Policy Agent Install - Tomcat problems

Similar Messages

• Need asssitance on openSSO/Access Manager-policy agent on tomcat 5.5

  I'm asking here because there is no help from openSSO forum.
  I know that openSSO is quite the same with java access manager,
  so I assume that openSSO is identical to java access manager.
  I'm very much new to the policy agent and I've tried to test it for my own web application, but it doesn't seems to work.
  Here is my situation :
  I'm using 2 servers:
  1. server using windows XP, installed with tomcat 5.5 and opensso inside (acts as openSSO server).
  I set the IP to be 192.168.0.3 and tomcat web server will be listening on port 8080
  2. server using windows XP, installed with tomcat 5.5 and my web application inside, and the policy agent.
  I set the IP to be 192.168.0.1 and tomcat web server will be listening on port 7070
  my web application is named "akademis" and I can acess it with the usual method on address http://192.168.0.1:7070/akademis.
  I install the policy agent on global web.xml of tomcat configuration and I don't change anything on web.xml of my application.
  when I tried to acess the http://192.168.0.1:7070/akademis , I wa redirected to openSSO login page correctly and I entered username and password(username:amadmin). I passed the login page and being redirected to the page that I wanted, but it doesn't do correctly cause I got a HTTP message of 403 (forbidden).
  I got some clue in the policy agent logs :
  a. the amFilter log
  09/30/2006 01:08:25:890 PM ICT: Thread[http-7070-Processor25,5,main]
  09/30/2006 01:09:14:515 PM ICT: Thread[http-7070-Processor25,5,main]
  ERROR: URLFailoverHelper: No URL is available at this time
  09/30/2006 01:09:14:515 PM ICT: Thread[http-7070-Processor25,5,main]
  ERROR: AmFilter: Error while delegating to inbound handler: SSO Task Handler, access will be denied
  [AgentException Stack]
  com.sun.identity.agents.arch.AgentException: No URL is available at this time
  at com.sun.identity.agents.common.URLFailoverHelper.getAvailableURL(URLFailoverHelper.java:133)
  at com.sun.identity.agents.filter.AmFilterRequestContext.getLoginURL(AmFilterRequestContext.java:748)
  at com.sun.identity.agents.filter.AmFilterRequestContext.getAuthRedirectURL(AmFilterRequestContext.java:285)
  at com.sun.identity.agents.filter.AmFilterRequestContext.getAuthRedirectURL(AmFilterRequestContext.java:258)
  at com.sun.identity.agents.filter.AmFilterRequestContext.getAuthRedirectResult(AmFilterRequestContext.java:363)
  at com.sun.identity.agents.filter.AmFilterRequestContext.getAuthRedirectResult(AmFilterRequestContext.java:345)
  at com.sun.identity.agents.filter.SSOTaskHandler.doSSOLogin(SSOTaskHandler.java:210)
  at com.sun.identity.agents.filter.SSOTaskHandler.process(SSOTaskHandler.java:98)
  at com.sun.identity.agents.filter.AmFilter.processTaskHandlers(AmFilter.java:185)
  at com.sun.identity.agents.filter.AmFilter.isAccessAllowed(AmFilter.java:152)
  at com.sun.identity.agents.filter.AmAgentBaseFilter.doFilter(AmAgentBaseFilter.java:38)
  at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202)
  at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
  at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213)
  at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:178)
  at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126)
  at org.apache.catalina.cluster.tcp.ReplicationValve.invoke(ReplicationValve.java:346)
  at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105)
  at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107)
  at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148)
  at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:869)
  at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:664)
  at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:527)
  at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:80)
  at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:684)
  at java.lang.Thread.run(Thread.java:595)
  b. the amLog
  09/30/2006 01:08:09:921 PM ICT: Thread[main,5,main]
  09/30/2006 01:08:10:078 PM ICT: Thread[main,5,main]
  ERROR: RemoteHandler.getLogHostURL(): 'null' is malformed. null
  I think the reson that I failed is not in the openSSO/java access manager, because I get passed the login page, and also in the amFilter log of the policy agent I see an error of "No URL is available at this time" .
  Is there anyone can help me on this problem ? I'll be very glad if somebody can help me.
  thanks

  Please try the fix as suggested in the following and let us know the results.
  http://support.microsoft.com/default.aspx?scid=kb;EN-US;196271
  http://forum.java.sun.com/thread.jspa?threadID=346820&messageID=1436761
  Thanks,
  Subba

• No ?goto= after Policy agent install. Need help urgently....

  Hi all,
  We have installed the Policy Agent successfully on a particular web server instance. But when we try to access the web server instance root
  i.e.
  https://abc.def.com
  1) We are not presented with the access manager login page.
  2) When we type the url https://abc.def.com/search i.e the default search application, we are presented with the Access Manager login page but, the URL in the Browser does not have the "?goto=https://abc.def.com "
  i.e. it does not look like
  http://accessmanagerUrl.ghi.com?goto=https://abc.def.com
  Our setup is as follows
  Policy agent domain: abc.def.com
  Access Manager domain: zyx.wvu.com
  Our webserver isntance is configured for SSL while the Access Manager is not on SSL.
  Can anyone help with this issue? Has something like this been reported on this forum before?

  which policy agent are you using? Can you turn debugging on the agent?

• Load balancers with web servers & policy agents

  I have a pair of host machines, hostA and hostB, running multiple web server instances, portalA, portalB, contentA, contentB, serviceA, serviceB, etc.
  The two hosts, hostA and hostB, are sitting behind load balancers. ServiceA and serviceB must be protected by login and I have a policy agent installed on hostA and hostB for these two instances.
  The load balancers respond to https://service/* and forward requests to http://serviceA:3456/* or http://serviceB:3456/* depending on the host selected by round-robin.
  I've been told that serviceA and serviceB cannot be running on the default 443 port (although we could enable SSL if we wanted) in order to work nicely with the other web server instances that are behind the load balancers.
  The problem is that the policy agent knows that it is running as http://serviceA:3456/.
  The user makes a request to the load balancers for:
  https://service/protected.html
  The load balancer passes the request to:
  http://serviceA:3456/protected.html
  The agent sends a redirect to login which sends the user to:
  http://service:3456/protected.html
  This final URL is not available through the load balancers and it's obviously not the public URL.
  I have fqdnDefault set to 'service.x.x' so the URL is rewritten to that extent. Is there a way to tell the agent that the port it's running on is not the public port (ie. that it's behind a NAT device)? Is there a way to tell the agent that it's should actually redirect to https and not http?

  Hi,
  CQ authoring does not leverage server side sessions, therefor you'll never loose data because of this.
  But: As the cluster has a small delay on synchronisation, it could be, that on a write and subsequent read you'll get the old content, if you don't have sticky sessions (because both requests are not processed by the same server). Therefor I advise you to use sticky sessions in front of a CQ authoring cluster.
  Jörg

• ID Server and Policy Agent for AS .. is secure?

  Hello there,
  I have a question. Quite critical question, concerning iPlanetDirectoryPro cookie. If I've got it right, this cookie contains SSO Token. And the SSO token can be used with identity server to obtain any SSO assetion. I've experimentaly confirmed this.
  Now, can anyone tell me why this cookie is sent to any host in my domain? The default after instalation is "bgs.sk". This default value enables any host in my domain to impersonate me. Well, I still can change this, but it is now good to have insecure default values anyway, is it?
  Second, and more critical problem: I have Policy Agent installed on my Application Server. It looks like the agent requires access to the iPlanetDirectoryPro cookie to work correctly. But, if my application server has my SSO token, it can impersonate me anywhere. Not a good situation at all. That would mean security hole as big as hangar doors.
  Are my assumptions correct? Am I overlooking something?
  (All valid for ID server 6.0 and Liberty protocols)
  Thanks for any help.

  Although Sun promote Identity Server by emphasizing its Liberty/SAML feature, the product itself use a proprietary protocol for SSO and CDSSO.
  As all we know, this product could be totally useless without Sun's Policy/J2EE Agent deployed. But ironically these agents communicate with Identity Server in its own way, nothing to do with SAML, XACML, or even SOAP.
  The agent approach is usually not a good idea. We saw more and more problem raised from fields related to agent stability and scalability. We never see any performance benchmark data from Sun. Since the communication between agt and Identity Server are proprietary, no ISV can make agent for this product. You have to wait for Sun for agent support if you have new system not on the support matrix.
  In addition to agent, another big issue of Identity Server is its complex DIT structure. In fact, we prefer to have RDBMS as Identity Server's repository. Sun abuse ldap just because this company doesn't have any database product but still want to provide a pure Sun platform (JES) to customer. So they compromise the architecture for business reason, I'd like to tell you, I don't like the way Identity Server store data in DIT, I don't like the console UI (its for technical geek), and on one in our company dare to do any configuration change.
  Now Sun put Identity Server as the core of its JES product stack. If you have time to take a look at how the SJS Portal use Identity Server and how SSO between Portal channel and Email/Calendar Server are achieved, you'll find that you just buy a "framework" (I mean Identity server), not a product, because you have to do every integration work by intensively coding.
  I predict that Identity Server will be significantly rearchitctured in the near future, otherwise we don't see any benefit this product can bring to me. It is a headache for deployment as well as maintenance. If you just need Single Sign-On, there are lots alternative to achieve, Sun's Identity Server is really overkill. It's authentication feature is ok, but authorization feature (policy, role) is very limited. If you have lots of Windows/IIS web app need to do SSO with Identity Server, god bless you... you better have a sharp programmer to wrap up the C API so as your ASP programmer can leverage Identity Server SDK, and you got to pray for IIS agent behave well. In addition, don't forget to learn more about JATO if you want to do some fancy customization on the default login page.

• Reverse Proxy + Policy Agent generates unwanted Basic Authentication

  We have a policy agent installed on the SJWS 7.0u1. It's configured as a reverse proxy to a server running on another port on the same machine as the web server. The policy agent catches the request and redirects to the access manager, which authenticates fine. The access manager then redirects back to the web server, which then issues presents the basic authentication dialog. (We did not configure it for basic authentication).
  In a previous post I was directed to check my DNS entries. Both servers can resolve each other without problem. I can type nslookup server.practicegreenhealth.org, nslookup server (these are the web server addresses) and they both resolve to the correct ip. I can type nslookup access.practicegreenhealth.org and nslookup access and they both resolve to the correct IP.
  I had the application deployed as a JRuby application within the SJWS's servlet container and the setup worked fine. I switched back to using SJWS as a reverse proxy to application running as its own instance and am now presented with the basic auth dialog. I can hit the application fine both from the box it's running on and if I disable the policy agent. It's just the combination of the reverse proxy configuration + the policy agent that doesn't seem to work.
  Edited by: phoehne on Jun 23, 2008 12:40 PM

  what does the server error log say ? you might want to increase the log level to finest (config/server.xml change info to finest) and restart and look at the server error logs. this could provide us some insight on what is happening. most likely some config parameters in obj.conf need to be fine tuned.

• Policy Agent URL_POLICY

  hi all
  I have a Policy Agent installed on an App Server 7.
  The policy operation mode is set to ALL, so that I need to define the permissions in the J2EE policies(deployment descriptors) and also in the Identity Server (URL permissions). My J2EE policies work just fine.
  The questions is:
  How do I define the permissions in the Identity Server so that a Role or User can have acess to an application?? In order to have both J2EE and URL policies working together.
  Thanks a lot ! :)

  hi all
  I have a Policy Agent installed on an App Server 7.
  The policy operation mode is set to ALL, so that I need to define the permissions in the J2EE policies(deployment descriptors) and also in the Identity Server (URL permissions). My J2EE policies work just fine.
  The questions is:
  How do I define the permissions in the Identity Server so that a Role or User can have acess to an application?? In order to have both J2EE and URL policies working together.
  Thanks a lot ! :)

• Setup-Problem while installing AM Policy Agent 2.1 on Solaris 10

  I'm new with AccessManager and try to get it working on Solaris 10 on a Sparc.
  I'm using LDAP-Server, WEB-Server 6.1 and AccessManager from the software-paket: "Sun Java System Access Manager 6 2005Q1" .
  While trying to install policy-agents on the Sparc (by starting setup program), I've got the message: "The installer ist intended for Solaris Operating System only".
  The agent-software I'm trying to install is "Access Manager Policy Agent 2.1 for Sun Java System Web Server 6.1" From there I choosed "Solaris SPARC 8".
  (so I've got the paket "S1WebServer_6[1].1_agent_2.1_sparc-sun-solaris2.8.tar.gz").
  In my opinion, it must be correct. Ist there anything i'done wronge?
  thanks, Paul

  Even when there is no agent available for Solaris 10 now:
  If you don't have any doubt to use an unsupported configuration, at
  least the apache agent is installable.
  You have to extract the packages "SUNWamapc" and "SUNWcom"
  from the tar-archive and install it using pkgadd.
  Then, you have to configure it manually ("include" in "httpd.conf",
  "AMAgent.properties").
  Maybe, it is possible to do something similiar with the agent for
  SUN webserver.
  Be aware that noone will guarantee that such unsupported
  installations won't raise any problems.
  Juergen

• Error while Installing Apache Tomcat policy agent in openAM

  Hi,
  I trying to install Apache Tomcat Policy agent in Linux environment but I am getting the following error after i provided all the details.
  Updating the /EBS/TomCat/apache-tomcat-7.0.33/bin/setenv.sh script
  with the Agent configuration JVM option ...DONE.
  FAILED.
  In Agentlog file, i have received the error like below:
  Note: I am installing it as "oracle" user not as root.
  -r-------- 1 oracle oracle 9583 Apr 25 14:55 Agent.log
  [04/25/2013 14:58:58:256 IST] FileUtils.copyJarFile(): Error occurred while copying jar file: /EBS/openAM/tomcat_v6_agent_3.1.0-Xpress/j2ee_agents/tomcat_v6_agent/lib/agent.jar to: /EBS/TomCat/apache-tomcat-7.0.33/lib/agent.jar
  java.io.FileNotFoundException: /EBS/TomCat/apache-tomcat-7.0.33/lib/agent.jar (Permission denied)
  at java.io.FileOutputStream.open(Native Method)
  at java.io.FileOutputStream.<init>(FileOutputStream.java:194)
  at java.io.FileOutputStream.<init>(FileOutputStream.java:84)
  at com.sun.identity.install.tools.util.FileUtils.copyJarFile(FileUtils.java:131)
  at com.sun.identity.agents.tools.tomcat.v6.CopyAgentFilesTask.copyAgentJarFiles(CopyAgentFilesTask.java:74)
  at com.sun.identity.agents.tools.tomcat.v6.CopyAgentFilesTask.execute(CopyAgentFilesTask.java:56)
  at com.sun.identity.install.tools.configurator.TaskRunner.executeTask(TaskRunner.java:105)
  at com.sun.identity.install.tools.configurator.TaskRunner.runTasks(TaskRunner.java:72)
  at com.sun.identity.install.tools.configurator.InstallDriver.install(InstallDriver.java:95)
  at com.sun.identity.install.tools.configurator.InstallDriver.install(InstallDriver.java:40)
  at com.sun.identity.install.tools.handler.InstallHandler.handleRequest(InstallHandler.java:63)
  at com.sun.identity.install.tools.admin.AdminTool.dispatch(AdminTool.java:230)
  at com.sun.identity.install.tools.admin.AdminTool.run(AdminTool.java:133)
  at com.sun.identity.install.tools.launch.AdminToolLauncher.launchAdminTool(AdminToolLauncher.java:201)
  at com.sun.identity.install.tools.launch.AdminToolLauncher.main(AdminToolLauncher.java:313)
  [04/25/2013 14:58:58:258 IST] CopyAgentFilesTask.copyAgentJarFiles() - Error occured while copying jar files from /EBS/openAM/tomcat_v6_agent_3.1.0-Xpress/j2ee_agents/tomcat_v6_agent/lib to /EBS/TomCat/apache-tomcat-7.0.33/lib: /EBS/TomCat/apache-tomcat-7.0.33/lib/agent.jar (Permission denied)
  I tried to do this do this installation through root also but i got the same error.
  Please help me to resolve this.
  Thanks & regards,
  Karthick

  Hi,
  I got the below error in log files:
  [04/26/2013 11:02:48:828 IST] LayoutHandlerTask.execute() - Creating instance directory layout for 'Agent_001
  [04/26/2013 11:02:48:828 IST] LayoutHandlerTask.createDir() - Creating Dir for: /EBS/openAM/tomcat_v6_agent_3.1.0-Xpress/j2ee_agents/tomcat_v6_agent/Agent_001
  [04/26/2013 11:02:48:828 IST] LayoutHandlerTask.createDir() - Error Unable to create Dir for: /EBS/openAM/tomcat_v6_agent_3.1.0-Xpress/j2ee_agents/tomcat_v6_ag/Agent_001
  [04/26/2013 11:02:48:828 IST] InstallHandler: Failed to process install request
  [ProductInstallException Stack]com.sun.identity.install.tools.configurator.InstallException: Failed to create directory /EBS/openAM/tomcat_v6_agent_3.1.0-Xpress/j2ee_agents/tomcat_v6_agent/Agent_001.
  at com.sun.identity.install.tools.configurator.CreateLayoutTask.createDir(CreateLayoutTask.java
  :126)
  at com.sun.identity.install.tools.configurator.CreateLayoutTask.execute(CreateLayoutTask.java:6
  3)
  at com.sun.identity.install.tools.configurator.TaskRunner.executeTask(TaskRunner.java:105)
  at com.sun.identity.install.tools.configurator.TaskRunner.runTasks(TaskRunner.java:72)
  at com.sun.identity.install.tools.configurator.InstallDriver.install(InstallDriver.java:95)
  at com.sun.identity.install.tools.configurator.InstallDriver.install(InstallDriver.java:40)
  at com.sun.identity.install.tools.handler.InstallHandler.handleRequest(InstallHandler.java:63)
  at com.sun.identity.install.tools.admin.AdminTool.dispatch(AdminTool.java:230)
  at com.sun.identity.install.tools.admin.AdminTool.run(AdminTool.java:133)
  at com.sun.identity.install.tools.launch.AdminToolLauncher.launchAdminTool(AdminToolLauncher.ja
  va:201)
  at com.sun.identity.install.tools.launch.AdminToolLauncher.main(AdminToolLauncher.java:313)
  [04/26/2013 11:02:48:831 IST] Exiting with code: 0
  Thanks,
  Karthick

• Problem Installing Policy Agent 2.2 on Apache 2.2.3

  Hi all,
  I'm trying to configure policy agent 2.2 on apache 2.2.3 on linux platform CentOS (red hat 5.1).
  The configuration and the installation seem to work properly, in effect in the log file install.log you can find :
  [06/10/2008 16:38:49:865 CEST] Creating directory layout and configuring Agent file for Agent_001 instance ...SUCCESSFUL.
  [06/10/2008 16:38:49:936 CEST] Reading data from file /opt/web_agents/apache22_agent/passwordFile and encrypting it ...SUCCESSFUL.
  [06/10/2008 16:38:49:937 CEST] Generating audit log file name ...SUCCESSFUL.
  [06/10/2008 16:38:50:022 CEST] Creating tag swapped AMAgent.properties file for instance Agent_001 ...SUCCESSFUL.
  [06/10/2008 16:38:50:026 CEST] Creating a backup for file /etc/httpd/conf/httpd.conf ...SUCCESSFUL.
  [06/10/2008 16:38:50:031 CEST] Adding Agent parameters to /opt/web_agents/apache22_agent/Agent_001/config/dsame.conf file ...SUCCESSFUL.
  [06/10/2008 16:38:50:032 CEST] Adding Agent parameters to /etc/httpd/conf/httpd.conf file ...SUCCESSFUL.
  But, when I try to restart Apache it gives me an error and in the error.log file in Apache you can read:
  [Tue Jun 10 16:57:33 2008] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
  [Tue Jun 10 16:57:34 2008] [notice] Digest: generating secret for digest authentication ...
  [Tue Jun 10 16:57:34 2008] [notice] Digest: done
  [Tue Jun 10 16:57:34 2008] [alert] Policy web agent configuration failed: NSPR error
  Configuration Failed
  Well, I found in the Sun documentation a well known bug about the NSPR and NSS library :
  Error message issued during installation of Policy Agent 2.2 on Linux systems
  When the Linux operating system is installed, specific components can be selected. Occasionally the specific components of the operating system selected lack the libraries necessary for Policy Agent 2.2 to function. When the complete Linux operating system is installed, all the required libraries are available. The libraries that are required for the agent to function are as follows: NSPR, NSS, and libxml2.
  Workaround: If the Linux operating system you are using is not complete, install the latest versions of these libraries as described in the steps that follow:
  At the time this note was added, the latest version of the NSPR library packages was NSPR 4.6.x , while the latest version of the NSS library package was NSS 3.11.x.
  To Install Missing Libraries for Policy Agent 2.2 on Linux Systems
  *+
  Install the NSS, and libxml2 libraries. These libraries are usually available as part of Linux installation media. NSPR and NSS are available as part of Mozilla binaries/development packages. You can also check the following sites:
  o
  NSPR: http://www.mozilla.org/projects/nspr/
  o
  NSS: http://www.mozilla.org/projects/security/pki/nss/
  So, I checked my libraries but they are upgraded to the latest version.
  If I comment the line that includes the libamapc22.so in the apache configuration file
  LoadModule dsame_module /opt/web_agents/apache22_agent/lib/libamapc22.so
  Apache can restart but the agent is misconfigurated!
  Any Idea?

  thank you Subhodeep for your reply,
  I didn't try to change the library file and I didn't find in licterature any information about library file changing in the Policy agent installation. Please, could you suggest me something more about which library to use instead of libamapc22.so?
  ps. I am using red hat 5.1, and from the release note of the policy agent seems that the latest platform version supported is red hat enterprise linux 4.0 versions.....
  this one could definitely be the reason of the misconfiguration.

• Policy Agent 3.0 for Tomcat - Cannot obtain Application SSO token

  Hi
  I am trying to configure Sun OpenSSO Enterprise Policy Agent 3.0 for Apache Tomcat Application Server 6.
  After installing the Policy Agent, Tomcat is not starting.
  The Error in the stack is :
  =========
  Jun 14, 2009 2:21:00 AM
  org.apache.tomcat.util.digester.Digester startElement
  SEVERE: Begin event threw error
  java.lang.ExceptionInInitializerError
  at
  com.sun.identity.agents.arch.AgentConfiguration.bootStrapClientConfig
  uration(AgentConfiguration.java:682)
  Caused by:
  com.sun.identity.security.AMSecurityPropertiesException:
  AdminTokenAction: FATAL ERROR: Cannot obtain Application
  SSO token.
  Check AMConfig.properties for the following properties
  com.sun.identity.agents.app.username
  com.iplanet.am.service.password
  at
  com.sun.identity.security.AdminTokenAction.run(AdminTokenAction.java:
  258)
  =========
  There is no AMConfig.properties file. The Agent uses "OpenSSOAgentBootstrap.properties".
  Is there a workaround for this issue ?
  Cheers.

  Hi,
  I have the same Problem, did you come up with a solution for it?
  thanks
  Matrius

• Eclipse and Tomcat Policy Agent

  I have installed the Tomcat Policy Agent using the agentadmin script under Windows. If I run Tomcat normally using the start.bat script, everything is fine. However, if I run Tomcat through Eclipse's Server configuration, there is a problem fining the AMAgentFilter class.
  How do I set up the classpath for Tomcat in Eclipse to work with the Policy Agent?
  Thanks.

  How can i compile aspectJ (*.aj) files in WSAD 5.1.1 powered by Eclipse 2.1.3. I amn't getting AJDT (AspectJ development tool) plugin for Eclipse 2.1.3. I am only getting AJDT plugins for eclipse 3.x onwards.
  Note: Above devolpement kit (WSAD 5.1.1) is a constraint.
  Can i upgrade the my eclipse version in WSAD 5.1.1.

• Unable to install policy agent 2.2 for Webserver 6.1 on Windows 2003

  Hi everybody,
  I've installed Java Enterprise Server (last version) on Windows 2003 with these components:
  - Directory Server
  - Access Manager
  - Webserver
  - Administration Server
  Everything works good, I can access all those components.
  Now I want to use Policy Agent 2.2. So I've downloaded it and I've tried to install...
  But during the installation process, an error message appear when I select the Web Server instance directory to protect.
  It says: "invalid web server instance - on windows, Access Manager Policy Agent only supports Web Server 6.0 and 6.1.....".
  The problem is that I work with WebServer 6.1....
  I really don't know what to do now... This message prevent me to go further.
  What's the problem? How can I avoid this?
  Thanks for your help!
  Adrien

  Okay, here's what it says:
  "The upgrade patch cannot be installed by the Windows Installer service because the program to be upgraded may be missing, ot the updgrade pathc may update a different version of the program. Verify that the program to be upgraded exists on your computer and that you have the correct update patch".
  I don't even know what program I'm supposed to have.
  Ideas, anyone?

• Problem: Protect Sun Web Proxy Server 4.0.5 with Policy Agent 2.2

  We are trying to protect the Sun Web proxy Server 4.0.5 with policy agent 2.2 on solaris 10 machine.
  We are using Access Manager 7.1 along with directory server 6.2
  We are trying to protect the web proxy console url http://domain.example.com with that policy agent so that when we hit web proxy console url
  it should through us access manager login page ie http://abc.com/amserver.
  How can we achieve this.What all changes required in the AMAgent.properties file.Please suggest.

  Hi subho,
  problem is fixed. i have unistalled the policy agent and reinstalled it again. the problem i found is we didnt stop the webproxy instance when installing policy agent. Thanks for the reply

• Policy Agent 2.2 with Tomcat connector (isapi_redirect.dll)?

  Dear All,
  We have installed Policy agent 2.2 for IIS6 to enable SSO with SUN Access Manager 7.1. Policy agent 2.2 was installed in IIS6 as wild card application mapping extension.
  Our IIS6 also contains Apache tomcat connector (isapi_redirect.dll) as it needs to front JBOSS application server.
  When we access protected resource Policy agent presents login screen. With the correct login details, policy agent authenticates successfully with SAM 7.1 and creates SSO token, which is good. But policyagent creates "goto" URL as /tomcat/isapi_redirect.dll rather than the original resource that user asked for as below?
  2010-12-23 18:57:57.397 Info 3220:1e5b0d0 PolicyAgent: do_redirect(): redirect_header = Location: http://am-server.com:8080/amserver/login?goto=http%3A%2F%2Ftest-server%3A80%2Ftomcat%2Fisapi_redirect.dll
  Any ideas on how to configure Policy agent for IIS6 when it has isapi_redirect.dll already installed on it.
  Thanks,
  Surya

  Hello Surya
  Did you find a solution for this issue? How did you solve it?
  Thank you
  Prashanth
  Edited by: user8605028 on Jun 15, 2011 1:24 PM