Policy Agent 2.2 with Tomcat connector (isapi_redirect.dll)?
Dear All,
We have installed Policy agent 2.2 for IIS6 to enable SSO with SUN Access Manager 7.1. Policy agent 2.2 was installed in IIS6 as wild card application mapping extension.
Our IIS6 also contains Apache tomcat connector (isapi_redirect.dll) as it needs to front JBOSS application server.
When we access protected resource Policy agent presents login screen. With the correct login details, policy agent authenticates successfully with SAM 7.1 and creates SSO token, which is good. But policyagent creates "goto" URL as /tomcat/isapi_redirect.dll rather than the original resource that user asked for as below?
2010-12-23 18:57:57.397 Info 3220:1e5b0d0 PolicyAgent: do_redirect(): redirect_header = Location: http://am-server.com:8080/amserver/login?goto=http%3A%2F%2Ftest-server%3A80%2Ftomcat%2Fisapi_redirect.dll
Any ideas on how to configure Policy agent for IIS6 when it has isapi_redirect.dll already installed on it.
Thanks,
Surya
Hello Surya
Did you find a solution for this issue? How did you solve it?
Thank you
Prashanth
Edited by: user8605028 on Jun 15, 2011 1:24 PM
Similar Messages
-
Tomcat vs Apache with Tomcat connectors (mod/jk)
Is there any advantage (security, performance etc.) of running a Java web application on Apache HTTP Server with Tomcat Connectors (mod/jk) rather than directly running it on Tomcat.
This question is already answered, see here:
http://tomcat.apache.org/faq/connectors.html
Also for Tomcat/ Apache related questions, post them to the relevant mailing lists. -
Policy Agent 3.0 for Tomcat - Cannot obtain Application SSO token
Hi
I am trying to configure Sun OpenSSO Enterprise Policy Agent 3.0 for Apache Tomcat Application Server 6.
After installing the Policy Agent, Tomcat is not starting.
The Error in the stack is :
=========
Jun 14, 2009 2:21:00 AM
org.apache.tomcat.util.digester.Digester startElement
SEVERE: Begin event threw error
java.lang.ExceptionInInitializerError
at
com.sun.identity.agents.arch.AgentConfiguration.bootStrapClientConfig
uration(AgentConfiguration.java:682)
Caused by:
com.sun.identity.security.AMSecurityPropertiesException:
AdminTokenAction: FATAL ERROR: Cannot obtain Application
SSO token.
Check AMConfig.properties for the following properties
com.sun.identity.agents.app.username
com.iplanet.am.service.password
at
com.sun.identity.security.AdminTokenAction.run(AdminTokenAction.java:
258)
=========
There is no AMConfig.properties file. The Agent uses "OpenSSOAgentBootstrap.properties".
Is there a workaround for this issue ?
Cheers.Hi,
I have the same Problem, did you come up with a solution for it?
thanks
Matrius -
Poor performance using policy agent 2.2 with Sun Access Manager
Even if com.sun.am.policy.agents.config.do_sso_only is set to true, the policy agent sent a request to PolicyService (svcid="Policy") and it's take more than 8 seconds to receive a respose. Any idea why ??
Agent Log
2012-10-15 08:11:42.441MaxDebug 24211:130800 PolicyService: <?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<RequestSet vers="1.0" svcid="Policy" reqid="9">
<Request><![CDATA[
<PolicyService version="1.0">
<PolicyRequest requestId="2" appSSOToken="AQIC5wM2LY4SfcynHuhUJZ2ol3lBzD0LJVKLpP7ULh6sgcg=@AAJTSQACMDE=#">
<GetResourceResults userSSOToken="AQIC5wM2LY4Sfczm02fTJAo4H1i82OGPsRWMs5t6D7bRaVQ=@AAJTSQACMDE=#" serviceName="iPlanetAMWebAgentService" resourceName="http://devappa11.dev.emergis:80" resourceScope="response-attributes-only">
<EnvParameters>
<AttributeValuePair>
<Attribute name="requestIp"/>
<Value>142.168.64.128</Value>
</AttributeValuePair>
</EnvParameters>
<GetResponseDecisions>
<Attribute name="uid"/>
</GetResponseDecisions>
</GetResourceResults>
</PolicyRequest>
</PolicyService>]]>
</Request>
</RequestSet>
2012-10-15 08:11:42.441MaxDebug 24211:130800 PolicyService: BaseService::sendRequest Request line: POST /amserver/policyservice HTTP/1.0
2012-10-15 08:11:42.441 Debug 24211:130800 PolicyService: BaseService::sendRequest Cookie and Headers =Host: devappf9.dev.emergis
2012-10-15 08:11:42.441 Debug 24211:130800 PolicyService: BaseService::sendRequest Content-Length =Content-Length: 778
2012-10-15 08:11:42.441 Debug 24211:130800 PolicyService: BaseService::sendRequest Header Suffix =Accept: text/xml
Content-Type: text/xml; charset=UTF-8
2012-10-15 08:11:42.441MaxDebug 24211:130800 PolicyService: BaseService::sendRequest(): Total chunks: 24.
2012-10-15 08:11:42.441MaxDebug 24211:130800 PolicyService: BaseService::sendRequest(): Sent 24 chunks.
2012-10-15 08:11:50.801 Debug 24211:130800 PolicyService: HTTP Status = 200 (OK)
2012-10-15 08:11:50.801MaxDebug 24211:130800 PolicyService: Http::Response::readAndParse(): Reading headers.
2012-10-15 08:11:50.801MaxDebug 24211:130800 PolicyService: Server: Sun-ONE-Web-Server/6.1
2012-10-15 08:11:50.801MaxDebug 24211:130800 PolicyService: Date: Mon, 15 Oct 2012 12:11:50 GMT
2012-10-15 08:11:50.801MaxDebug 24211:130800 PolicyService: Content-type: text/html
2012-10-15 08:11:50.801MaxDebug 24211:130800 PolicyService: Connection: close
2012-10-15 08:11:50.801 Debug 24211:130800 PolicyService: Http::Response::readAndParse(): No content length in response.
2012-10-15 08:11:50.802MaxDebug 24211:130800 all: Connection::waitForReply(): returns with status success.
2012-10-15 08:11:50.802MaxDebug 24211:130800 PolicyService: Http::Response::readAndParse(): Completed processing the response with status: success
2012-10-15 08:11:50.802MaxDebug 24211:130800 PolicyService: <?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<ResponseSet vers="1.0" svcid="policy" reqid="9">
<Response><![CDATA[<PolicyService version="1.0" revisionNumber="30">
<PolicyResponse requestId="2">
<ResourceResult name="http://devappa11.dev.emergis:80">
<PolicyDecision>
<ResponseDecisions>
<AttributeValuePair>
<Attribute name="uid"/>
<Value>cppuser1</Value>
</AttributeValuePair>
</ResponseDecisions>
</PolicyDecision>
</ResourceResult>
</PolicyResponse>
</PolicyService>
]]></Response>
</ResponseSet>10/15/2012 08:11:48:511 AM EDT: Thread[service-j2ee-9,5,main]
PolicyCache:cacheKeys in cache:[policies/dc=dev^dc=emergis^^policyadmin/default/1.0/iplanetampolicyservice/o=sunamhiddenrealmdelegationservicepermissions,ou=services,dc=dev,dc=emergis, /policies/o=nfld-ehr^dc=dev^dc=emergis^^datastoresreadonly/default/1.0/iplanetampolicyservice/o=sunamhiddenrealmdelegationservicepermissions,ou=services,dc=dev,dc=emergis, /policies/o=nfld-ehr^dc=dev^dc=emergis^^realmadmin/default/1.0/iplanetampolicyservice/o=sunamhiddenrealmdelegationservicepermissions,ou=services,dc=dev,dc=emergis, /policies/dc=dev^dc=emergis^^realmadmin/default/1.0/iplanetampolicyservice/o=sunamhiddenrealmdelegationservicepermissions,ou=services,dc=dev,dc=emergis, /policies/o=nfld-ehr^dc=dev^dc=emergis^^policyadmin/default/1.0/iplanetampolicyservice/o=sunamhiddenrealmdelegationservicepermissions,ou=services,dc=dev,dc=emergis, /policies/selfreadattributes/default/1.0/iplanetampolicyservice/o=sunamhiddenrealmdelegationservicepermissions,ou=services,dc=dev,dc=emergis, /policies/jackpolicy/default/1.0/iplanetampolicyservice/o=nfld-ehr,dc=dev,dc=emergis, /policies/test jack/default/1.0/iplanetampolicyservice/dc=dev,dc=emergis, /policies/dc=dev^dc=emergis^^datastoresreadonly/default/1.0/iplanetampolicyservice/o=sunamhiddenrealmdelegationservicepermissions,ou=services,dc=dev,dc=emergis, /policies/p_dis_system administrator_null/default/1.0/iplanetampolicyservice/o=nfld-ehr,dc=dev,dc=emergis, /policies/o=nfld-ehr^dc=dev^dc=emergis^^realmreadonly/default/1.0/iplanetampolicyservice/o=sunamhiddenrealmdelegationservicepermissions,ou=services,dc=dev,dc=emergis, /policies/jackpolicy/default/1.0/iplanetampolicyservice/dc=dev,dc=emergis, /policies/selfwriteattributes/default/1.0/iplanetampolicyservice/o=sunamhiddenrealmdelegationservicepermissions,ou=services,dc=dev,dc=emergis, /policies/dc=dev^dc=emergis^^realmreadonly/default/1.0/iplanetampolicyservice/o=sunamhiddenrealmdelegationservicepermissions,ou=services,dc=dev,dc=emergis, /policies/p_dis_testjan1_null/default/1.0/iplanetampolicyservice/o=nfld-ehr,dc=dev,dc=emergis, /policies/routetonfld-ehr/default/1.0/iplanetampolicyservice/dc=dev,dc=emergis]
10/15/2012 08:11:48:511 AM EDT: Thread[service-j2ee-9,5,main]
Policy dc=dev^dc=emergis^^DatastoresReadOnly is Using Policy evaluation order :1
10/15/2012 08:11:48:511 AM EDT: Thread[service-j2ee-9,5,main]
Using policy evaluation order:SUBJECTS_CONDITIONS_RULES
10/15/2012 08:11:48:511 AM EDT: Thread[service-j2ee-9,5,main]
Subjects.isMember():getting subject evaluation results from resultCache of policy
10/15/2012 08:11:48:511 AM EDT: Thread[service-j2ee-9,5,main]
at Policy.getPolicyDecision() principal, resource name, action names, policyName, policyDecision = uid=cppuser1,ou=people,o=NFLD-EHR,dc=dev,dc=emergis, sms://o=nfld-ehr,dc=dev,dc=emergis/sunIdentityRepositoryService/1.0/application/user/cppuser1, [MODIFY, READ, DELEGATE], dc=dev^dc=emergis^^DatastoresReadOnly,
10/15/2012 08:11:48:511 AM EDT: Thread[service-j2ee-9,5,main]
at PolicyCache.getPolicy(orgName,policyName):orgName=o=sunamhiddenrealmdelegationservicepermissions,ou=services,dc=dev,dc=emergis:policyName=dc=dev^dc=emergis^^RealmAdmincacheKey=/policies/dc=dev^dc=emergis^^realmadmin/default/1.0/iplanetampolicyservice/o=sunamhiddenrealmdelegationservicepermissions,ou=services,dc=dev,dc=emergis
10/15/2012 08:11:48:511 AM EDT: Thread[service-j2ee-9,5,main]
PolicyCache:cacheKeys in cache:[policies/dc=dev^dc=emergis^^policyadmin/default/1.0/iplanetampolicyservice/o=sunamhiddenrealmdelegationservicepermissions,ou=services,dc=dev,dc=emergis, /policies/o=nfld-ehr^dc=dev^dc=emergis^^datastoresreadonly/default/1.0/iplanetampolicyservice/o=sunamhiddenrealmdelegationservicepermissions,ou=services,dc=dev,dc=emergis, /policies/o=nfld-ehr^dc=dev^dc=emergis^^realmadmin/default/1.0/iplanetampolicyservice/o=sunamhiddenrealmdelegationservicepermissions,ou=services,dc=dev,dc=emergis, /policies/dc=dev^dc=emergis^^realmadmin/default/1.0/iplanetampolicyservice/o=sunamhiddenrealmdelegationservicepermissions,ou=services,dc=dev,dc=emergis, /policies/o=nfld-ehr^dc=dev^dc=emergis^^policyadmin/default/1.0/iplanetampolicyservice/o=sunamhiddenrealmdelegationservicepermissions,ou=services,dc=dev,dc=emergis, /policies/selfreadattributes/default/1.0/iplanetampolicyservice/o=sunamhiddenrealmdelegationservicepermissions,ou=services,dc=dev,dc=emergis, /policies/jackpolicy/default/1.0/iplanetampolicyservice/o=nfld-ehr,dc=dev,dc=emergis, /policies/test jack/default/1.0/iplanetampolicyservice/dc=dev,dc=emergis, /policies/dc=dev^dc=emergis^^datastoresreadonly/default/1.0/iplanetampolicyservice/o=sunamhiddenrealmdelegationservicepermissions,ou=services,dc=dev,dc=emergis, /policies/p_dis_system administrator_null/default/1.0/iplanetampolicyservice/o=nfld-ehr,dc=dev,dc=emergis, /policies/o=nfld-ehr^dc=dev^dc=emergis^^realmreadonly/default/1.0/iplanetampolicyservice/o=sunamhiddenrealmdelegationservicepermissions,ou=services,dc=dev,dc=emergis, /policies/jackpolicy/default/1.0/iplanetampolicyservice/dc=dev,dc=emergis, /policies/selfwriteattributes/default/1.0/iplanetampolicyservice/o=sunamhiddenrealmdelegationservicepermissions,ou=services,dc=dev,dc=emergis, /policies/dc=dev^dc=emergis^^realmreadonly/default/1.0/iplanetampolicyservice/o=sunamhiddenrealmdelegationservicepermissions,ou=services,dc=dev,dc=emergis, /policies/p_dis_testjan1_null/default/1.0/iplanetampolicyservice/o=nfld-ehr,dc=dev,dc=emergis, /policies/routetonfld-ehr/default/1.0/iplanetampolicyservice/dc=dev,dc=emergis]
10/15/2012 08:11:48:511 AM EDT: Thread[service-j2ee-9,5,main]
Policy dc=dev^dc=emergis^^RealmAdmin is Using Policy evaluation order :1
10/15/2012 08:11:48:511 AM EDT: Thread[service-j2ee-9,5,main]
Using policy evaluation order:SUBJECTS_CONDITIONS_RULES
10/15/2012 08:11:48:511 AM EDT: Thread[service-j2ee-9,5,main]
Subjects.isMember():getting subject evaluation results from resultCache of policy
10/15/2012 08:11:48:512 AM EDT: Thread[service-j2ee-9,5,main]
at Policy.getPolicyDecision() principal, resource name, action names, policyName, policyDecision = uid=cppuser1,ou=people,o=NFLD-EHR,dc=dev,dc=emergis, sms://o=nfld-ehr,dc=dev,dc=emergis/sunIdentityRepositoryService/1.0/application/user/cppuser1, [MODIFY, READ, DELEGATE], dc=dev^dc=emergis^^RealmAdmin,
10/15/2012 08:11:48:512 AM EDT: Thread[service-j2ee-9,5,main]
at PolicyCache.getPolicy(orgName,policyName):orgName=o=sunamhiddenrealmdelegationservicepermissions,ou=services,dc=dev,dc=emergis:policyName=SelfWriteAttributescacheKey=/policies/selfwriteattributes/default/1.0/iplanetampolicyservice/o=sunamhiddenrealmdelegationservicepermissions,ou=services,dc=dev,dc=emergis
10/15/2012 08:11:48:512 AM EDT: Thread[service-j2ee-9,5,main]
PolicyCache:cacheKeys in cache:[policies/dc=dev^dc=emergis^^policyadmin/default/1.0/iplanetampolicyservice/o=sunamhiddenrealmdelegationservicepermissions,ou=services,dc=dev,dc=emergis, /policies/o=nfld-ehr^dc=dev^dc=emergis^^datastoresreadonly/default/1.0/iplanetampolicyservice/o=sunamhiddenrealmdelegationservicepermissions,ou=services,dc=dev,dc=emergis, /policies/o=nfld-ehr^dc=dev^dc=emergis^^realmadmin/default/1.0/iplanetampolicyservice/o=sunamhiddenrealmdelegationservicepermissions,ou=services,dc=dev,dc=emergis, /policies/dc=dev^dc=emergis^^realmadmin/default/1.0/iplanetampolicyservice/o=sunamhiddenrealmdelegationservicepermissions,ou=services,dc=dev,dc=emergis, /policies/o=nfld-ehr^dc=dev^dc=emergis^^policyadmin/default/1.0/iplanetampolicyservice/o=sunamhiddenrealmdelegationservicepermissions,ou=services,dc=dev,dc=emergis, /policies/selfreadattributes/default/1.0/iplanetampolicyservice/o=sunamhiddenrealmdelegationservicepermissions,ou=services,dc=dev,dc=emergis, /policies/jackpolicy/default/1.0/iplanetampolicyservice/o=nfld-ehr,dc=dev,dc=emergis, /policies/test jack/default/1.0/iplanetampolicyservice/dc=dev,dc=emergis, /policies/dc=dev^dc=emergis^^datastoresreadonly/default/1.0/iplanetampolicyservice/o=sunamhiddenrealmdelegationservicepermissions,ou=services,dc=dev,dc=emergis, /policies/p_dis_system administrator_null/default/1.0/iplanetampolicyservice/o=nfld-ehr,dc=dev,dc=emergis, /policies/o=nfld-ehr^dc=dev^dc=emergis^^realmreadonly/default/1.0/iplanetampolicyservice/o=sunamhiddenrealmdelegationservicepermissions,ou=services,dc=dev,dc=emergis, /policies/jackpolicy/default/1.0/iplanetampolicyservice/dc=dev,dc=emergis, /policies/selfwriteattributes/default/1.0/iplanetampolicyservice/o=sunamhiddenrealmdelegationservicepermissions,ou=services,dc=dev,dc=emergis, /policies/dc=dev^dc=emergis^^realmreadonly/default/1.0/iplanetampolicyservice/o=sunamhiddenrealmdelegationservicepermissions,ou=services,dc=dev,dc=emergis, /policies/p_dis_testjan1_null/default/1.0/iplanetampolicyservice/o=nfld-ehr,dc=dev,dc=emergis, /policies/routetonfld-ehr/default/1.0/iplanetampolicyservice/dc=dev,dc=emergis]
10/15/2012 08:11:48:512 AM EDT: Thread[service-j2ee-9,5,main]
at PolicyCache.getPolicy(orgName,policyName):orgName=o=sunamhiddenrealmdelegationservicepermissions,ou=services,dc=dev,dc=emergis:policyName=o=nfld-ehr^dc=dev^dc=emergis^^DatastoresReadOnlycacheKey=/policies/o=nfld-ehr^dc=dev^dc=emergis^^datastoresreadonly/default/1.0/iplanetampolicyservice/o=sunamhiddenrealmdelegationservicepermissions,ou=services,dc=dev,dc=emergis
10/15/2012 08:11:48:512 AM EDT: Thread[service-j2ee-9,5,main]
PolicyCache:cacheKeys in cache:[policies/dc=dev^dc=emergis^^policyadmin/default/1.0/iplanetampolicyservice/o=sunamhiddenrealmdelegationservicepermissions,ou=services,dc=dev,dc=emergis, /policies/o=nfld-ehr^dc=dev^dc=emergis^^datastoresreadonly/default/1.0/iplanetampolicyservice/o=sunamhiddenrealmdelegationservicepermissions,ou=services,dc=dev,dc=emergis, /policies/o=nfld-ehr^dc=dev^dc=emergis^^realmadmin/default/1.0/iplanetampolicyservice/o=sunamhiddenrealmdelegationservicepermissions,ou=services,dc=dev,dc=emergis, /policies/dc=dev^dc=emergis^^realmadmin/default/1.0/iplanetampolicyservice/o=sunamhiddenrealmdelegationservicepermissions,ou=services,dc=dev,dc=emergis, /policies/o=nfld-ehr^dc=dev^dc=emergis^^policyadmin/default/1.0/iplanetampolicyservice/o=sunamhiddenrealmdelegationservicepermissions,ou=services,dc=dev,dc=emergis, /policies/selfreadattributes/default/1.0/iplanetampolicyservice/o=sunamhiddenrealmdelegationservicepermissions,ou=services,dc=dev,dc=emergis, /policies/jackpolicy/default/1.0/iplanetampolicyservice/o=nfld-ehr,dc=dev,dc=emergis, /policies/test jack/default/1.0/iplanetampolicyservice/dc=dev,dc=emergis, /policies/dc=dev^dc=emergis^^datastoresreadonly/default/1.0/iplanetampolicyservice/o=sunamhiddenrealmdelegationservicepermissions,ou=services,dc=dev,dc=emergis, /policies/p_dis_system administrator_null/default/1.0/iplanetampolicyservice/o=nfld-ehr,dc=dev,dc=emergis, /policies/o=nfld-ehr^dc=dev^dc=emergis^^realmreadonly/default/1.0/iplanetampolicyservice/o=sunamhiddenrealmdelegationservicepermissions,ou=services,dc=dev,dc=emergis, /policies/jackpolicy/default/1.0/iplanetampolicyservice/dc=dev,dc=emergis, /policies/selfwriteattributes/default/1.0/iplanetampolicyservice/o=sunamhiddenrealmdelegationservicepermissions,ou=services,dc=dev,dc=emergis, /policies/dc=dev^dc=emergis^^realmreadonly/default/1.0/iplanetampolicyservice/o=sunamhiddenrealmdelegationservicepermissions,ou=services,dc=dev,dc=emergis, /policies/p_dis_testjan1_null/default/1.0/iplanetampolicyservice/o=nfld-ehr,dc=dev,dc=emergis, /policies/routetonfld-ehr/default/1.0/iplanetampolicyservice/dc=dev,dc=emergis]
10/15/2012 08:11:48:512 AM EDT: Thread[service-j2ee-9,5,main]
at PolicyCache.getPolicy(orgName,policyName):orgName=o=sunamhiddenrealmdelegationservicepermissions,ou=services,dc=dev,dc=emergis:policyName=o=nfld-ehr^dc=dev^dc=emergis^^RealmAdmincacheKey=/policies/o=nfld-ehr^dc=dev^dc=emergis^^realmadmin/default/1.0/iplanetampolicyservice/o=sunamhiddenrealmdelegationservicepermissions,ou=services,dc=dev,dc=emergis
10/15/2012 08:11:48:512 AM EDT: Thread[service-j2ee-9,5,main]
PolicyCache:cacheKeys in cache:[policies/dc=dev^dc=emergis^^policyadmin/default/1.0/iplanetampolicyservice/o=sunamhiddenrealmdelegationservicepermissions,ou=services,dc=dev,dc=emergis, /policies/o=nfld-ehr^dc=dev^dc=emergis^^datastoresreadonly/default/1.0/iplanetampolicyservice/o=sunamhiddenrealmdelegationservicepermissions,ou=services,dc=dev,dc=emergis, /policies/o=nfld-ehr^dc=dev^dc=emergis^^realmadmin/default/1.0/iplanetampolicyservice/o=sunamhiddenrealmdelegationservicepermissions,ou=services,dc=dev,dc=emergis, /policies/dc=dev^dc=emergis^^realmadmin/default/1.0/iplanetampolicyservice/o=sunamhiddenrealmdelegationservicepermissions,ou=services,dc=dev,dc=emergis, /policies/o=nfld-ehr^dc=dev^dc=emergis^^policyadmin/default/1.0/iplanetampolicyservice/o=sunamhiddenrealmdelegationservicepermissions,ou=services,dc=dev,dc=emergis, /policies/selfreadattributes/default/1.0/iplanetampolicyservice/o=sunamhiddenrealmdelegationservicepermissions,ou=services,dc=dev,dc=emergis, /policies/jackpolicy/default/1.0/iplanetampolicyservice/o=nfld-ehr,dc=dev,dc=emergis, /policies/test jack/default/1.0/iplanetampolicyservice/dc=dev,dc=emergis, /policies/dc=dev^dc=emergis^^datastoresreadonly/default/1.0/iplanetampolicyservice/o=sunamhiddenrealmdelegationservicepermissions,ou=services,dc=dev,dc=emergis, /policies/p_dis_system administrator_null/default/1.0/iplanetampolicyservice/o=nfld-ehr,dc=dev,dc=emergis, /policies/o=nfld-ehr^dc=dev^dc=emergis^^realmreadonly/default/1.0/iplanetampolicyservice/o=sunamhiddenrealmdelegationservicepermissions,ou=services,dc=dev,dc=emergis, /policies/jackpolicy/default/1.0/iplanetampolicyservice/dc=dev,dc=emergis, /policies/selfwriteattributes/default/1.0/iplanetampolicyservice/o=sunamhiddenrealmdelegationservicepermissions,ou=services,dc=dev,dc=emergis, /policies/dc=dev^dc=emergis^^realmreadonly/default/1.0/iplanetampolicyservice/o=sunamhiddenrealmdelegationservicepermissions,ou=services,dc=dev,dc=emergis, /policies/p_dis_testjan1_null/default/1.0/iplanetampolicyservice/o=nfld-ehr,dc=dev,dc=emergis, /policies/routetonfld-ehr/default/1.0/iplanetampolicyservice/dc=dev,dc=emergis]
10/15/2012 08:11:48:512 AM EDT: Thread[service-j2ee-9,5,main]
at PolicyCache.getPolicy(orgName,policyName):orgName=o=sunamhiddenrealmdelegationservicepermissions,ou=services,dc=dev,dc=emergis:policyName=SelfReadAttributescacheKey=/policies/selfreadattributes/default/1.0/iplanetampolicyservice/o=sunamhiddenrealmdelegationservicepermissions,ou=services,dc=dev,dc=emergis
10/15/2012 08:11:48:513 AM EDT: Thread[service-j2ee-9,5,main]
PolicyCache:cacheKeys in cache:[policies/dc=dev^dc=emergis^^policyadmin/default/1.0/iplanetampolicyservice/o=sunamhiddenrealmdelegationservicepermissions,ou=services,dc=dev,dc=emergis, /policies/o=nfld-ehr^dc=dev^dc=emergis^^datastoresreadonly/default/1.0/iplanetampolicyservice/o=sunamhiddenrealmdelegationservicepermissions,ou=services,dc=dev,dc=emergis, /policies/o=nfld-ehr^dc=dev^dc=emergis^^realmadmin/default/1.0/iplanetampolicyservice/o=sunamhiddenrealmdelegationservicepermissions,ou=services,dc=dev,dc=emergis, /policies/dc=dev^dc=emergis^^realmadmin/default/1.0/iplanetampolicyservice/o=sunamhiddenrealmdelegationservicepermissions,ou=services,dc=dev,dc=emergis, /policies/o=nfld-ehr^dc=dev^dc=emergis^^policyadmin/default/1.0/iplanetampolicyservice/o=sunamhiddenrealmdelegationservicepermissions,ou=services,dc=dev,dc=emergis, /policies/selfreadattributes/default/1.0/iplanetampolicyservice/o=sunamhiddenrealmdelegationservicepermissions,ou=services,dc=dev,dc=emergis, /policies/jackpolicy/default/1.0/iplanetampolicyservice/o=nfld-ehr,dc=dev,dc=emergis, /policies/test jack/default/1.0/iplanetampolicyservice/dc=dev,dc=emergis, /policies/dc=dev^dc=emergis^^datastoresreadonly/default/1.0/iplanetampolicyservice/o=sunamhiddenrealmdelegationservicepermissions,ou=services,dc=dev,dc=emergis, /policies/p_dis_system administrator_null/default/1.0/iplanetampolicyservice/o=nfld-ehr,dc=dev,dc=emergis, /policies/o=nfld-ehr^dc=dev^dc=emergis^^realmreadonly/default/1.0/iplanetampolicyservice/o=sunamhiddenrealmdelegationservicepermissions,ou=services,dc=dev,dc=emergis, /policies/jackpolicy/default/1.0/iplanetampolicyservice/dc=dev,dc=emergis, /policies/selfwriteattributes/default/1.0/iplanetampolicyservice/o=sunamhiddenrealmdelegationservicepermissions,ou=services,dc=dev,dc=emergis, /policies/dc=dev^dc=emergis^^realmreadonly/default/1.0/iplanetampolicyservice/o=sunamhiddenrealmdelegationservicepermissions,ou=services,dc=dev,dc=emergis, /policies/p_dis_testjan1_null/default/1.0/iplanetampolicyservice/o=nfld-ehr,dc=dev,dc=emergis, /policies/routetonfld-ehr/default/1.0/iplanetampolicyservice/dc=dev,dc=emergis]
10/15/2012 08:11:48:513 AM EDT: Thread[service-j2ee-9,5,main]
at PolicyCache.getPolicy(orgName,policyName):orgName=o=sunamhiddenrealmdelegationservicepermissions,ou=services,dc=dev,dc=emergis:policyName=dc=dev^dc=emergis^^DatastoresReadOnlycacheKey=/policies/dc=dev^dc=emergis^^datastoresreadonly/default/1.0/iplanetampolicyservice/o=sunamhiddenrealmdelegationservicepermissions,ou=services,dc=dev,dc=emergis
10/15/2012 08:11:48:513 AM EDT: Thread[service-j2ee-9,5,main]
PolicyCache:cacheKeys in cache:[policies/dc=dev^dc=emergis^^policyadmin/default/1.0/iplanetampolicyservice/o=sunamhiddenrealmdelegationservicepermissions,ou=services,dc=dev,dc=emergis, /policies/o=nfld-ehr^dc=dev^dc=emergis^^datastoresreadonly/default/1.0/iplanetampolicyservice/o=sunamhiddenrealmdelegationservicepermissions,ou=services,dc=dev,dc=emergis, /policies/o=nfld-ehr^dc=dev^dc=emergis^^realmadmin/default/1.0/iplanetampolicyservice/o=sunamhiddenrealmdelegationservicepermissions,ou=services,dc=dev,dc=emergis, /policies/dc=dev^dc=emergis^^realmadmin/default/1.0/iplanetampolicyservice/o=sunamhiddenrealmdelegationservicepermissions,ou=services,dc=dev,dc=emergis, /policies/o=nfld-ehr^dc=dev^dc=emergis^^policyadmin/default/1.0/iplanetampolicyservice/o=sunamhiddenrealmdelegationservicepermissions,ou=services,dc=dev,dc=emergis, /policies/selfreadattributes/default/1.0/iplanetampolicyservice/o=sunamhiddenrealmdelegationservicepermissions,ou=services,dc=dev,dc=emergis, /policies/jackpolicy/default/1.0/iplanetampolicyservice/o=nfld-ehr,dc=dev,dc=emergis, /policies/test jack/default/1.0/iplanetampolicyservice/dc=dev,dc=emergis, /policies/dc=dev^dc=emergis^^datastoresreadonly/default/1.0/iplanetampolicyservice/o=sunamhiddenrealmdelegationservicepermissions,ou=services,dc=dev,dc=emergis, /policies/p_dis_system administrator_null/default/1.0/iplanetampolicyservice/o=nfld-ehr,dc=dev,dc=emergis, /policies/o=nfld-ehr^dc=dev^dc=emergis^^realmreadonly/default/1.0/iplanetampolicyservice/o=sunamhiddenrealmdelegationservicepermissions,ou=services,dc=dev,dc=emergis, /policies/jackpolicy/default/1.0/iplanetampolicyservice/dc=dev,dc=emergis, /policies/selfwriteattributes/default/1.0/iplanetampolicyservice/o=sunamhiddenrealmdelegationservicepermissions,ou=services,dc=dev,dc=emergis, /policies/dc=dev^dc=emergis^^realmreadonly/default/1.0/iplanetampolicyservice/o=sunamhiddenrealmdelegationservicepermissions,ou=services,dc=dev,dc=emergis, /policies/p_dis_testjan1_null/default/1.0/iplanetampolicyservice/o=nfld-ehr,dc=dev,dc=emergis, /policies/routetonfld-ehr/default/1.0/iplanetampolicyservice/dc=dev,dc=emergis]
10/15/2012 08:11:48:513 AM EDT: Thread[service-j2ee-9,5,main]
at PolicyCache.getPolicy(orgName,policyName):orgName=o=sunamhiddenrealmdelegationservicepermissions,ou=services,dc=dev,dc=emergis:policyName=dc=dev^dc=emergis^^RealmAdmincacheKey=/policies/dc=dev^dc=emergis^^realmadmin/default/1.0/iplanetampolicyservice/o=sunamhiddenrealmdelegationservicepermissions,ou=services,dc=dev,dc=emergis
10/15/2012 08:11:48:513 AM EDT: Thread[service-j2ee-9,5,main]
PolicyCache:cacheKeys in cache:[policies/dc=dev^dc=emergis^^policyadmin/default/1.0/iplanetampolicyservice/o=sunamhiddenrealmdelegationservicepermissions,ou=services,dc=dev,dc=emergis, /policies/o=nfld-ehr^dc=dev^dc=emergis^^datastoresreadonly/default/1.0/iplanetampolicyservice/o=sunamhiddenrealmdelegationservicepermissions,ou=services,dc=dev,dc=emergis, /policies/o=nfld-ehr^dc=dev^dc=emergis^^realmadmin/default/1.0/iplanetampolicyservice/o=sunamhiddenrealmdelegationservicepermissions,ou=services,dc=dev,dc=emergis, /policies/dc=dev^dc=emergis^^realmadmin/default/1.0/iplanetampolicyservice/o=sunamhiddenrealmdelegationservicepermissions,ou=services,dc=dev,dc=emergis, /policies/o=nfld-ehr^dc=dev^dc=emergis^^policyadmin/default/1.0/iplanetampolicyservice/o=sunamhiddenrealmdelegationservicepermissions,ou=services,dc=dev,dc=emergis, /policies/selfreadattributes/default/1.0/iplanetampolicyservice/o=sunamhiddenrealmdelegationservicepermissions,ou=services,dc=dev,dc=emergis, /policies/jackpolicy/default/1.0/iplanetampolicyservice/o=nfld-ehr,dc=dev,dc=emergis, /policies/test jack/default/1.0/iplanetampolicyservice/dc=dev,dc=emergis, /policies/dc=dev^dc=emergis^^datastoresreadonly/default/1.0/iplanetampolicyservice/o=sunamhiddenrealmdelegationservicepermissions,ou=services,dc=dev,dc=emergis, /policies/p_dis_system administrator_null/default/1.0/iplanetampolicyservice/o=nfld-ehr,dc=dev,dc=emergis, /policies/o=nfld-ehr^dc=dev^dc=emergis^^realmreadonly/default/1.0/iplanetampolicyservice/o=sunamhiddenrealmdelegationservicepermissions,ou=services,dc=dev,dc=emergis, /policies/jackpolicy/default/1.0/iplanetampolicyservice/dc=dev,dc=emergis, /policies/selfwriteattributes/default/1.0/iplanetampolicyservice/o=sunamhiddenrealmdelegationservicepermissions,ou=services,dc=dev,dc=emergis, /policies/dc=dev^dc=emergis^^realmreadonly/default/1.0/iplanetampolicyservice/o=sunamhiddenrealmdelegationservicepermissions,ou=services,dc=dev,dc=emergis, /policies/p_dis_testjan1_null/default/1.0/iplanetampolicyservice/o=nfld-ehr,dc=dev,dc=emergis, /policies/routetonfld-ehr/default/1.0/iplanetampolicyservice/dc=dev,dc=emergis]
10/15/2012 08:11:48:513 AM EDT: Thread[service-j2ee-9,5,main]
at PolicyEvaluator.getPolicyDecision() orgsToVist=[]
10/15/2012 08:11:48:513 AM EDT: Thread[service-j2ee-9,5,main]
at PolicyEvaluator.getPolicyDecision() orgsToVist(after removing already visited orgs=[]
10/15/2012 08:11:50:515 AM EDT: Thread[service-j2ee-9,5,main]
PolicyRequestHandler.processRequest(): get response from policy framework:
<PolicyService version="1.0" revisionNumber="30">
<PolicyResponse requestId="2">
<ResourceResult name="http://devappa11.dev.emergis:80">
<PolicyDecision>
<ResponseDecisions>
<AttributeValuePair>
<Attribute name="uid"/>
<Value>cppuser1</Value>
</AttributeValuePair>
</ResponseDecisions>
</PolicyDecision>
</ResourceResult>
</PolicyResponse>
</PolicyService> -
SJWS 6.1 Policy Agent getting roles
Hi,
I've installed Policy Agent 2.2 in SJWS 6.1 and authentication is working properly. I've configured nativeRealm to get the user's principal from a web application (a servlet).
In this scenarios the user has two roles (it's working on WebLogic 8.1), but the Agent doesn't receive this roles from server, and in servlet the call to the function isUserInRoles doesn't work.
Anybody knows if is it possible working with roles, using J2EE security in servlets, with Sun Java WebServer 6.1 using Policy Agent 2.2 with Access Manager?
Thanks a lot
DavidHave you also tried not to set JAVAHOME at all as mentioned in the docs?
-Bernhard -
J2ee policy agent + Access Manager sample
Hello,
i would like to secure my j2ee application by using j2ee policy agent in combination with Sun Indentity Manager 6.1 (Access Manager).
I am new in this area, so i would like to ask if somebody know any SAMPLE application / example / turorial that shows step-by-step, how to cover this area.
Thank you very much for any advise or link.
-Eugen...\jstudioE704Q4\AppServer7\domains\domain1\server1\logs\server.log
[26/Sep/2005:18:59:11] INFO ( 1356): CORE3282: stdout: IN WebContainer>>moduleDeployed: customerinfoabout to close all connections
[26/Sep/2005:18:59:12] INFO ( 1356): CORE3276: Installing a new configuration
[26/Sep/2005:18:59:17] INFO ( 1356): WEB0100: Loading web module [CustomerInfo] in virtual server [server1] at [CustomerInfo]
[26/Sep/2005:18:59:17] INFO ( 1356): WEB0121: Enabling no persistence for web module [CustomerInfo]'s sessions: persistence-type = [memory]
[26/Sep/2005:18:59:17] INFO ( 1356): WEB0100: Loading web module [customerinfo] in virtual server [server1] at []
[26/Sep/2005:18:59:21] INFO ( 1356): CORE3280: A new configuration was successfully installed
[26/Sep/2005:18:59:21] INFO ( 1356): WEB4004: Closing web application environment for virtual server [server1]
[26/Sep/2005:18:59:33] SEVERE ( 1356): HTTP3068: Error receiving request from 192.168.1.222 (Overlapped I/O operation is in progress.)
[26/Sep/2005:18:59:33] SEVERE ( 1356): HTTP3068: Error receiving request from 192.168.1.222 (Overlapped I/O operation is in progress.)
[26/Sep/2005:18:59:33] SEVERE ( 1356): HTTP3068: Error receiving request from 192.168.1.222 (Overlapped I/O operation is in progress.)
[26/Sep/2005:18:59:33] INFO ( 1356): CORE3282: stdout: LENGTH_OF_GENERATED_UUID = 29
[26/Sep/2005:19:00:29] INFO ( 1356): CORE3282: stdout: IN WebContainer>>moduleRedeployed: /customerinfoabout to close all connections
[26/Sep/2005:19:00:29] INFO ( 1356): CORE3276: Installing a new configuration
[26/Sep/2005:19:00:30] INFO ( 1356): WEB0100: Loading web module [CustomerInfo] in virtual server [server1] at [CustomerInfo]
[26/Sep/2005:19:00:30] INFO ( 1356): WEB0121: Enabling no persistence for web module [CustomerInfo]'s sessions: persistence-type = [memory]
[26/Sep/2005:19:00:30] INFO ( 1356): WEB0100: Loading web module [customerinfo] in virtual server [server1] at []
[26/Sep/2005:19:00:31] INFO ( 1356): CORE3280: A new configuration was successfully installed
[26/Sep/2005:19:00:31] INFO ( 1356): WEB4004: Closing web application environment for virtual server [server1]
[26/Sep/2005:19:09:30] INFO ( 1356): CORE3282: stdout: IN WebContainer>>moduleRedeployed: /customerinfoabout to close all connections
[26/Sep/2005:19:09:31] INFO ( 1356): CORE3276: Installing a new configuration
[26/Sep/2005:19:09:31] INFO ( 1356): WEB0100: Loading web module [CustomerInfo] in virtual server [server1] at [CustomerInfo]
[26/Sep/2005:19:09:31] INFO ( 1356): WEB0121: Enabling no persistence for web module [CustomerInfo]'s sessions: persistence-type = [memory]
[26/Sep/2005:19:09:31] INFO ( 1356): WEB0100: Loading web module [customerinfo] in virtual server [server1] at []
[26/Sep/2005:19:09:33] INFO ( 1356): CORE3280: A new configuration was successfully installed
[26/Sep/2005:19:09:33] INFO ( 1356): WEB4004: Closing web application environment for virtual server [server1]
[26/Sep/2005:19:09:49] SEVERE ( 1356): HTTP3068: Error receiving request from 192.168.1.222 (Overlapped I/O operation is in progress.)
[26/Sep/2005:19:10:43] INFO ( 1356): CORE3282: stdout: IN WebContainer>>moduleRedeployed: /customerinfoabout to close all connections
[26/Sep/2005:19:10:43] INFO ( 1356): CORE3276: Installing a new configuration
[26/Sep/2005:19:10:44] INFO ( 1356): WEB0100: Loading web module [CustomerInfo] in virtual server [server1] at [CustomerInfo]
[26/Sep/2005:19:10:44] INFO ( 1356): WEB0121: Enabling no persistence for web module [CustomerInfo]'s sessions: persistence-type = [memory]
[26/Sep/2005:19:10:44] INFO ( 1356): WEB0100: Loading web module [customerinfo] in virtual server [server1] at []
[26/Sep/2005:19:10:45] INFO ( 1356): CORE3280: A new configuration was successfully installed
[26/Sep/2005:19:10:45] INFO ( 1356): WEB4004: Closing web application environment for virtual server [server1]
I found no LOG file neither in
...\jstudioE704Q4\PolicyAgent\IdentityServer\j2ee_agents\logs
nor in
...\jstudioE704Q4\PolicyAgent\IdentityServer\j2ee_agents\logs\D__Sun_jstudioE704Q4_AppServer7_domains_domain1_server1_config\
Do you know any other log files to chek ?
Thanks.
--Eugen -
J2ee policy agent sample aplication
Hello,
i would like to secure my j2ee application by using j2ee policy agent in combination with Sun Indentity Manager 6.1 (Access Manager).
I am new in this area, so i would like to ask if somebody know any SAMPLE application / example / turorial that shows step-by-step, who to cover this area.
Thank you very much for any advise.
-EugenHello,
i would like to secure my j2ee application by using j2ee policy agent in combination with Sun Indentity Manager 6.1 (Access Manager).
I am new in this area, so i would like to ask if somebody know any SAMPLE application / example / turorial that shows step-by-step, who to cover this area.
Thank you very much for any advise.
-Eugen -
Need asssitance on openSSO/Access Manager-policy agent on tomcat 5.5
I'm asking here because there is no help from openSSO forum.
I know that openSSO is quite the same with java access manager,
so I assume that openSSO is identical to java access manager.
I'm very much new to the policy agent and I've tried to test it for my own web application, but it doesn't seems to work.
Here is my situation :
I'm using 2 servers:
1. server using windows XP, installed with tomcat 5.5 and opensso inside (acts as openSSO server).
I set the IP to be 192.168.0.3 and tomcat web server will be listening on port 8080
2. server using windows XP, installed with tomcat 5.5 and my web application inside, and the policy agent.
I set the IP to be 192.168.0.1 and tomcat web server will be listening on port 7070
my web application is named "akademis" and I can acess it with the usual method on address http://192.168.0.1:7070/akademis.
I install the policy agent on global web.xml of tomcat configuration and I don't change anything on web.xml of my application.
when I tried to acess the http://192.168.0.1:7070/akademis , I wa redirected to openSSO login page correctly and I entered username and password(username:amadmin). I passed the login page and being redirected to the page that I wanted, but it doesn't do correctly cause I got a HTTP message of 403 (forbidden).
I got some clue in the policy agent logs :
a. the amFilter log
09/30/2006 01:08:25:890 PM ICT: Thread[http-7070-Processor25,5,main]
09/30/2006 01:09:14:515 PM ICT: Thread[http-7070-Processor25,5,main]
ERROR: URLFailoverHelper: No URL is available at this time
09/30/2006 01:09:14:515 PM ICT: Thread[http-7070-Processor25,5,main]
ERROR: AmFilter: Error while delegating to inbound handler: SSO Task Handler, access will be denied
[AgentException Stack]
com.sun.identity.agents.arch.AgentException: No URL is available at this time
at com.sun.identity.agents.common.URLFailoverHelper.getAvailableURL(URLFailoverHelper.java:133)
at com.sun.identity.agents.filter.AmFilterRequestContext.getLoginURL(AmFilterRequestContext.java:748)
at com.sun.identity.agents.filter.AmFilterRequestContext.getAuthRedirectURL(AmFilterRequestContext.java:285)
at com.sun.identity.agents.filter.AmFilterRequestContext.getAuthRedirectURL(AmFilterRequestContext.java:258)
at com.sun.identity.agents.filter.AmFilterRequestContext.getAuthRedirectResult(AmFilterRequestContext.java:363)
at com.sun.identity.agents.filter.AmFilterRequestContext.getAuthRedirectResult(AmFilterRequestContext.java:345)
at com.sun.identity.agents.filter.SSOTaskHandler.doSSOLogin(SSOTaskHandler.java:210)
at com.sun.identity.agents.filter.SSOTaskHandler.process(SSOTaskHandler.java:98)
at com.sun.identity.agents.filter.AmFilter.processTaskHandlers(AmFilter.java:185)
at com.sun.identity.agents.filter.AmFilter.isAccessAllowed(AmFilter.java:152)
at com.sun.identity.agents.filter.AmAgentBaseFilter.doFilter(AmAgentBaseFilter.java:38)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:178)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126)
at org.apache.catalina.cluster.tcp.ReplicationValve.invoke(ReplicationValve.java:346)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:869)
at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:664)
at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:527)
at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:80)
at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:684)
at java.lang.Thread.run(Thread.java:595)
b. the amLog
09/30/2006 01:08:09:921 PM ICT: Thread[main,5,main]
09/30/2006 01:08:10:078 PM ICT: Thread[main,5,main]
ERROR: RemoteHandler.getLogHostURL(): 'null' is malformed. null
I think the reson that I failed is not in the openSSO/java access manager, because I get passed the login page, and also in the amFilter log of the policy agent I see an error of "No URL is available at this time" .
Is there anyone can help me on this problem ? I'll be very glad if somebody can help me.
thanksPlease try the fix as suggested in the following and let us know the results.
http://support.microsoft.com/default.aspx?scid=kb;EN-US;196271
http://forum.java.sun.com/thread.jspa?threadID=346820&messageID=1436761
Thanks,
Subba -
Possible to deploy Dist Auth in the same web container with Policy Agent?
I have a client who has limited hardware resources and wants to deploy the distributed authentication UI in the same web container as the policy agent. Has anyone successfully done this?
I'm sure it's possible just make sure the DAUI context (e.g. /distAuth) in the agent's configuration for the web server is in the not enforced list properties for the agent.
However, it's so easy just to put an Apache HTTP server/tomcat and run daui, then setup another web server (Sun, Apache, etc.) with an agent or vice versa and you don't have to worry about the agent clobbering DAUI. -
Error while Installing Apache Tomcat policy agent in openAM
Hi,
I trying to install Apache Tomcat Policy agent in Linux environment but I am getting the following error after i provided all the details.
Updating the /EBS/TomCat/apache-tomcat-7.0.33/bin/setenv.sh script
with the Agent configuration JVM option ...DONE.
FAILED.
In Agentlog file, i have received the error like below:
Note: I am installing it as "oracle" user not as root.
-r-------- 1 oracle oracle 9583 Apr 25 14:55 Agent.log
[04/25/2013 14:58:58:256 IST] FileUtils.copyJarFile(): Error occurred while copying jar file: /EBS/openAM/tomcat_v6_agent_3.1.0-Xpress/j2ee_agents/tomcat_v6_agent/lib/agent.jar to: /EBS/TomCat/apache-tomcat-7.0.33/lib/agent.jar
java.io.FileNotFoundException: /EBS/TomCat/apache-tomcat-7.0.33/lib/agent.jar (Permission denied)
at java.io.FileOutputStream.open(Native Method)
at java.io.FileOutputStream.<init>(FileOutputStream.java:194)
at java.io.FileOutputStream.<init>(FileOutputStream.java:84)
at com.sun.identity.install.tools.util.FileUtils.copyJarFile(FileUtils.java:131)
at com.sun.identity.agents.tools.tomcat.v6.CopyAgentFilesTask.copyAgentJarFiles(CopyAgentFilesTask.java:74)
at com.sun.identity.agents.tools.tomcat.v6.CopyAgentFilesTask.execute(CopyAgentFilesTask.java:56)
at com.sun.identity.install.tools.configurator.TaskRunner.executeTask(TaskRunner.java:105)
at com.sun.identity.install.tools.configurator.TaskRunner.runTasks(TaskRunner.java:72)
at com.sun.identity.install.tools.configurator.InstallDriver.install(InstallDriver.java:95)
at com.sun.identity.install.tools.configurator.InstallDriver.install(InstallDriver.java:40)
at com.sun.identity.install.tools.handler.InstallHandler.handleRequest(InstallHandler.java:63)
at com.sun.identity.install.tools.admin.AdminTool.dispatch(AdminTool.java:230)
at com.sun.identity.install.tools.admin.AdminTool.run(AdminTool.java:133)
at com.sun.identity.install.tools.launch.AdminToolLauncher.launchAdminTool(AdminToolLauncher.java:201)
at com.sun.identity.install.tools.launch.AdminToolLauncher.main(AdminToolLauncher.java:313)
[04/25/2013 14:58:58:258 IST] CopyAgentFilesTask.copyAgentJarFiles() - Error occured while copying jar files from /EBS/openAM/tomcat_v6_agent_3.1.0-Xpress/j2ee_agents/tomcat_v6_agent/lib to /EBS/TomCat/apache-tomcat-7.0.33/lib: /EBS/TomCat/apache-tomcat-7.0.33/lib/agent.jar (Permission denied)
I tried to do this do this installation through root also but i got the same error.
Please help me to resolve this.
Thanks & regards,
KarthickHi,
I got the below error in log files:
[04/26/2013 11:02:48:828 IST] LayoutHandlerTask.execute() - Creating instance directory layout for 'Agent_001
[04/26/2013 11:02:48:828 IST] LayoutHandlerTask.createDir() - Creating Dir for: /EBS/openAM/tomcat_v6_agent_3.1.0-Xpress/j2ee_agents/tomcat_v6_agent/Agent_001
[04/26/2013 11:02:48:828 IST] LayoutHandlerTask.createDir() - Error Unable to create Dir for: /EBS/openAM/tomcat_v6_agent_3.1.0-Xpress/j2ee_agents/tomcat_v6_ag/Agent_001
[04/26/2013 11:02:48:828 IST] InstallHandler: Failed to process install request
[ProductInstallException Stack]com.sun.identity.install.tools.configurator.InstallException: Failed to create directory /EBS/openAM/tomcat_v6_agent_3.1.0-Xpress/j2ee_agents/tomcat_v6_agent/Agent_001.
at com.sun.identity.install.tools.configurator.CreateLayoutTask.createDir(CreateLayoutTask.java
:126)
at com.sun.identity.install.tools.configurator.CreateLayoutTask.execute(CreateLayoutTask.java:6
3)
at com.sun.identity.install.tools.configurator.TaskRunner.executeTask(TaskRunner.java:105)
at com.sun.identity.install.tools.configurator.TaskRunner.runTasks(TaskRunner.java:72)
at com.sun.identity.install.tools.configurator.InstallDriver.install(InstallDriver.java:95)
at com.sun.identity.install.tools.configurator.InstallDriver.install(InstallDriver.java:40)
at com.sun.identity.install.tools.handler.InstallHandler.handleRequest(InstallHandler.java:63)
at com.sun.identity.install.tools.admin.AdminTool.dispatch(AdminTool.java:230)
at com.sun.identity.install.tools.admin.AdminTool.run(AdminTool.java:133)
at com.sun.identity.install.tools.launch.AdminToolLauncher.launchAdminTool(AdminToolLauncher.ja
va:201)
at com.sun.identity.install.tools.launch.AdminToolLauncher.main(AdminToolLauncher.java:313)
[04/26/2013 11:02:48:831 IST] Exiting with code: 0
Thanks,
Karthick -
Eclipse and Tomcat Policy Agent
I have installed the Tomcat Policy Agent using the agentadmin script under Windows. If I run Tomcat normally using the start.bat script, everything is fine. However, if I run Tomcat through Eclipse's Server configuration, there is a problem fining the AMAgentFilter class.
How do I set up the classpath for Tomcat in Eclipse to work with the Policy Agent?
Thanks.How can i compile aspectJ (*.aj) files in WSAD 5.1.1 powered by Eclipse 2.1.3. I amn't getting AJDT (AspectJ development tool) plugin for Eclipse 2.1.3. I am only getting AJDT plugins for eclipse 3.x onwards.
Note: Above devolpement kit (WSAD 5.1.1) is a constraint.
Can i upgrade the my eclipse version in WSAD 5.1.1. -
Policy Agent Install - Tomcat problems
Hello,
After trying to install policy agent on many different OS with no success, I had to finally ask here:
I followed the instructions and did the following on Debian, Fedora, and Win server 2003:
1.downloaded the policy agent for tomcat
2.stopped tomcat
3.decompressed the j2ee agents folder to the root of the system,
4 run the agentadmin -install
5. put the agentapp folder in the webapps directory
6. started tomcat...
get the same error on three OS about it not finding AMRealm,
I found someone pointing out that setagentclasspath could fix this,
but I see all the classpaths there, so I went I start moving some classes to the tomcat/lib dir
then the AMRealm error went away but many others came in.
What I'm doing wrong !!I'm having the same problem with windows 2003 server Enterprise Edition. (installer complains about web server instance directory, is not 6.0 or 6.1...)
You said that "Policy Agent 2.1 does *NOT* work with MS Windows 2003 Server Enterprise edition". But does Policy Agent 2.2 work with Windows 2003 Server Enterprise edition?
Thanks for your help!!! -
Custom Authentication Issue with Policy Agent
Hi,
I have a custom authentication module which is hosted on the BEA application server and I am trying to access through the policy agent on apache.
I have set the following property in AMAgent.properties file
com.sun.am.policy.am.loginURL= http://host:port/amserver/UI/Login
So When the user requests a protected resource, the policy agent forwards the user to Identity Server with the module as CustomLoginModule. However, after this, authentication is succeed, user sesion is being created and I get the following error message in the agent log file.
2004-10-19 16:20:26.908 Error 27620:e1140 PolicyEngine: am_policy_evaluate: InternalException in Service::construct_auth_svc with error message:Application authentication failed during service creation. and code:3
2004-10-19 16:20:26.908 128 27620:e1140 RemoteLog: User unknown was denied access to http://hostname:port/weblogic/protapp/protected/a.html.
2004-10-19 16:20:26.908 Error 27620:e1140 LogService: LogService::logMessage() loggedBy SSOTokenID is invalid.
2004-10-19 16:20:26.909 Error 27620:e1140 all: am_log_vlog() failed with status AM_REMOTE_LOG_FAILURE.
2004-10-19 16:20:26.909 -1 27620:e1140 PolicyAgent: URL Access Agent: access denied to unknown user
The necessary policy object is already created in Identity Server. Please send your suggestions to fix this problem.
Thanks
NeerajHi Neeraj,
I still have not been able to resolve that issue. Let me know If you find a solution for the same.
Thanks,
Srinivas -
Load balancers with web servers & policy agents
I have a pair of host machines, hostA and hostB, running multiple web server instances, portalA, portalB, contentA, contentB, serviceA, serviceB, etc.
The two hosts, hostA and hostB, are sitting behind load balancers. ServiceA and serviceB must be protected by login and I have a policy agent installed on hostA and hostB for these two instances.
The load balancers respond to https://service/* and forward requests to http://serviceA:3456/* or http://serviceB:3456/* depending on the host selected by round-robin.
I've been told that serviceA and serviceB cannot be running on the default 443 port (although we could enable SSL if we wanted) in order to work nicely with the other web server instances that are behind the load balancers.
The problem is that the policy agent knows that it is running as http://serviceA:3456/.
The user makes a request to the load balancers for:
https://service/protected.html
The load balancer passes the request to:
http://serviceA:3456/protected.html
The agent sends a redirect to login which sends the user to:
http://service:3456/protected.html
This final URL is not available through the load balancers and it's obviously not the public URL.
I have fqdnDefault set to 'service.x.x' so the URL is rewritten to that extent. Is there a way to tell the agent that the port it's running on is not the public port (ie. that it's behind a NAT device)? Is there a way to tell the agent that it's should actually redirect to https and not http?Hi,
CQ authoring does not leverage server side sessions, therefor you'll never loose data because of this.
But: As the cluster has a small delay on synchronisation, it could be, that on a write and subsequent read you'll get the old content, if you don't have sticky sessions (because both requests are not processed by the same server). Therefor I advise you to use sticky sessions in front of a CQ authoring cluster.
Jörg -
Policy agent 2.2 amfilter local authentication with session binding failed
Hi All,
I have policy agent 2.2 for weblogic 8.1 sp4 installed on redhat linux. All are working fine in my development box. But I was running all the process under user root, so today I decided to change it to a regular user, joe. I changed all the files' owner for weblogic server and policy agent from root to joe, and restart server as user Joe. After the change, I can not access the application on Weblogic server. I changed file ownership back to root and restart weblogic server as root, still same error.
Here is the error I got:
10.4.4 403 Forbidden
The server understood the request, but is refusing to fulfill it. Authorization will not help and the request SHOULD NOT be repeated. If the request method was not HEAD and the server wishes to make public why the request has not been fulfilled, it SHOULD describe the reason for the refusal in the entity. This status code is commonly used when the server does not wish to reveal exactly why the request has been refused, or when no other response is applicable.
Here is the error I found from agent log file, amFilter:
AmFilter: now processing: SSO Task Handler
05/24/2006 06:27:08:127 PM PDT: Thread[ExecuteThread: '14' for queue: 'weblogic.kernel.Default',5,Thread Group for Queue: 'weblogic.kernel.Default']
SSOTaskHandler: caching SSO Token for user uid=amAdmin,ou=People,dc=etouch,dc=net
05/24/2006 06:27:08:127 PM PDT: Thread[ExecuteThread: '14' for queue: 'weblogic.kernel.Default',5,Thread Group for Queue: 'weblogic.kernel.Default']
AmBaseSSOCache: cached the sso token for user principal : uid=amadmin,ou=people,dc=etouch,dc=net sso token: AQIC5wM2LY4Sfcx4XY/x/M7G1Y3ScVjFj8E3oT0BV45mh0Q=@AAJTSQACMDE=#, cache size = 1
05/24/2006 06:27:08:127 PM PDT: Thread[ExecuteThread: '14' for queue: 'weblogic.kernel.Default',5,Thread Group for Queue: 'weblogic.kernel.Default']
SSOTaskHandler: SSO Validation successful for uid=amAdmin,ou=People,dc=etouch,dc=net
05/24/2006 06:27:08:128 PM PDT: Thread[ExecuteThread: '14' for queue: 'weblogic.kernel.Default',5,Thread Group for Queue: 'weblogic.kernel.Default']
AmFilter: now processing: J2EE Local Logout Task Handler
05/24/2006 06:27:08:128 PM PDT: Thread[ExecuteThread: '14' for queue: 'weblogic.kernel.Default',5,Thread Group for Queue: 'weblogic.kernel.Default']
AmFilter: local logout skipped SSO User => amAdmin, principal =>null
05/24/2006 06:27:08:128 PM PDT: Thread[ExecuteThread: '14' for queue: 'weblogic.kernel.Default',5,Thread Group for Queue: 'weblogic.kernel.Default']
AmFilter: now processing: J2EE Local Auth Task Handler
05/24/2006 06:27:08:128 PM PDT: Thread[ExecuteThread: '14' for queue: 'weblogic.kernel.Default',5,Thread Group for Queue: 'weblogic.kernel.Default']
LocalAuthTaskHandler: No principal found. Initiating local authentication for amAdmin
05/24/2006 06:27:08:128 PM PDT: Thread[ExecuteThread: '14' for queue: 'weblogic.kernel.Default',5,Thread Group for Queue: 'weblogic.kernel.Default']
LocalAuthTaskHandler: doing local authentication with session binding
05/24/2006 06:27:08:129 PM PDT: Thread[ExecuteThread: '14' for queue: 'weblogic.kernel.Default',5,Thread Group for Queue: 'weblogic.kernel.Default']
LocalAuthTaskHandler: Local authentication failed, invalidating session.05/24/2006 06:27:08:129 PM PDT: Thread[ExecuteThread: '14' for queue: 'weblogic.kernel.Default',5,Thread Group for Queue: 'weblogic.kernel.Default']
WARNING: LocalAuthTaskHandler: Local authentication failed for : /portal/index.jsp, SSO Token: AQIC5wM2LY4Sfcx4XY/x/M7G1Y3ScVjFj8E3oT0BV45mh0Q=@AAJTSQACMDE=#
05/24/2006 06:27:08:129 PM PDT: Thread[ExecuteThread: '14' for queue: 'weblogic.kernel.Default',5,Thread Group for Queue: 'weblogic.kernel.Default']
AmFilter: result =>
FilterResult:
Status : FORBIDDEN
RedirectURL : null
RequestHelper:
null
Data:
null
-----------------------------------------------------------Hi,
I'm having the exact same problem in the Prod environment, but on a Sun App Server. In development all is fine, in prod we now have:
ERROR: AmFilter: Error while delegating to inbound handler: J2EE Local Auth Task Handler, access will be denied
java.lang.IllegalStateException: invalidate: Session already invalidated
at org.apache.catalina.session.StandardSession.invalidate(StandardSession.java:1258)
at org.apache.catalina.session.StandardSessionFacade.invalidate(StandardSessionFacade.java:164)
at com.sun.identity.agents.filter.LocalAuthTaskHandler.doLocalAuthWithSessionBinding(LocalAuthTaskHandler.java:289)
at com.sun.identity.agents.filter.LocalAuthTaskHandler.authenticate(LocalAuthTaskHandler.java:159)
at com.sun.identity.agents.filter.LocalAuthTaskHandler.process(LocalAuthTaskHandler.java:106)
at com.sun.identity.agents.filter.AmFilter.processTaskHandlers(AmFilter.java:185)
at com.sun.identity.agents.filter.AmFilter.isAccessAllowed(AmFilter.java:152)
at com.sun.identity.agents.filter.AmAgentBaseFilter.doFilter(AmAgentBaseFilter.java:38)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:210)
at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:55)
at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:161)
at java.security.AccessController.doPrivileged(Native Method)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:157)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:263)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:551)
at org.apache.catalina.core.StandardContextValve.invokeInternal(StandardContextValve.java:225)
FilterResult:
Status : FORBIDDEN
RedirectURL : null
RequestHelper:
null
Data:
null
Also, we I debug I see:
LocalAuthTaskHandler: No principal found. Initiating local authentication for ...
Did you receive any solution for this?
Many, many thanks,
Philip
Maybe you are looking for
-
what can i do if i accidentally deleted my iPhoto from my macbook air and the App Store couldn't recognize that i have bought it before and required me to buy it again ... should i buy it again or what ? i can't manage my photos now ...
-
Ext. data source and Tree component
Im using tree component and XMLConnector here. as far as i can see results in my tree (when testing my movie) it ouputs data thats loaded fom ext. XML file. But the problem is that it publishes [type Function] in the tree. no actual xml nodes are vis
-
How do I fix Elements 8 crash on start-up?
When Elements 8 starts, it immediatly crashes and goes to 'crash report' which I have submitted dozens of times. It will not startup in SafeMode either. Win 7 Home Premium, RAM 8 Gb.
-
Deleting Folders/Applications that are NOT locked
I downloaded Windows Media Player online and would like to delete it, but when I attempt to it's saying that certain applications/folders are locked. I then looked at each relevant app/folder under "Get Info" from the pull down menu but it was showin
-
I cannot use Quicken on my new MacBook Air (Mac OS X Lion 10.7.2) Any suggestions? I love Quicken and it takes care of all my financial needs.