Policy agent fot apache tomcat opensso

Hi,
I am looking for policy agent fot apache tomcat opensso 8 u2. Can anyone post the url for the same

Go to https://edelivery.oracle.com and go to Sun Products Media Pack for Oracle Solaris on SPARC (64-bit)
There you will find OpenSSO Policy Agents 3.0 which includes the tomcat agent. Don't worry about the hardware platform or OS, the tomcat agent is pure java so it doesn't matter.

Similar Messages

Custom Authentication Issue with Policy Agent

Hi,
I have a custom authentication module which is hosted on the BEA application server and I am trying to access through the policy agent on apache.
I have set the following property in AMAgent.properties file
com.sun.am.policy.am.loginURL= http://host:port/amserver/UI/Login
So When the user requests a protected resource, the policy agent forwards the user to Identity Server with the module as CustomLoginModule. However, after this, authentication is succeed, user sesion is being created and I get the following error message in the agent log file.
2004-10-19 16:20:26.908 Error 27620:e1140 PolicyEngine: am_policy_evaluate: InternalException in Service::construct_auth_svc with error message:Application authentication failed during service creation. and code:3
2004-10-19 16:20:26.908 128 27620:e1140 RemoteLog: User unknown was denied access to http://hostname:port/weblogic/protapp/protected/a.html.
2004-10-19 16:20:26.908 Error 27620:e1140 LogService: LogService::logMessage() loggedBy SSOTokenID is invalid.
2004-10-19 16:20:26.909 Error 27620:e1140 all: am_log_vlog() failed with status AM_REMOTE_LOG_FAILURE.
2004-10-19 16:20:26.909 -1 27620:e1140 PolicyAgent: URL Access Agent: access denied to unknown user
The necessary policy object is already created in Identity Server. Please send your suggestions to fix this problem.
Thanks
Neeraj

Hi Neeraj,
I still have not been able to resolve that issue. Let me know If you find a solution for the same.
Thanks,
Srinivas

Need asssitance on openSSO/Access Manager-policy agent on tomcat 5.5

I'm asking here because there is no help from openSSO forum.
I know that openSSO is quite the same with java access manager,
so I assume that openSSO is identical to java access manager.
I'm very much new to the policy agent and I've tried to test it for my own web application, but it doesn't seems to work.
Here is my situation :
I'm using 2 servers:
1. server using windows XP, installed with tomcat 5.5 and opensso inside (acts as openSSO server).
I set the IP to be 192.168.0.3 and tomcat web server will be listening on port 8080
2. server using windows XP, installed with tomcat 5.5 and my web application inside, and the policy agent.
I set the IP to be 192.168.0.1 and tomcat web server will be listening on port 7070
my web application is named "akademis" and I can acess it with the usual method on address http://192.168.0.1:7070/akademis.
I install the policy agent on global web.xml of tomcat configuration and I don't change anything on web.xml of my application.
when I tried to acess the http://192.168.0.1:7070/akademis , I wa redirected to openSSO login page correctly and I entered username and password(username:amadmin). I passed the login page and being redirected to the page that I wanted, but it doesn't do correctly cause I got a HTTP message of 403 (forbidden).
I got some clue in the policy agent logs :
a. the amFilter log
09/30/2006 01:08:25:890 PM ICT: Thread[http-7070-Processor25,5,main]
09/30/2006 01:09:14:515 PM ICT: Thread[http-7070-Processor25,5,main]
ERROR: URLFailoverHelper: No URL is available at this time
09/30/2006 01:09:14:515 PM ICT: Thread[http-7070-Processor25,5,main]
ERROR: AmFilter: Error while delegating to inbound handler: SSO Task Handler, access will be denied
[AgentException Stack]
com.sun.identity.agents.arch.AgentException: No URL is available at this time
at com.sun.identity.agents.common.URLFailoverHelper.getAvailableURL(URLFailoverHelper.java:133)
at com.sun.identity.agents.filter.AmFilterRequestContext.getLoginURL(AmFilterRequestContext.java:748)
at com.sun.identity.agents.filter.AmFilterRequestContext.getAuthRedirectURL(AmFilterRequestContext.java:285)
at com.sun.identity.agents.filter.AmFilterRequestContext.getAuthRedirectURL(AmFilterRequestContext.java:258)
at com.sun.identity.agents.filter.AmFilterRequestContext.getAuthRedirectResult(AmFilterRequestContext.java:363)
at com.sun.identity.agents.filter.AmFilterRequestContext.getAuthRedirectResult(AmFilterRequestContext.java:345)
at com.sun.identity.agents.filter.SSOTaskHandler.doSSOLogin(SSOTaskHandler.java:210)
at com.sun.identity.agents.filter.SSOTaskHandler.process(SSOTaskHandler.java:98)
at com.sun.identity.agents.filter.AmFilter.processTaskHandlers(AmFilter.java:185)
at com.sun.identity.agents.filter.AmFilter.isAccessAllowed(AmFilter.java:152)
at com.sun.identity.agents.filter.AmAgentBaseFilter.doFilter(AmAgentBaseFilter.java:38)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:178)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126)
at org.apache.catalina.cluster.tcp.ReplicationValve.invoke(ReplicationValve.java:346)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:869)
at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:664)
at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:527)
at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:80)
at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:684)
at java.lang.Thread.run(Thread.java:595)
b. the amLog
09/30/2006 01:08:09:921 PM ICT: Thread[main,5,main]
09/30/2006 01:08:10:078 PM ICT: Thread[main,5,main]
ERROR: RemoteHandler.getLogHostURL(): 'null' is malformed. null
I think the reson that I failed is not in the openSSO/java access manager, because I get passed the login page, and also in the amFilter log of the policy agent I see an error of "No URL is available at this time" .
Is there anyone can help me on this problem ? I'll be very glad if somebody can help me.
thanks

Please try the fix as suggested in the following and let us know the results.
http://support.microsoft.com/default.aspx?scid=kb;EN-US;196271
http://forum.java.sun.com/thread.jspa?threadID=346820&messageID=1436761
Thanks,
Subba

Error while Installing Apache Tomcat policy agent in openAM

Hi,
I trying to install Apache Tomcat Policy agent in Linux environment but I am getting the following error after i provided all the details.
Updating the /EBS/TomCat/apache-tomcat-7.0.33/bin/setenv.sh script
with the Agent configuration JVM option ...DONE.
FAILED.
In Agentlog file, i have received the error like below:
Note: I am installing it as "oracle" user not as root.
-r-------- 1 oracle oracle 9583 Apr 25 14:55 Agent.log
[04/25/2013 14:58:58:256 IST] FileUtils.copyJarFile(): Error occurred while copying jar file: /EBS/openAM/tomcat_v6_agent_3.1.0-Xpress/j2ee_agents/tomcat_v6_agent/lib/agent.jar to: /EBS/TomCat/apache-tomcat-7.0.33/lib/agent.jar
java.io.FileNotFoundException: /EBS/TomCat/apache-tomcat-7.0.33/lib/agent.jar (Permission denied)
at java.io.FileOutputStream.open(Native Method)
at java.io.FileOutputStream.<init>(FileOutputStream.java:194)
at java.io.FileOutputStream.<init>(FileOutputStream.java:84)
at com.sun.identity.install.tools.util.FileUtils.copyJarFile(FileUtils.java:131)
at com.sun.identity.agents.tools.tomcat.v6.CopyAgentFilesTask.copyAgentJarFiles(CopyAgentFilesTask.java:74)
at com.sun.identity.agents.tools.tomcat.v6.CopyAgentFilesTask.execute(CopyAgentFilesTask.java:56)
at com.sun.identity.install.tools.configurator.TaskRunner.executeTask(TaskRunner.java:105)
at com.sun.identity.install.tools.configurator.TaskRunner.runTasks(TaskRunner.java:72)
at com.sun.identity.install.tools.configurator.InstallDriver.install(InstallDriver.java:95)
at com.sun.identity.install.tools.configurator.InstallDriver.install(InstallDriver.java:40)
at com.sun.identity.install.tools.handler.InstallHandler.handleRequest(InstallHandler.java:63)
at com.sun.identity.install.tools.admin.AdminTool.dispatch(AdminTool.java:230)
at com.sun.identity.install.tools.admin.AdminTool.run(AdminTool.java:133)
at com.sun.identity.install.tools.launch.AdminToolLauncher.launchAdminTool(AdminToolLauncher.java:201)
at com.sun.identity.install.tools.launch.AdminToolLauncher.main(AdminToolLauncher.java:313)
[04/25/2013 14:58:58:258 IST] CopyAgentFilesTask.copyAgentJarFiles() - Error occured while copying jar files from /EBS/openAM/tomcat_v6_agent_3.1.0-Xpress/j2ee_agents/tomcat_v6_agent/lib to /EBS/TomCat/apache-tomcat-7.0.33/lib: /EBS/TomCat/apache-tomcat-7.0.33/lib/agent.jar (Permission denied)
I tried to do this do this installation through root also but i got the same error.
Please help me to resolve this.
Thanks & regards,
Karthick

Hi,
I got the below error in log files:
[04/26/2013 11:02:48:828 IST] LayoutHandlerTask.execute() - Creating instance directory layout for 'Agent_001
[04/26/2013 11:02:48:828 IST] LayoutHandlerTask.createDir() - Creating Dir for: /EBS/openAM/tomcat_v6_agent_3.1.0-Xpress/j2ee_agents/tomcat_v6_agent/Agent_001
[04/26/2013 11:02:48:828 IST] LayoutHandlerTask.createDir() - Error Unable to create Dir for: /EBS/openAM/tomcat_v6_agent_3.1.0-Xpress/j2ee_agents/tomcat_v6_ag/Agent_001
[04/26/2013 11:02:48:828 IST] InstallHandler: Failed to process install request
[ProductInstallException Stack]com.sun.identity.install.tools.configurator.InstallException: Failed to create directory /EBS/openAM/tomcat_v6_agent_3.1.0-Xpress/j2ee_agents/tomcat_v6_agent/Agent_001.
at com.sun.identity.install.tools.configurator.CreateLayoutTask.createDir(CreateLayoutTask.java
:126)
at com.sun.identity.install.tools.configurator.CreateLayoutTask.execute(CreateLayoutTask.java:6
3)
at com.sun.identity.install.tools.configurator.TaskRunner.executeTask(TaskRunner.java:105)
at com.sun.identity.install.tools.configurator.TaskRunner.runTasks(TaskRunner.java:72)
at com.sun.identity.install.tools.configurator.InstallDriver.install(InstallDriver.java:95)
at com.sun.identity.install.tools.configurator.InstallDriver.install(InstallDriver.java:40)
at com.sun.identity.install.tools.handler.InstallHandler.handleRequest(InstallHandler.java:63)
at com.sun.identity.install.tools.admin.AdminTool.dispatch(AdminTool.java:230)
at com.sun.identity.install.tools.admin.AdminTool.run(AdminTool.java:133)
at com.sun.identity.install.tools.launch.AdminToolLauncher.launchAdminTool(AdminToolLauncher.ja
va:201)
at com.sun.identity.install.tools.launch.AdminToolLauncher.main(AdminToolLauncher.java:313)
[04/26/2013 11:02:48:831 IST] Exiting with code: 0
Thanks,
Karthick

Building OpenSSO Policy Agent 2.2 for Apache 2.x

Hi,
I've been trying to build OpenSSO policy agent using sources from opensso_agentbranch22 on WINNT for Apache 2.0 web server. The reason I can't use the pre-build binary is because we are trying to customize the agent to integrate with another SSO app which sends us data. The compilation itself seems to work OK. But the libamapc2.dll (Apache module dll) created seems to be only 24-26k in size vs the 700k size in the binary distributed by Sun.
Apache fails to start when this agent is installed, saying that the dll is invalid. Am I missing something in my compilation and linking process? I'm using VS 6 for the cl and link, Ant and Cygwin.
Any input from the Sun OpenSSO gurus is greatly appreciated.

I can show a snapshot from the Depends tool that clearly shows that amsdk.dll is dynamically linked. It creates all sorts of issues with Apache 2.0 as it doesn't like the dynamic linking. Until I changed the Makefile in the am directory to use the static library, I could not get my libamapc2.dll to match the libamapc2.dll distributed by Sun. Even now there are issues with libnspr4 and msvcrt.dll. Apache crashes as soon as it loads the libamapc2.dll and the issue has been narrowed down to the strlen() method. This method is used for logging messages by the agent.
I wish Sun maintained a copy of the 3rd party libs they use to build the agent in their CVS instead of asking us to fetch those libraries from another website, in which case libraries may not correspond 1:1.

Policy Agent 3.0 for Tomcat - Cannot obtain Application SSO token

Hi
I am trying to configure Sun OpenSSO Enterprise Policy Agent 3.0 for Apache Tomcat Application Server 6.
After installing the Policy Agent, Tomcat is not starting.
The Error in the stack is :
=========
Jun 14, 2009 2:21:00 AM
org.apache.tomcat.util.digester.Digester startElement
SEVERE: Begin event threw error
java.lang.ExceptionInInitializerError
at
com.sun.identity.agents.arch.AgentConfiguration.bootStrapClientConfig
uration(AgentConfiguration.java:682)
Caused by:
com.sun.identity.security.AMSecurityPropertiesException:
AdminTokenAction: FATAL ERROR: Cannot obtain Application
SSO token.
Check AMConfig.properties for the following properties
com.sun.identity.agents.app.username
com.iplanet.am.service.password
at
com.sun.identity.security.AdminTokenAction.run(AdminTokenAction.java:
258)
=========
There is no AMConfig.properties file. The Agent uses "OpenSSOAgentBootstrap.properties".
Is there a workaround for this issue ?
Cheers.

Hi,
I have the same Problem, did you come up with a solution for it?
thanks
Matrius

Policy Agent 2.2 for Apache HTTP Server

hi,
I'm trying to configure Policy Agent 2.2 for apache http server.
The agent seems to be installed properly, in fact when I access the protected resource, I get the Access Manager login page.
Then I log into access manager, but I'm redirected to an error page.
Looking in log files I can see:
agent's "amAgent" log file:
Debug 10763:f8fe0 AuthService: HTTP Status = 200 (OK)
Debug 10763:f8fe0 AuthService: Http::Response::readAndParse(): No content length in response.
Debug 10763:f8fe0 ServiceEngine: Service::do_agent_auth_login(): Setting password callback.
Debug 10763:f8fe0 ServiceEngine: Service::do_agent_auth_login(): Setting name callback to 'apache2Agent'.
Debug 10763:f8fe0 AuthService: BaseService::sendRequest Cookie and Headers =Host: crmzone.company.icteam.it
               Cookie: JSESSIONID=193E5E1590C924A42B95A00A51DC0479;amlbcookie=01
Debug 10763:f8fe0 AuthService: BaseService::sendRequest Content-Length =Content-Length: 620
Debug 10763:f8fe0 AuthService: BaseService::sendRequest Header Suffix =Accept: text/xml
               Content-Type: text/xml; charset=UTF-8
Debug 10763:f8fe0 AuthService: HTTP Status = 200 (OK)
Debug 10763:f8fe0 AuthService: Http::Response::readAndParse(): No content length in response.
Error 10763:f8fe0 AuthService: AuthService::processLoginStatus() Exception message=[Application user ID is not valid.] errorCode='107' templateName=login_failed_template.jsp.
Error 10763:f8fe0 PolicyEngine: am_policy_evaluate: InternalException in AuthService::processLoginStatus() with error message:Exception message=[Application user ID is not valid.] errorCode='107' templateName=login_failed_template.jsp and code:3
Warning 10763:f8fe0 PolicyAgent: am_web_is_access_allowed()(http://10.0.0.31:80/SugarOS-Full-4.5.0f, GET) denying access: status = Access Manager authentication service failure
Debug 10763:f8fe0 PolicyAgent: am_web_is_access_allowed(): Successfully logged to remote server for GET action by user unknown user to resource http://10.0.0.31:80/SugarOS-Full-4.5.0f.
Info 10763:f8fe0 PolicyAgent: am_web_is_access_allowed()(http://10.0.0.31:80/SugarOS-Full-4.5.0f, GET) returning status: Access Manager authentication service failure.
Info 10763:f8fe0 PolicyAgent: process_request(): Access check for URL http://10.0.0.31/SugarOS-Full-4.5.0f returned Access Manager authentication service failure.
Debug 10763:f8fe0 PolicyAgent: process_request(): returning web result AM_WEB_RESULT_ERROR, data []
Debug 10763:f8fe0 PolicyAgent: am_web_process_request(): Rendering web result AM_WEB_RESULT_ERROR
Debug 10763:f8fe0 PolicyAgent: am_web_process_request(): render result function returned AM_SUCCESS.
Access Manager's "amAuthentication.error" log file:
"Login Failed|module_instance|Application" Application AUTHENTICATION-268 dc=opensso,dc=java,dc=net "Not Available" INFO apache2Agent 10.0.0.31 "cn=dsameuser,ou=DSAME Users,dc=opensso,dc=java,dc=net" CRMzone
I tried to change the name of the agent either in its AMAgent.properties or in Access Manager "Agents" configuration page.
I also used "crypt_util" to generate a new passoword, but nothing seems to happen.
Where should I look to get more info about this problem? Specific log file?
Is it due to wrong name/id/password of the agent? I really checked them many times...
Thanks
Fabio

I think the error message "Application user ID is not valid" is pretty self evident.
Log into the amconsole and go to the root realm/organization. Make sure the Agent profile exists and reset the password again to know value. If you created the agent profile in a sub realm/organization, you will need to make sure the subrealm/organization is set in the AMAgent.properties since the default value is / for the root realm/organization. Update the AMAgent.properties file will the Agent ID and the password generated by the crypt_it tool (com.sun.am.policy.am.username, com.sun.am.policy.am.password)
If that doesn't work, check the amApplication debug log and then look at the ldap server access logs to see why the auth bind failed.

Policy Agent 2.2 with Tomcat connector (isapi_redirect.dll)?

Dear All,
We have installed Policy agent 2.2 for IIS6 to enable SSO with SUN Access Manager 7.1. Policy agent 2.2 was installed in IIS6 as wild card application mapping extension.
Our IIS6 also contains Apache tomcat connector (isapi_redirect.dll) as it needs to front JBOSS application server.
When we access protected resource Policy agent presents login screen. With the correct login details, policy agent authenticates successfully with SAM 7.1 and creates SSO token, which is good. But policyagent creates "goto" URL as /tomcat/isapi_redirect.dll rather than the original resource that user asked for as below?
2010-12-23 18:57:57.397 Info 3220:1e5b0d0 PolicyAgent: do_redirect(): redirect_header = Location: http://am-server.com:8080/amserver/login?goto=http%3A%2F%2Ftest-server%3A80%2Ftomcat%2Fisapi_redirect.dll
Any ideas on how to configure Policy agent for IIS6 when it has isapi_redirect.dll already installed on it.
Thanks,
Surya

Hello Surya
Did you find a solution for this issue? How did you solve it?
Thank you
Prashanth
Edited by: user8605028 on Jun 15, 2011 1:24 PM

Compiling/running Policy Agent 2.2 for Apache (Linux)

Hi,
I know that running the policy agent for Linux is not supported by Sun on other platforms than Red Hat Enterprise Linux, but anyway I'm qurious to see if others have looked into this.
I've done some testing on my Ubuntu Dapper Linux, using the precompiled version for Red Hat Enterprise, and I kind of made it work. Only problem: I have to start apache using "strace" to have it running. If I run /usr/sbin/apache2 I get "Segmentation Fault", but if I run "strace /usr/sbin/apache2" it runs... I'm able to create a core-dump, but to get something out of it I guess I have to compile the policy agent myself, so I've tried that as well.
To compile I've checked out the opensso package by CVS and installed libxml2-2.6.23, nss-3.11, nspr-4.6.1 and apache-2.0.59, sort of like what it says in the Readme for compiling under Red Hat Enterprise Linux. Result from running "make BUILD_DEBUG=optimize BUILD_AGENT=apache" is:
hash_table.h: In member function �typename smi::HashTable<Element>::EntryType smi::HashTable<Element>::findEntry(const std::string&)�:
hash_table.h:319: error: expected �;� before �__null�
hash_table.h:319: warning: statement has no effect
The test with the precompiled version was done on Ubuntu Dapper Linux using the standard apache 2.0.55 package that comes with Ubuntu. As I said: I've managed to get it running (doing SSO login through Federation Manager running on the same machine, with Access Manager running on another Solaris server) but I would prefer to have a setup that doesn't involve using "strace" to have apache whith the policy agent module running... Anyone else done something like this?
In the end I guess I would like to have some kind of release of the policy agent that doesn't have to be packaged as RPMs just for Red Hat Enterprise servers. It doesn't have to be flagged as "supported by Sun" but more like "you're on your own this release". ;-) That goes for the Federation Manager as well. I've managed to have the FM running on Ubuntu Dapper as well, so I know it's possible...
- Anders

The notes in this thread date from about October of 2006.
Does anyone know why current versions of the gcc compiler refuse to compile the statement that leads to the reported error?
The statement that is failing is:
if (entry && entry->getExpirationTime() < PR_Now()) {
return (HashTable<Element>::EntryType)NULL;with the error
[exec] hash_table.h:320: error: expected �;� before �__null�Is this a problem with the compiler or with the definition of the NULL macro?

Problem Installing Policy Agent 2.2 on Apache 2.2.3

Hi all,
I'm trying to configure policy agent 2.2 on apache 2.2.3 on linux platform CentOS (red hat 5.1).
The configuration and the installation seem to work properly, in effect in the log file install.log you can find :
[06/10/2008 16:38:49:865 CEST] Creating directory layout and configuring Agent file for Agent_001 instance ...SUCCESSFUL.
[06/10/2008 16:38:49:936 CEST] Reading data from file /opt/web_agents/apache22_agent/passwordFile and encrypting it ...SUCCESSFUL.
[06/10/2008 16:38:49:937 CEST] Generating audit log file name ...SUCCESSFUL.
[06/10/2008 16:38:50:022 CEST] Creating tag swapped AMAgent.properties file for instance Agent_001 ...SUCCESSFUL.
[06/10/2008 16:38:50:026 CEST] Creating a backup for file /etc/httpd/conf/httpd.conf ...SUCCESSFUL.
[06/10/2008 16:38:50:031 CEST] Adding Agent parameters to /opt/web_agents/apache22_agent/Agent_001/config/dsame.conf file ...SUCCESSFUL.
[06/10/2008 16:38:50:032 CEST] Adding Agent parameters to /etc/httpd/conf/httpd.conf file ...SUCCESSFUL.
But, when I try to restart Apache it gives me an error and in the error.log file in Apache you can read:
[Tue Jun 10 16:57:33 2008] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Tue Jun 10 16:57:34 2008] [notice] Digest: generating secret for digest authentication ...
[Tue Jun 10 16:57:34 2008] [notice] Digest: done
[Tue Jun 10 16:57:34 2008] [alert] Policy web agent configuration failed: NSPR error
Configuration Failed
Well, I found in the Sun documentation a well known bug about the NSPR and NSS library :
Error message issued during installation of Policy Agent 2.2 on Linux systems
When the Linux operating system is installed, specific components can be selected. Occasionally the specific components of the operating system selected lack the libraries necessary for Policy Agent 2.2 to function. When the complete Linux operating system is installed, all the required libraries are available. The libraries that are required for the agent to function are as follows: NSPR, NSS, and libxml2.
Workaround: If the Linux operating system you are using is not complete, install the latest versions of these libraries as described in the steps that follow:
At the time this note was added, the latest version of the NSPR library packages was NSPR 4.6.x , while the latest version of the NSS library package was NSS 3.11.x.
To Install Missing Libraries for Policy Agent 2.2 on Linux Systems
*+
Install the NSS, and libxml2 libraries. These libraries are usually available as part of Linux installation media. NSPR and NSS are available as part of Mozilla binaries/development packages. You can also check the following sites:
o
NSPR: http://www.mozilla.org/projects/nspr/
o
NSS: http://www.mozilla.org/projects/security/pki/nss/
So, I checked my libraries but they are upgraded to the latest version.
If I comment the line that includes the libamapc22.so in the apache configuration file
LoadModule dsame_module /opt/web_agents/apache22_agent/lib/libamapc22.so
Apache can restart but the agent is misconfigurated!
Any Idea?

thank you Subhodeep for your reply,
I didn't try to change the library file and I didn't find in licterature any information about library file changing in the Policy agent installation. Please, could you suggest me something more about which library to use instead of libamapc22.so?
ps. I am using red hat 5.1, and from the release note of the policy agent seems that the latest platform version supported is red hat enterprise linux 4.0 versions.....
this one could definitely be the reason of the misconfiguration.

Eclipse and Tomcat Policy Agent

I have installed the Tomcat Policy Agent using the agentadmin script under Windows. If I run Tomcat normally using the start.bat script, everything is fine. However, if I run Tomcat through Eclipse's Server configuration, there is a problem fining the AMAgentFilter class.
How do I set up the classpath for Tomcat in Eclipse to work with the Policy Agent?
Thanks.

How can i compile aspectJ (*.aj) files in WSAD 5.1.1 powered by Eclipse 2.1.3. I amn't getting AJDT (AspectJ development tool) plugin for Eclipse 2.1.3. I am only getting AJDT plugins for eclipse 3.x onwards.
Note: Above devolpement kit (WSAD 5.1.1) is a constraint.
Can i upgrade the my eclipse version in WSAD 5.1.1.

Policy Agent Install - Tomcat problems

Hello,
After trying to install policy agent on many different OS with no success, I had to finally ask here:
I followed the instructions and did the following on Debian, Fedora, and Win server 2003:
1.downloaded the policy agent for tomcat
2.stopped tomcat
3.decompressed the j2ee agents folder to the root of the system,
4 run the agentadmin -install
5. put the agentapp folder in the webapps directory
6. started tomcat...
get the same error on three OS about it not finding AMRealm,
I found someone pointing out that setagentclasspath could fix this,
but I see all the classpaths there, so I went I start moving some classes to the tomcat/lib dir
then the AMRealm error went away but many others came in.
What I'm doing wrong !!

I'm having the same problem with windows 2003 server Enterprise Edition. (installer complains about web server instance directory, is not 6.0 or 6.1...)
You said that "Policy Agent 2.1 does *NOT* work with MS Windows 2003 Server Enterprise edition". But does Policy Agent 2.2 work with Windows 2003 Server Enterprise edition?
Thanks for your help!!!

Web Policy Agent 2.1 for Apache 1.3.27 with Identity Server 6.1

Web Policy Agent 2.1 for Apache 1.3.27 with Identity Server 6.1
Does anybody has a working combination of the above ? I get a ID login page and after that I always get a access denied page. I get this exception on the agent logs:
2004-10-14 16:28:00.917 Warning 6347:c1818 PolicyAgent: in get_cookie: no cooki
e in ap_table
2004-10-14 16:28:01.895 Warning 6359:c1818 PolicyAgent: Invalid URL for propert
y (com.sun.am.policy.agents.accessDeniedURL) specified
2004-10-14 16:28:56.742 Warning 6349:c1818 PolicyAgent: am_web_is_access_allowe
d(http://xx.xx.xx.net:8080/, GET) denying access: status = access de
nied (20)
2004-10-14 16:28:56.743 128 6349:c1818 RemoteLog: User testuser1 was denie
d access to http://xx.xx.xx.net:8080/.
2004-10-14 16:28:56.831 -1 6349:c1818 PolicyAgent: URL Access Agent: acces
s denied to testuser1
We can ignore Invalid URL property part because its just looking for a custom url in place there. I have cookies enabled in my browser. I even turned on the prompt option. No luck yet.
Any suggestions would be of great help.
Thanks,
Sunil.

From your description, since the agent installs file with a different JRE, I would suspect it has something to do with the availability of JCE provider in the first JRE. By default, WebSphere's JRE is equipped with IBM JCE provider which is what the agent uses to encrypt the necessary
information. If this provider is not configured correctly it could result in the error that you are seeing. Please check the WebSphere installation and make sure that the JRE used by it has the necessary IBM JCE provider configured. The java.security file for this should contain something like:
security.provider.1=sun.security.provider.Sun
security.provider.2=com.ibm.crypto.provider.IBMJCE
security.provider.3=com.ibm.jsse.IBMJSSEProvider
security.provider.4=com.ibm.security.cert.IBMCertPath
security.provider.5=com.ibm.crypto.pkcs11.provider.IBMPKCS11
Also, make sure that when you are installing the agent you specify the Java Home as prompted by the agent to point to the location where this JRE is installed. Typically this is under WebSphere/AppServer/java directory. HTH, Jerry

Apache Policy Agent : Broken Installer?

We downloaded the apache policy agent from:
http://www.sun.com/download/products.xml?id=43696d80
When we ran the installer the localization resources (for the buttons and other UI elements (including the licence)) were missing. The installer failed when it could not find 'SUNWamcom.zip' (the output on the console shows this).
Has anyone got a link for a working version on apache?

In my initial post I forgot to mention the platform. We are deploying Sun JES on Windows 2000.
Also to clarify, the localization resources I am mentioning are the localization resources for the installer itself. For example the button names show as:
Agentapache-Resources: Close-Button
Agentapache-Resources: Help-Button
Instead of 'help' or 'close'.
The output on the console points to a missing resource bundle:
However, it isnt clear if the install failure is related to the resources (the problem seem to be the missing SUNWamcom.zip file).
-------------------[ output snipet ]---------------------------
Extracting and invoking the installer. Please wait...
java.util.MissingResourceException: Can't find bundle for base name AgentResources, locale en_US
com.iplanet.install.util.wbResource::getString: resource string "AgentapacheResources:installProgressLabelPrefix" not found
com.iplanet.install.util.wbResource::getString: resource string "AgentapacheResources:uninstallProgressLabelPrefix" not found
com.iplanet.install.util.wbResource::getString: resource string "AgentapacheResources:Installer-Title-Text" not found
java.util.MissingResourceException: Can't find bundle for base name AgentResources, locale en_US
com.iplanet.install.util.wbResource::getString: resource string "AgentapacheResources:welcomePanel-Gui-HeaderText" not found
-------[ details from install ]--------------
Installing Sun Java(tm) System Access Manager Policy Agent
Log file: C:\Documents and Settings\administrator\Local Settings\Temp\Sun_Java_tm__System_Access_Manager_Policy_Agent_ins
tall.B06051149
Uninstaller with no supporting registry information found. Overwriting existing uninstaller
Installed: c:\Sun\Access_Manager\Agents\2.2\uninstall_Sun_Java_tm__System_Access_Manager_Policy_Agent.class
Uninstaller is at: c:\Sun\Access_Manager\Agents\2.2\uninstall_Sun_Java_tm__System_Access_Manager_Policy_Agent.class
AgentapacheResources:installProgressLabelPrefixAgent Common Core and SDK
Installed:C:\Sun\Access_Manager\Agents\2.2\.\AgentResources.properties
Installed:C:\Sun\Access_Manager\Agents\2.2\.\LICENSE.txt
Uninstalling C:\Sun\Access_Manager\Agents\2.2\.\bin
Uninstalling C:\Sun\Access_Manager\Agents\2.2\.\bin\amsdk.dll
Product Install Failed: java.io.FileNotFoundException: SUNWamcom.zip (The system cannot find the file specified)
AgentapacheResources:summaryPanel-More-Information:
AgentapacheResources:summaryPanel-Log-File-Location-Notice
-----------------------------------------

Policy agent 2.1 for apache 1.3.27 reinstallation problem

hi
i've uninstalled Apache_1.3.27_agent_2.1_sparc-sun-solaris2.8 policy agent [Java(TM) 2 Runtime Environment, Standard Edition (build 1.4.2_04-b05)] to reinstall it from scratch.
during the reinstallation i've the problem listed below. i did remove all remaining parts of agent but doesn't work.
Any idea ?
Thanks
Installing Sun ONE Identity Server Policy Agent
Listener:com.iplanet.am.installer.listeners.ApacheInstallListener@1372656 threw exception during "installFinishing" method while listening to SUNWamapc install directory=[DETERMINED AT RUNTIME]:java.lang.reflect.InvocationTargetException
Target Exception trace:
java.lang.RuntimeException: error executing ///bin/config at com.iplanet.am.installer.listeners.InstallListenerBase.executeCommand(InstallListenerBase.java:829) at com.iplanet.am.installer.listeners.InstallListenerBase.configureSolarisWebAgent(InstallListenerBase.java:294) at com.iplanet.am.installer.listeners.InstallListenerBase.installFinishing(InstallListenerBase.java:150) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:324)
at com.sun.install.products.Product.processEvents(Product.java:753) at com.sun.install.products.Product.processEvents(Product.java:787) at com.sun.install.products.Product.processEvents(Product.java:787) at com.sun.install.products.Product.performInstallation(Product.java:643) at com.sun.install.tasks.ProductTask.perform(ProductTask.java:191) at com.sun.wizards.core.Sequence.perform(Sequence.java:336) at com.sun.wizards.core.SequenceManager.run(SequenceManager.java:226) at java.lang.Thread.run(Thread.java:534)

I had the same problem because of a missconfiguration in AMAgent.properties. I changed manually all URLs to the Identity Server from http to https and found out the port number has definitly to be specified (bad URL parsing of Policy Agent). You should check your configuration...
HTH
J�rgen

Policy agent fot apache tomcat opensso

Similar Messages

Maybe you are looking for