client.AuthService.getApplicationSSOToken(AuthService.java:79)
at com.sun.identity.policy.client.PolicyEvaluator.getAppSSOToken(PolicyEvaluator.java:499)
at com.sun.identity.policy.client.PolicyEvaluator.init(PolicyEvaluator.java:193)
at com.sun.identity.policy.client.PolicyEvaluator.<init>(PolicyEvaluator.java:172)
at com.sun.identity.policy.client.PolicyEvaluatorFactory.getPolicyEvaluator(PolicyEvaluatorFactory.java:118)
at com.sun.identity.policy.client.PolicyEvaluatorFactory.getPolicyEvaluator(PolicyEvaluatorFactory.java:87)
at com.sun.identity.agents.policy.AmWebPolicy.<init>(Unknown Source)
at com.sun.identity.agents.policy.AmWebPolicyManager.<init>(Unknown Source)
at com.sun.identity.agents.policy.AmWebPolicyManager.<clinit>(Unknown Source)
at com.sun.identity.agents.filter.AmFilter.<init>(Unknown Source)
at com.sun.identity.agents.filter.AmFilterManager.getAmFilter(Unknown Source)
at com.sun.identity.agents.filter.AmFilterManager.getAmFilter(Unknown Source)
at com.sun.identity.agents.filter.AmFilterManager.getAmFilterInstanceForModeConfigured(Unknown Source)
at com.sun.identity.agents.filter.AmAgentFilter.doFilter(Unknown Source)
at com.ibm.ws.webcontainer.filter.FilterInstanceWrapper.doFilter(FilterInstanceWrapper.java:132)
at com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:71)
at com.ibm.ws.webcontainer.webapp.WebAppRequestDispatcher.handleWebAppDispatch(WebAppRequestDispatcher.java:863)
at com.ibm.ws.webcontainer.webapp.WebAppRequestDispatcher.dispatch(WebAppRequestDispatcher.java:491)
at com.ibm.ws.webcontainer.webapp.WebAppRequestDispatcher.forward(WebAppRequestDispatcher.java:173)
at com.ibm.ws.webcontainer.srt.WebAppInvoker.doForward(WebAppInvoker.java:79)
at com.ibm.ws.webcontainer.srt.WebAppInvoker.handleInvocationHook(WebAppInvoker.java:199)
at com.ibm.ws.webcontainer.cache.invocation.CachedInvocation.handleInvocation(CachedInvocation.java:71)
at com.ibm.ws.webcontainer.srp.ServletRequestProcessor.dispatchByURI(ServletRequestProcessor.java:182)
at com.ibm.ws.webcontainer.oselistener.OSEListenerDispatcher.service(OSEListener.java:331)
at com.ibm.ws.webcontainer.http.HttpConnection.handleRequest(HttpConnection.java:56)
at com.ibm.ws.http.HttpConnection.readAndHandleRequest(HttpConnection.java:432)
at com.ibm.ws.http.HttpConnection.run(HttpConnection.java:343)
at com.ibm.ws.util.ThreadPool$Worker.run(ThreadPool.java:592)
Thanks & Regards
SainiThis is an SSL handshake problem of Websphere - has nothing to do with AM.
Websphere�s JDK does not trust the Signer / Cert of AM�s deployment container.
Either configure a truststore (or use an existing webshpere truststore) where you import the Cert of the Signing CA of your AM DC�s cert.
Other option - import the mentioned cert in cacert file of IBM JDK - but be aware that this might get lost when applying an Websphere fixpack/refreshpack.
BTW what have you configured for server.port,server.host and server.protocol in your AMConfig.properties?
If you have not changed that settings agent will use the port/protocol specified to communicate with AM.
-Bernhard -
How to installl sun access manager in windows xp
Hi,
Can any one guide me how to install sun access managment in windows xp. I have downloaded access managment 7.x version i didnt find any installation shield nor exe file to install. More over i didnt find any document regarding installation for sun access managnement.
Can any one please suggest me the good document for installationa and configuring the sun access managment and realted pdf's.
regards
raviI found the directory with java.exe on my XP client. After updating my Path and then typing 'java -versions' I still see a 'java not found message'. No problem though - a README.TXT says that I have JRE 1.1.7B.
One final question - a co-worker who also has XP just starting seeing a pop-up window saying 'Runtime' error when running a Java applet. His java.exe is in a path that includes the sub-directory 'JRE' On my XP client, java.exe is in a path which includes a 'JRE11' sub-directory. We therefore seem to have different versions of the JRE. Since I don't see the Runtime error when running the same applet, should my co-worker try upgrading his JRE?
Thank you. -
Problems about Sun Access Manager
when I using Sun Access Manager, I found It is very slowly to access "http://host:ip/amserver" , but I also using OpenSSO, It is normal to access "http://host:ip/amserver".
Can anyone give any suggestions ?
Best Regards!Hi,
I added a page to the wiki which adds more detail to the steps to create the sample app policies on the am/fam/opensso server console UI. This includes some screen shots as well.
This is one good thing about the sample app is that you have to learn to install the opensso server, install the agent, configure the agents properties for the sample app security and also use the opensso server UI to create policies.
It is a bit of work, but when done you will know how to use a lot of opensso features.
You do not need a directory server. The sample app readme refers to some directory things that really can be ignored. The wording should be changed.
Anyhow you can use this wiki page along with the readme to help you set up the policies, the subjects etc that map to the sample app
http://wikis.sun.com/display/OpenSSO/samplepolicy
I will try to make a getting started page for new users, though you have done most the steps now, and need to set up sample. But this page might be useful for others who want to get started http://wikis.sun.com/display/OpenSSO/getstarted
hth,
Sean -
Sun Access Manager Event Sequence
I have a third party black box piece of hardware that is redirecting browser requests to my server for authentication. I want to utilize the Sun Access Manager to perform these authentications. Do I need to use the Policy Agent, or should I attempt to communicate directly with the Access Manager? What benefit will I gain from including the Policy Agent into the mix?
If I don't use the policy agent, here is the sequence of events as I understand them:
1) Browser hits Black Box (BB) for protected information.
2) BB redirects the browser to me.
3) Browser sends me a SAML snippet. I decode and inflate the snippet, then send it off to the access manager (AM).
4) The AM throws an invalid id exception because the user has never logged in.
5) I catch the invalid id exception, and redirect the browser to the AM login URL. The user enters a valid id and password and hits submit.
6) ... ?
Is this correct up to step 5, and what happens after step 5? Any hints would be greatly appreciated.Okay, never mind then.
-
Hi all,
i am developing a sample application using sun access manager.it would be very helpful if anyone could help me out in giving some code examples and help me out in developing a sample web app.I have to use the oracle database to get the users and roles.If anyine could post me some sample code for the same it would be really great of u..
Thanx in advance,
Sidharthya thats right.....i tried the purejaasexample given in that...and it worked...but my problem is that....supppose i create an user in my db and then when his authntication is suceeded then can i know from the console who has logged in and all...tell me what is the best example i can try from the samples directory....
basically i want to create a smaple application using sun access manager and implement it in one of our companys big app -
Sun Access Manager 7.1 configuration
I am trying to configure Sun Access Manager 7.1 update 1 on websphere 6.1.0.11 running on windows 2003 server and am getting a crypt error on SunJCE. Any suggestions on how to fix this?
The thread dump looks like this
05/16/2008 11:22:00:509 AM EDT: Thread[WebContainer : 2,5,main]
05/16/2008 11:22:00:509 AM EDT: Thread[WebContainer : 2,5,main]ERROR: Crypt: failed to set password-based key
java.security.NoSuchProviderException: no such provider: SunJCE
at sun.security.jca.GetInstance.getService(GetInstance.java:82)
at javax.crypto.b.a(Unknown Source)
at javax.crypto.SecretKeyFactory.getInstance(Unknown Source)
at com.iplanet.services.util.JCEEncryption.setPassword(JCEEncryption.java:377)
at com.iplanet.services.util.Crypt.createInstance(Crypt.java:139)
at com.iplanet.services.util.Crypt.<clinit>(Crypt.java:103)
at java.lang.J9VMInternals.initializeImpl(Native Method)
at java.lang.J9VMInternals.initialize(J9VMInternals.java:192)
at com.sun.identity.setup.ServicesDefaultValues.validatePassword(ServicesDefaultValues.java:396)
at com.sun.identity.setup.ServicesDefaultValues.setServiceConfigValues(ServicesDefaultValues.java:107)
at com.sun.identity.setup.AMSetupServlet.processRequest(AMSetupServlet.java:307)
at com.ibm._jsp._configurator._jspService(_configurator.java:221)
at com.ibm.ws.jsp.runtime.HttpJspBase.service(HttpJspBase.java:85)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:856)
at com.ibm.ws.webcontainer.servlet.ServletWrapper.service(ServletWrapper.java:989)
at com.ibm.ws.webcontainer.servlet.ServletWrapper.service(ServletWrapper.java:930)
at com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:145)
at com.sun.identity.setup.AMSetupFilter.doFilter(AMSetupFilter.java:89)
at com.ibm.ws.webcontainer.filter.FilterInstanceWrapper.doFilter(FilterInstanceWrapper.java:190)
at com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:130)
at com.ibm.ws.webcontainer.filter.WebAppFilterChain._doFilter(WebAppFilterChain.java:87)
at com.ibm.ws.webcontainer.filter.WebAppFilterManager.doFilter(WebAppFilterManager.java:761)
at com.ibm.ws.webcontainer.filter.WebAppFilterManager.doFilter(WebAppFilterManager.java:673)
at com.ibm.ws.webcontainer.servlet.ServletWrapper.handleRequest(ServletWrapper.java:498)
at com.ibm.ws.wswebcontainer.servlet.ServletWrapper.handleRequest(ServletWrapper.java:464)
at com.ibm.wsspi.webcontainer.servlet.GenericServletWrapper.handleRequest(GenericServletWrapper.java:122)
at com.ibm.ws.jsp.webcontainerext.AbstractJSPExtensionServletWrapper.handleRequest(AbstractJSPExtensionServletWrapper.java:205)
at com.ibm.ws.webcontainer.webapp.WebApp.handleRequest(WebApp.java:3276)
at com.ibm.ws.webcontainer.webapp.WebGroup.handleRequest(WebGroup.java:267)
at com.ibm.ws.webcontainer.WebContainer.handleRequest(WebContainer.java:811)
at com.ibm.ws.wswebcontainer.WebContainer.handleRequest(WebContainer.java:1455)
at com.ibm.ws.webcontainer.channel.WCChannelLink.ready(WCChannelLink.java:113)
at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleDiscrimination(HttpInboundLink.java:454)
at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleNewInformation(HttpInboundLink.java:383)
at com.ibm.ws.http.channel.inbound.impl.HttpICLReadCallback.complete(HttpICLReadCallback.java:102)
at com.ibm.ws.tcp.channel.impl.AioReadCompletionListener.futureCompleted(AioReadCompletionListener.java:165)
at com.ibm.io.async.AbstractAsyncFuture.invokeCallback(AbstractAsyncFuture.java:217)
at com.ibm.io.async.AsyncChannelFuture.fireCompletionActions(AsyncChannelFuture.java:161)
at com.ibm.io.async.AsyncFuture.completed(AsyncFuture.java:136)
at com.ibm.io.async.ResultHandler.complete(ResultHandler.java:195)
at com.ibm.io.async.ResultHandler.runEventProcessingLoop(ResultHandler.java:743)
at com.ibm.io.async.ResultHandler$2.run(ResultHandler.java:873)
at com.ibm.ws.util.ThreadPool$Worker.run(ThreadPool.java:1469)
05/16/2008 11:22:00:509 AM EDT: Thread[WebContainer : 2,5,main]ERROR: JCEEncryption:: not yet initializedHave you followed the release notes instructions? There is one specifically about changing JCE:
http://docs.sun.com/app/docs/doc/819-5899/gdpsl?a=view
http://docs.sun.com/app/docs/doc/819-4683/gfvfl?a=view
http://docs.sun.com/app/docs/doc/819-5899/gdxas?a=view
shivaram -
Sun Access Manager Resource & password resets
Hi,
I've got IDM 7.1 and AM 7.1, with a Sun Access Manager Realm resource. The LDAP directory (DS EE 6.0) sitting behind the AM resource has been set up to "Require Password Change at First Login and After Reset".
However, if a user in IDM changes their AM password, the connection to AM is done as the resource adapter user, not themselves; this means that the pwdReset flag is not cleared on their account in AM, and AM will demand a password change on next login.
This is obviously non-optimal for us, as we'd like them to change their password through IDM.
Is there any way to change the DS policies to allow for this situation, OR to set the pwdReset flag through the resource adapter, OR to get the resource adapter to connect as the user when the Change Password flow is performed?
Thanks,
Michael.Hi Michael,
Could you please share the solution for the problem you are facing.
I am facing a similar issue.
When an admin resets the password of a user and when the user logs in, he/she needs to be redirected to IDM change password page. Instead the redirection to AM change password functionality is displayed.
Thanks,
Vinu -
Sun access Manager session failover
Hi,
I am trying to install Sun Access Manager (2005Q1) with Session failover. I have hardware load balancer under which i have configuring Access Manager on two seperate boxes.
For session failover i have configured Berkelay database on both system but am unable to start the database.
Now i got the information that Access Manager 6.1 does not support session failover.
Can anyone confirm if access manager 6.1 supports failover or we need to upgrade it?
Thx in advance.
ASN
Message was edited by:
asn123One clarification. AM 6.1 did have session failvoer feature. But it was container dependent. It used container features to provide this. Each container had its on configuration. It was made independent of the containers in AM 6.3 release. I would stonglry recommend using AM 6.3 or above if you are using session failover.
shivaram
Maybe you are looking for
-
I got this recommendation on a question I posted, is this safe?
Whenver I google anything I get tons of results for "blinkx" (see pictures) and there are ads that popup constantly (see pictures), I got the recommendation below...is it safe? 1. This procedure is a diagnostic test. It changes nothing, for better or
-
Used to have a little "OPEN NEW TAB" button to the right of the current open tab. Since my upgrade to 6.0.1. this is gone. How can I get it back?
-
The ringtone option does not appear in itunes
have the iphone 4... have the app to change songs into ringtones. when I look on the itunes home page when I sync my iphone it does not have the option for ringtones on the left side fo the screen.
-
I only have Dry DSL service, no dial tone (phone) service. Do I still need the DSL Filter (I had a whole house filter) attached to my incoming line that goes to my DSL modem? I tried taking it off and I was not able to connect to the internet.
-
We are using JAX-WS client stubs generated by wsimport to integratre external web services. Since the first external service was included the following exception occurs when undeploying the application. java.lang.ClassCastException: $Proxy236 cannot