Reverse meaning of "notenforced" with policy agent 1.2

is it possible to reverse the meaning of the "notenforced" variable in the AMAgent.properties file for the policy agent 1.2?
I know this is possible with the 2.0 agent, but I need to use 1.2.
how else would one go about not protecting anything on a website except for specific resources. i would think that many websites prefer to be totally open and anonymous except for in a few places.
any suggestions are appreciated. cheers.

Hi,
It seems that your agent installation had some problems.
1)
I would sugest that you first check the installation logs:
Installation Logs : During installation, all the activity is stored in a special set of log files. Look inside j2ee_agents\appserver_v9_agent\logs\debug\Agent.log file (and also in j2ee_agents\appserver_v9_agent\logs\audit\ install.log file)to see all the activity that is logged druing installation. Check for any exceptions or unsuccessful installation messages.
Are there any problems in the installation log?
2) What app server version download are you using? Are you using the Java EE 5 SDK download bundle that has a bunch of things including GlassFish server, ESB, and also Access manager 7? If so, then this bundle can cause problems since it also includes (AM7.1)Access Manager 7.1 (the previous version of opensso) pre-installed which measn that each domain already is altered to include references to AM7.1 in its domain configuration files and this causes clashes when the agent is also instaled on these domains. If you are using this, then maybe first try a download of GlassFish that does not have all these things bundled and pre-installed.
hth,
Sean

Similar Messages

  • Problem: Protect Sun Web Proxy Server 4.0.5 with Policy Agent 2.2

    We are trying to protect the Sun Web proxy Server 4.0.5 with policy agent 2.2 on solaris 10 machine.
    We are using Access Manager 7.1 along with directory server 6.2
    We are trying to protect the web proxy console url http://domain.example.com with that policy agent so that when we hit web proxy console url
    it should through us access manager login page ie http://abc.com/amserver.
    How can we achieve this.What all changes required in the AMAgent.properties file.Please suggest.

    Hi subho,
    problem is fixed. i have unistalled the policy agent and reinstalled it again. the problem i found is we didnt stop the webproxy instance when installing policy agent. Thanks for the reply

  • Custom Authentication Issue with Policy Agent

    Hi,
    I have a custom authentication module which is hosted on the BEA application server and I am trying to access through the policy agent on apache.
    I have set the following property in AMAgent.properties file
    com.sun.am.policy.am.loginURL= http://host:port/amserver/UI/Login
    So When the user requests a protected resource, the policy agent forwards the user to Identity Server with the module as CustomLoginModule. However, after this, authentication is succeed, user sesion is being created and I get the following error message in the agent log file.
    2004-10-19 16:20:26.908 Error 27620:e1140 PolicyEngine: am_policy_evaluate: InternalException in Service::construct_auth_svc with error message:Application authentication failed during service creation. and code:3
    2004-10-19 16:20:26.908 128 27620:e1140 RemoteLog: User unknown was denied access to http://hostname:port/weblogic/protapp/protected/a.html.
    2004-10-19 16:20:26.908 Error 27620:e1140 LogService: LogService::logMessage() loggedBy SSOTokenID is invalid.
    2004-10-19 16:20:26.909 Error 27620:e1140 all: am_log_vlog() failed with status AM_REMOTE_LOG_FAILURE.
    2004-10-19 16:20:26.909 -1 27620:e1140 PolicyAgent: URL Access Agent: access denied to unknown user
    The necessary policy object is already created in Identity Server. Please send your suggestions to fix this problem.
    Thanks
    Neeraj

    Hi Neeraj,
    I still have not been able to resolve that issue. Let me know If you find a solution for the same.
    Thanks,
    Srinivas

  • Custom login page with Policy Agent 2.2 & Access Manager

    Hi,
    I’m trying to set up policy agent 2.2 and Access Manager to use the login page of the application I’m trying to secure. I’m not sure if this is the correct forum or not so feel free to move this if need be.
    I’ve been using this link: http://docs.sun.com/source/816-6884-10/chapter3.html#wp25376 but it doesn’t seem to make sense.
    In my AMAgent.properties file I’ve set up
    com.sun.identity.agents.config.login.form[0]=/contextRoot/login/login.jsp to my login page and I’ve also configured the web.xml for that application to use the login:
         <login-config>
              <auth-method>FORM</auth-method>
              <form-login-config>
                   <form-login-page>/login/login.jsp</form-login-page>
                   <form-error-page>/login/login.jsp</form-error-page>
              </form-login-config>          
         </login-config>
    When I try and access the login page I’m redirected to the default access manager login page. I did notice in the AMProperties.xml file the following line:
    com.sun.identity.agents.config.login.url[0] = http://amserverhost:80/amserver/UI/Login
    It seems like I should change that to point to my login page but I didn’t see any documentation supporting that. When I change that property to point to location of my login page, i get a redirect loop error.
    When I remove the com.sun.identity.agents.config.login.form[0] property all together, I just get a resource restricted error.
    Now when I configure the com.sun.identity.agents.config.login.form[0] property, set the config.login.url = to my login page AND set the com.sun.identity.agents.config.notenforced.uri[0] property equal to my login page (so the login page is no longer protected) I am able to see the login page
    Is unrestricting the login page correct? I’m able to access the login.jsp page directly and when I try and access protected resources I’m redirected back to the login page so everything seems to be working correctly but I’m not sure if this is the correct way.

    Hi Neeraj,
    I still have not been able to resolve that issue. Let me know If you find a solution for the same.
    Thanks,
    Srinivas

  • Possible to deploy Dist Auth in the same web container with Policy Agent?

    I have a client who has limited hardware resources and wants to deploy the distributed authentication UI in the same web container as the policy agent. Has anyone successfully done this?

    I'm sure it's possible just make sure the DAUI context (e.g. /distAuth) in the agent's configuration for the web server is in the not enforced list properties for the agent.
    However, it's so easy just to put an Apache HTTP server/tomcat and run daui, then setup another web server (Sun, Apache, etc.) with an agent or vice versa and you don't have to worry about the agent clobbering DAUI.

  • Protecting a REST web service with Policy Agent

    I have deployed a REST web service in Glassfish using Jersey Annotations. A UI in the same Glassfish instance is protected by a policy agent that forces users through a login page. I would like to protect the REST web service with BASIC Authentication using the same policy agent. Is this possible? Is there supporting documentation?

    Hi Daniel,
    When you publish a message through Rest, hope your Restful service will receive/process the posted message?
    So
    YourBizTalk -->(Post Message to)-->RestFulService
    From the error message, "the published message could not be routed because no subscribers were found.", it seems like the this Restful service is a
    wrapper (or service interface) for BizTalk at client end( where message has been posted thru Rest) and actual posted message is “processed” by BizTalk and the error "" is from BizTalk "after" Rest. This message says the message you posted
    through rest is not found subscription at their end.
    So
    YourBizTalk -->(Post Message to)-->RestFulService -->Clients'BizTalk.
    Here problem is at Clients'BizTalk as shown where the posted message to their BizTalk is not processed because no subscription has been found.
    If this answers your question please mark it accordingly. If this post is helpful, please vote as helpful by clicking the upward arrow mark next to my reply.

  • "Unable to load IAmWebPolicy" with Policy Agent 2.2 on Sun App Server 8.2

    I'm trying to install the Policy Agent for App Server 9.0/9.1 to App Server 8.2 (which claims to be supported). Identity Manager is the target resource. I get this when I try accessing the /idm root context:
    Exception caught in AmWebPolicyManager initializer: Unable to load IAmWebPolicy: com.sun.identity.agents.policy.AmWebPolicy
         at com.sun.identity.agents.policy.AmWebPolicyManager.<clinit>(AmWebPolicyManager.java:135)
    Thanks,
    Steve Maring

    You were absolutely correct
    I've resolved this issue - the problem was caused by two things:
    1. There is a new version of a library called libxml2.so that I had to get from Sun (they provided version 2.6.7)
    2. My web server with the agent on it is on a seperate box from the identity server. These two servers were out of sync in terms of their system time (ie, the solaris box with the agent / web server was about 8 minutes ahead of the solaris box with the identity server)
    Once both of these things were fixed (the time issue most importantly), the web server would not hang anymore.

  • SunONE Web Server 6.1 SP7 crashes with Policy Agent 2.2 plugin

    Recently we started facing glibc issues on our webservers and wanted to know if any of you have come across such issues on your setups..
    Setup Info:
    - OS is RHEL 4.0
    - Sun ONE Web Server 6.1SP7
    - Policy Agent 2.2
    When user logins to our application for first time, the policy agent on our webserver intercepts the request and redirects to AM SSO server's login page for authentication. Before redirecting the request, the policy agent preserves the request (POST data) in our webserver and then redirects the request to SSO server. After the user is authenticated on SSO server, the SSO server redirects the request back to our webserver and the policy agent now tries to fetch the preserved post data for the user where it fails(see errors below) and then the user gets 'page cannot be displayed' error on browser. Internally, the SJSWS crashes and gets restarted :(
    From logs:
    [29/Apr/2008:06:32:48] warning (13856): CORE3283: stderr: 2008-04-29 06:32:48.163 Warning 13856:897a4b8 ServiceEngine: Service::getPolicyResult():Result size is 0,tree not present for https://server1.gft.com:443/dummypost/sunpostpreserve2008-04-2906:31:50.311
    [29/Apr/2008:06:32:48] warning (13856): CORE3283: stderr: *** glibc detected *** free(): invalid pointer: 0x08265670 ***
    [29/Apr/2008:06:32:48] warning (13856): CORE3283: stderr: 2008-04-29 06:32:48.529 Warning 13856:897a4b8 ServiceEngine: Service::getPolicyResult():No passwd value in session response.
    [29/Apr/2008:06:32:48] catastrophe (13856): CORE3260: Server crash detected (signal SIGSEGV)
    [29/Apr/2008:06:32:48] info (13856): CORE3261: Crash occurred in NSAPI SAF service-j2ee
    [29/Apr/2008:06:32:48] failure (13107): CORE3107: Child process closed admin channel
    (At this point the SJSWS gets restarted)
    This issue is not always reproducible though !
    Appreciate your help on debugging this..

    Hi...
    just a guess try looking into this bug details ..it may be helpful
    http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=6299862

  • Problem With Policy Agent 2.2 for APACHE on WINDOWS !!!!

    I have been getting a nasty error for weeks configuring PolicyAgent 2.2 for Apache (tried 2.2.x and 2.0.x) on a Windows Server. After the configuring apache could not even start. I get the following error :
    Syntax error on line 1 of "C:/Sun/Access_Manager/Agents/2.2/apache/config/apache_80/dsame.conf":
    Cannot load C:/Sun/Access_Manager/Agents/2.2/apache/bin/libamapc2.dll into server. The specified module does not exist
    Does anyone have any ideas? (I have been pulling my hair off trying to resolve this and I am about to lift up the server and drop it !!! ) The dll file above is available in that path.
    Message was edited by:
    lreju

    This dll file may need/depend other dlls. So sometimes you may still get this error after you download the dll into your windows system folder. But you can use a tool such as http://www.dependencywalker.com to find out which other dlls are needed for your installation....Hope this helps someone !!!

  • Policy agent protected URL auth problem

    Hi all,
    Anyone knows why the policy agent failed to identify a user with valid cert and ldap pwd and thus allow the user to goto the protected URL resources? (IIS with policy agent 2.0 for W2K)
    The IDS server instance was created with security on and "Client Auth" also on. All the accesses worked OK while the "client auth" in not ON. In fact, the user could goto the user profile page with the cert or the LDAP pwd, OAC were all set to enable cert and LDAP=SUCIFICENT even with "client auth" is on, just could not get to the URL it protected. (IDS is running on a Soalris box, V6.0 mtr from the download center)
    The policy agent logs shown that the IDS authentication service failure with code 3.
    Any hints on that?

    When a user clicks the logout button in your Portal application that link needs to send the user to the /amserver/UI/Logout page to terminate the session. You can specify the goto parameter in the link so the user does not see the logout page. You can also specify a particular logout URL pattern in the AMAgent.properties file that when the agent sees a request for that URL it will terminate the session on the AM server and clear out it's cache.

  • Policy Agent - HTTP login

    Hello.
    I was wondering if it's possible to somehow authenticate using HTTP Authentication mechanisms, like Basic or Digest authentication (probably over HHTPS) together with Policy Agent?
    What I'm looking for is a mechanism that checks if the Identity Server Session Cookie is in the request, and if not, does a normal 401 response.
    The browser can then resend the request straight away including user credentials.
    This avoids a redirect to the Identity Server, which is a pain in the back side if the request is a large POST data upload or similar.
    Anyone heard of something like this?
    Regards,
    Kyrre

    Hi Charlie,
    Thanks for the reply. Currently I have implemented permissions for UI elements like this:
    1) Used JATO framework in an application JSP page which points to a view bean class. This view bean class instantiates UI elements as required.
    2) From the module base servlet, I access SSOToken Manager, SSOToken, AMUser, AMRole objects for the current logged in user. (I am working on role based permissions).
    3) Based on the roles available for the user, I set the visibility of certain UI elements.
    Can you elaborate a little bit more in this context about how I can create/use the policies? I will try to list out below what you trying to say. Please provide your feedback.
    1)Protect http resources say http://www.myapp.com/index.html on Idetity Server similar to what I have currently.
    2)Instantiate policy object in the module servlet, have resources for each UI element that needs to be protected in this policy, evaluate policy based on the currently logged in user/role and then return permission like read/edit.
    Thanks,
    Srinivas

  • Policy agent 2.1 in iis 5 and win 2000 form post

    hi,
    i am facing a typical issue with policy agent 2.1 in windows 2000 iis 5..here is the problem:-
    when ever we try to do a html form post, we get a http 200 response back with a blank screen "ok" written on it.
    there is nothing interesting in the logs ... when i completely uninstall the agent it works fine...even if i put the not_enforced_list=* it has the same issue...
    any help is highly appreciated.

    changed the notificationenabled=true which resolved the problem

  • NSAPI in Access Manager & Policy Agent

    Hi all,
    May I know is it possible to use NSAPI to be a communication channel between policy agent and access manager?
    I have installed Sun One Web Server together with policy agent, access manager is installed in another machine.
    I've looked through all related documentation but could not find NSAPI for policy agent or access manager.
    Thanks in advance!

    Hi all,
    May I know is it possible to use NSAPI to be a communication channel between policy agent and access manager?
    I have installed Sun One Web Server together with policy agent, access manager is installed in another machine.
    I've looked through all related documentation but could not find NSAPI for policy agent or access manager.
    Thanks in advance!

  • Sun Access Manager + Jboss Policy Agent + Testapplication Problem

    Hello everybody.
    I have set up Access Manager 7.1 on SJSAS 9.1 in a VMware and Jboss with Policy Agent 2.2 and a simple Webapp on another.
    The webapp just displays pages for users in different roles, f.e. admin und user page.
    When i go to the application in the browser und access a protected page, then I get redirected to the AM login screen and can login and get redirected back to the application.
    I did this with declarative security defined in web.xml, but the user doesn't get authenticated in the application.
    In my logfiles i got the following errors:
    amRealm log file
    09/19/2008 01:55:39:756 PM CEST: Thread[http-jboss.ams.com%2F127.0.0.1-8080-2,5,jboss]
    ERROR: AmRealm: failed to authenticate user: bob
    com.iplanet.sso.SSOException: Invalid session ID.AQIC5wM2LY4SfcwBenaL/TbPRPGHXQo8rhVWWfM3jGDEUUM=@AAJTSQACMDE=# AQIC5wM2LY4SfcyYT7kHKvROHG64m6WtlD8hnFLPmsKJyeY=@AAJTSQACMDE=#
       at com.sun.identity.jaxrpc.SOAPClient$SOAPContentHandler.endDocument(SOAPClient.java:910)
       at org.apache.xerces.parsers.AbstractSAXParser.endDocument(Unknown Source)
       at org.apache.xerces.impl.XMLDocumentScannerImpl.endEntity(Unknown Source)
       at org.apache.xerces.impl.XMLEntityManager.endEntity(Unknown Source)
       at org.apache.xerces.impl.XMLEntityScanner.load(Unknown Source)
       at org.apache.xerces.impl.XMLEntityScanner.skipSpaces(Unknown Source)
       at org.apache.xerces.impl.XMLDocumentScannerImpl$TrailingMiscDispatcher.dispatch(Unknown Source)
       at org.apache.xerces.impl.XMLDocumentFragmentScannerImpl.scanDocument(Unknown Source)
       at org.apache.xerces.parsers.XML11Configuration.parse(Unknown Source)
       at org.apache.xerces.parsers.XML11Configuration.parse(Unknown Source)
       at org.apache.xerces.parsers.XMLParser.parse(Unknown Source)
       at org.apache.xerces.parsers.AbstractSAXParser.parse(Unknown Source)
       at org.apache.xerces.jaxp.SAXParserImpl$JAXPSAXParser.parse(Unknown Source)
       at com.sun.identity.jaxrpc.SOAPClient.send(SOAPClient.java:500)
       at com.sun.identity.jaxrpc.SOAPClient.send(SOAPClient.java:467)
       at com.sun.identity.idm.remote.IdRemoteServicesImpl.getMemberships(IdRemoteServicesImpl.java:465)
       at com.sun.identity.idm.AMIdentity.getMemberships(AMIdentity.java:880)
       at com.sun.identity.agents.realm.AmRealm.authenticateInternal(AmRealm.java:227)
       at com.sun.identity.agents.realm.AmRealm.authenticate(AmRealm.java:155)
       at com.sun.identity.agents.jboss.v40.AmJBossLoginModule.validatePassword(AmJBossLoginModule.java:104)
       at org.jboss.security.auth.spi.UsernamePasswordLoginModule.login(UsernamePasswordLoginModule.java:210)
       at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
       at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
       at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
       at java.lang.reflect.Method.invoke(Method.java:597)
       at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
       at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
       at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
       at java.security.AccessController.doPrivileged(Native Method)
       at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
       at javax.security.auth.login.LoginContext.login(LoginContext.java:579)
       at org.jboss.security.plugins.JaasSecurityManager.defaultLogin(JaasSecurityManager.java:603)
       at org.jboss.security.plugins.JaasSecurityManager.authenticate(JaasSecurityManager.java:537)
       at org.jboss.security.plugins.JaasSecurityManager.isValid(JaasSecurityManager.java:344)
       at org.jboss.web.tomcat.security.JBossSecurityMgrRealm.authenticate(JBossSecurityMgrRealm.java:491)
       at org.apache.catalina.authenticator.FormAuthenticator.authenticate(FormAuthenticator.java:257)
       at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:416)
       at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:84)
       at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
       at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
       at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:157)
       at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
       at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:262)
       at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
       at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
       at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:446)
       at java.lang.Thread.run(Thread.java:619) jboss logfile
    2008-09-19 13:55:39,756 DEBUG [com.sun.identity.agents.jboss.v40.AmJBossLoginModule] Bad password for username=bob Has anybody had similar erros and knows a solution?
    Thanks.

    Tanks handat      
    I found
    http://download.oracle.com/docs/cd/E19575-01/820-5816/galtf/index.html
    http://download.oracle.com/docs/cd/E19681-01/821-0267/gfxhz.html#scrolltoc     
    greetings
    alex davila

  • Sun Access Manager,Policy Agent 2.2, IIS7?

    Hello everybody
    Is it possible to protect IIS7 with policy agent 2.2 and Sun Access Manager 7.1?
    Policy Agents 3.0 (for Open SSO) works with Sun Access Manager 7.1?
    regards!
    Alex Dávila

    Tanks handat      
    I found
    http://download.oracle.com/docs/cd/E19575-01/820-5816/galtf/index.html
    http://download.oracle.com/docs/cd/E19681-01/821-0267/gfxhz.html#scrolltoc     
    greetings
    alex davila

Maybe you are looking for

  • Home sharing for iPhone 4; Remote App

    Am using Windows XP desktop which is connected to router with Ethernet and my iPhone 4 uses the Wi-Fi. Got latest version of iTunes. Latest version of Remote.app iPhone OS 4.3.3, not 4.3.5 I followed this guide to implement the inbound settings since

  • ITunes Fatal Error Installation

    Hello, recently a notification for iTunes updated popped up & i run it. However, halfway through the update hang & when i tried to open itunes they told me to reinstall. I tried to reinstall but a box came out saying there is something wrong with the

  • Tracking a shaky dolly shot to a shaky plate shot

    Hey guys, I have a dolly shot pushing into a character with a basketball floating below his hand. The basketball is held up by a green c-stand that we would like to key out, so we shot the exact same movement without the boy or basketball and stand t

  • I had to wipe my computer clean so i downloaded new itunes now i can't sign in

    i had to wipe my computer clean so i downloaded new itunes now i can't sign in

  • How to center an applet in the middle??

    Hey, I'm currently working on a design for a website and have some problems. I can't find a way to center an applet on a screenresolution of 1024 x 768. Can anyone help me with this subject??? Anyway thanks in advance. Lorcan