Sun Access Manager login problem
Hi,
This is a very basic problem. I have installed Sun Access Manager 7 using JES installer. It is configured to authenticate against a LDAP datastore. I am able to login into the amconsole application using the amAdmin DN but I am not able to login with any other user that I create through Sun Access Manager.Any help will be highly appreciated.
TIA.
Hello,
When you create any user through SUN Access Manager, is that user is created in LDAP
datastore, or is it created in SAM flat file repository ?
Similar Messages
-
Oracle Access Manager login Problem
Hi All,
I am installed IDM 11g(11.5) in my local machine. All servers are up and running(SOA,IDM and OAM).
I am able to login IDM but the problem is I am unable to login OAM using below URLs"http://http://localhost:14100/oam/" or "http://http://localhost:14100/oamconsole"
I got below error Could you please help me on this.
Thanks in advance.
index.jsp:4:4: No tag library could be found with this URI. Possible causes could be that the URI is incorrect, or that there were errors during parsing of the .tld file.
<%@taglib uri="http://beehive.apache.org/netui/tags-template-1.0" prefix="netui-template"%>
^----^
at weblogic.servlet.jsp.JavelinxJSPStub.reportCompilationErrorIfNeccessary(JavelinxJSPStub.java:226)
at weblogic.servlet.jsp.JavelinxJSPStub.compilePage(JavelinxJSPStub.java:162)
at weblogic.servlet.jsp.JspStub.prepareServlet(JspStub.java:256)
at weblogic.servlet.jsp.JspStub.prepareServlet(JspStub.java:216)
at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:243)
at weblogic.servlet.internal.ServletStubImpl.onAddToMapException(ServletStubImpl.java:416)
at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:326)
at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.security.am.agent.wls.filters.OAMServletAuthenticationFilter.doFilter(OAMServletAuthenticationFilter.java:265)
at oracle.security.am.agent.wls.filters.OAMValidationSystemFilter.doFilter(OAMValidationSystemFilter.java:133)
at oracle.security.wls.oamagent.OAMAgentWrapperFilter.doFilter(OAMAgentWrapperFilter.java:120)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.security.jps.ee.http.JpsAbsFilter$1.run(JpsAbsFilter.java:111)
at java.security.AccessController.doPrivileged(Native Method)
at oracle.security.jps.util.JpsSubject.doAsPrivileged(JpsSubject.java:313)
at oracle.security.jps.ee.util.JpsPlatformUtil.runJaasMode(JpsPlatformUtil.java:413)
at oracle.security.jps.ee.http.JpsAbsFilter.runJaasMode(JpsAbsFilter.java:94)
at oracle.security.jps.ee.http.JpsAbsFilter.doFilter(JpsAbsFilter.java:161)
at oracle.security.jps.ee.http.JpsFilter.doFilter(JpsFilter.java:71)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.dms.servlet.DMSServletFilter.doFilter(DMSServletFilter.java:136)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.wrapRun(WebAppServletContext.java:3715)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3681)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2277)
at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2183)
at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1454)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:209)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:178)
>
####<Jul 28, 2012 11:35:47 AM GMT+05:30> <Notice> <Diagnostics> <mindview> <oam_server1> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <80fd87e7b2933795:7c4c4c55:138cc2c328f:-8000-0000000000000079> <1343455547428> <BEA-320068> <Watch 'UncheckedException' with severity 'Notice' on server 'oam_server1' has triggered at Jul 28, 2012 11:35:47 AM GMT+05:30. Notification details:
WatchRuleType: Log
WatchRule: (SEVERITY = 'Error') AND ((MSGID = 'WL-101020') OR (MSGID = 'WL-101017') OR (MSGID = 'WL-000802') OR (MSGID = 'BEA-101020') OR (MSGID = 'BEA-101017') OR (MSGID = 'BEA-000802'))
WatchData: DATE = Jul 28, 2012 11:35:47 AM GMT+05:30 SERVER = oam_server1 MESSAGE = [ServletContext@335684[app:oam_server module:oam path:/oam spec-version:2.5], request: weblogic.servlet.internal.ServletRequestImpl@fab370[
GET /oam/index.jsp HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 5.2; rv:9.0) Gecko/20100101 Firefox/9.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Connection: keep-alive
Cookie: oimjsessionid=GShlQTQG2mnJ3L2WpHlnm5QnJ0q2G94LzBBQdLRg7rGJhyTLvSlb!2089492751
]] Root cause of ServletException.
weblogic.servlet.jsp.CompilationException: Failed to compile JSP /index.jsp
index.jsp:2:4: No tag library could be found with this URI. Possible causes could be that the URI is incorrect, or that there were errors during parsing of the .tld file.
<%@taglib uri="http://beehive.apache.org/netui/tags-html-1.0" prefix="netui"%>
^----^
index.jsp:2:4: No tag library could be found with this URI. Possible causes could be that the URI is incorrect, or that there were errors during parsing of the .tld file.
<%@taglib uri="http://beehive.apache.org/netui/tags-html-1.0" prefix="netui"%>
^----^
index.jsp:3:4: No tag library could be found with this URI. Possible causes could be that the URI is incorrect, or that there were errors during parsing of the .tld file.
<%@taglib uri="http://beehive.apache.org/netui/tags-databinding-1.0" prefix="netui-data"%>
^----^
index.jsp:3:4: No tag library could be found with this URI. Possible causes could be that the URI is incorrect, or that there were errors during parsing of the .tld file.
<%@taglib uri="http://beehive.apache.org/netui/tags-databinding-1.0" prefix="netui-data"%>
^----^
index.jsp:4:4: No tag library could be found with this URI. Possible causes could be that the URI is incorrect, or that there were errors during parsing of the .tld file.
<%@taglib uri="http://beehive.apache.org/netui/tags-template-1.0" prefix="netui-template"%>
^----^
index.jsp:4:4: No tag library could be found with this URI. Possible causes could be that the URI is incorrect, or that there were errors during parsing of the .tld file.
<%@taglib uri="http://beehive.apache.org/netui/tags-template-1.0" prefix="netui-template"%>
^----^
at weblogic.servlet.jsp.JavelinxJSPStub.reportCompilationErrorIfNeccessary(JavelinxJSPStub.java:226)
at weblogic.servlet.jsp.JavelinxJSPStub.compilePage(JavelinxJSPStub.java:162)
at weblogic.servlet.jsp.JspStub.prepareServlet(JspStub.java:256)
at weblogic.servlet.jsp.JspStub.prepareServlet(JspStub.java:216)
at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:243)
at weblogic.servlet.internal.ServletStubImpl.onAddToMapException(ServletStubImpl.java:416)
at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:326)
at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.security.am.agent.wls.filters.OAMServletAuthenticationFilter.doFilter(OAMServletAuthenticationFilter.java:265)
at oracle.security.am.agent.wls.filters.OAMValidationSystemFilter.doFilter(OAMValidationSystemFilter.java:133)
at oracle.security.wls.oamagent.OAMAgentWrapperFilter.doFilter(OAMAgentWrapperFilter.java:120)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.security.jps.ee.http.JpsAbsFilter$1.run(JpsAbsFilter.java:111)
at java.security.AccessController.doPrivileged(Native Method)
at oracle.security.jps.util.JpsSubject.doAsPrivileged(JpsSubject.java:313)
at oracle.security.jps.ee.util.JpsPlatformUtil.runJaasMode(JpsPlatformUtil.java:413)
at oracle.security.jps.ee.http.JpsAbsFilter.runJaasMode(JpsAbsFilter.java:94)
at oracle.security.jps.ee.http.JpsAbsFilter.doFilter(JpsAbsFilter.java:161)
at oracle.security.jps.ee.http.JpsFilter.doFilter(JpsFilter.java:71)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.dms.servlet.DMSServletFilter.doFilter(DMSServletFilter.java:136)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.wrapRun(WebAppServletContext.java:3715)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3681)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2277)
at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2183)
at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1454)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:209)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:178)
SUBSYSTEM = HTTP USERID = <WLS Kernel> SEVERITY = Error THREAD = [ACTIVE] ExecuteThread: '5' for queue: 'weblogic.kernel.Default (self-tuning)' MSGID = BEA-101017 MACHINE = mindview TXID = CONTEXTID = 80fd87e7b2933795:7c4c4c55:138cc2c328f:-8000-0000000000000078 TIMESTAMP = 1343455547412
WatchAlarmType: AutomaticReset
WatchAlarmResetPeriod: 30000
>
####<Jul 28, 2012 11:35:52 AM GMT+05:30> <Alert> <Diagnostics> <mindview> <oam_server1> <oracle.dfw.impl.incident.DiagnosticsDataExtractorImpl - Incident Dump Executor (created: Sat Jul 28 11:35:49 GMT+05:30 2012)> <<WLS Kernel>> <> <80fd87e7b2933795:7c4c4c55:138cc2c328f:-8000-0000000000000087> <1343455552522> <BEA-320016> <Creating diagnostic image in c:\oracle\middleware\user_projects\domains\base_domain\servers\oam_server1\adr\diag\ofm\base_domain\oam_server1\incident\incdir_5 with a lockout minute period of 1.>
####<Jul 28, 2012 11:37:31 AM GMT+05:30> <Info> <Health> <mindview> <oam_server1> <weblogic.GCMonitor> <<anonymous>> <> <80fd87e7b2933795:7c4c4c55:138cc2c328f:-8000-0000000000000071> <1343455651787> <BEA-310002> <67% of the total memory in the server is free>
####<Jul 28, 2012 11:45:46 AM GMT+05:30> <Info> <JDBC> <mindview> <oam_server1> <[ACTIVE] ExecuteThread: '5' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <80fd87e7b2933795:7c4c4c55:138cc2c328f:-8000-000000000000008a> <1343456146959> <BEA-001128> <Connection for pool "oamDS" closed.>
Thanks in Advance.
Regards,
Ravi.Hi Ravi,
this looks like a WLS issue.
1-You can try as a workaround to remove this validator configuration in taglib definition file: .tld and see the behavior.
2-Or you are missing something into url.
I hope this helps,
Thiago Leoncio. -
Login to Sun access manager admin console failed.
we are using Sun access manager 2003Q4. Today i am not able to login to the amconsole itself.it says authentication failed. i tried with all the admin users we have and also with the amadmin same error.
The ldap is up and running.
can any one suggest me the probable problem and solution.
or the log files i need to look at which can help in trouble shooting.
thanks in advanceCheck your AppServer to see it up and running or not.
-
Not able to login to Sun Access Manager
Hi All,
I am new to Sun Access Manager. I changed the LDAP Configuration in Identity Management->Authentication Module->LDAP to some incorrect LDAP Server. Now i am not able to login to the amconsole of Access Manager. I am getting an Authentication fail error. Is there any way i can revert the changes for the LDAP i have made as i am not able to open the console to revert the changes.
Thanks in advance,
AnnuCheck your AppServer to see it up and running or not.
-
Problems about Sun Access Manager
when I using Sun Access Manager, I found It is very slowly to access "http://host:ip/amserver" , but I also using OpenSSO, It is normal to access "http://host:ip/amserver".
Can anyone give any suggestions ?
Best Regards!Hi,
I added a page to the wiki which adds more detail to the steps to create the sample app policies on the am/fam/opensso server console UI. This includes some screen shots as well.
This is one good thing about the sample app is that you have to learn to install the opensso server, install the agent, configure the agents properties for the sample app security and also use the opensso server UI to create policies.
It is a bit of work, but when done you will know how to use a lot of opensso features.
You do not need a directory server. The sample app readme refers to some directory things that really can be ignored. The wording should be changed.
Anyhow you can use this wiki page along with the readme to help you set up the policies, the subjects etc that map to the sample app
http://wikis.sun.com/display/OpenSSO/samplepolicy
I will try to make a getting started page for new users, though you have done most the steps now, and need to set up sample. But this page might be useful for others who want to get started http://wikis.sun.com/display/OpenSSO/getstarted
hth,
Sean -
Sun Federation Manager installation problem
I'm trying to install Sun Federation Manager on a machine running RedHat Linux and Sun Application Server. The installation in itself appears to go ok, and the loginpage appears when i connect to http://x.x.x.x/federation The problem is when I try to login with the username and password, it only redirects back to the login page. It seems like it tries to go to AMAdminFrame, but gets redirected back. First I thought i didn't login correctly, but when I look in the amAuthentication.access file, it says that the login was correct.
Has anyone else had this problem? I've tried with both 8.2 and 9 of the application server, and the problem is the same on both. All help would be appriciated.
I've also tried with the Sun Webserver, but it threw an nullpointerexception on me. Does anyone have any ideas?Hello,
When you create any user through SUN Access Manager, is that user is created in LDAP
datastore, or is it created in SAM flat file repository ? -
Sun Access Manager Resource & password resets
Hi,
I've got IDM 7.1 and AM 7.1, with a Sun Access Manager Realm resource. The LDAP directory (DS EE 6.0) sitting behind the AM resource has been set up to "Require Password Change at First Login and After Reset".
However, if a user in IDM changes their AM password, the connection to AM is done as the resource adapter user, not themselves; this means that the pwdReset flag is not cleared on their account in AM, and AM will demand a password change on next login.
This is obviously non-optimal for us, as we'd like them to change their password through IDM.
Is there any way to change the DS policies to allow for this situation, OR to set the pwdReset flag through the resource adapter, OR to get the resource adapter to connect as the user when the Change Password flow is performed?
Thanks,
Michael.Hi Michael,
Could you please share the solution for the problem you are facing.
I am facing a similar issue.
When an admin resets the password of a user and when the user logs in, he/she needs to be redirected to IDM change password page. Instead the redirection to AM change password functionality is displayed.
Thanks,
Vinu -
Sun Access Manager - Authentication Error
Hello everyone,
I'm trying to configure Sun Access Manager 7.0 with sun web server 6.1 and directory server 5.2 on windows xp.
I'm getting the following error when I try to login with uid=amAdmin
"Permission to perform the read operation denied to uid=amAdmin,ou=People,dc=example,dc=com"
I do not see any errors from the debug files. Could anyone help me in fixing this problem.
Thanks in advance,
-krishnaIs your AM log level set to message? If not, set to message and retest. You should get output in your debug logs.
On the agent side, set your logging to all:5 -
Access manager policyagent 2.1 fro webspher5.0 with sun access manager in
Help It is very urgent
I have installed my sun access manager and sun direcory server on same machine solaris10.SSL is diable in directory server.Access manager working on ssl mode means it is working on Http with port 80 and Https with port443.Access manager url is
http://lhostname:80/amconsole or https://hostname:443/amconsole and
http://host:80/amserver/UI/Login or https://host:443/amserver/UI/Login.it is displaying access manager login page.It is working properly standalone.
But when i configure it with policyagent2.1 for WebSphere5.0 .WebSphere installed on windows2000 server.when i type the application URL that is running on WebSphere it does not show access manager login page.It show u r not authurised to view this page.WebSphere running on Http.
and amService log detail is*****************************************************
03/02/2006 05:57:32:018 PM GMT+05:30: Thread[Servlet.Engine.Transports : 0,5,main]
Naming service URL list: [https://my.domain.com:443/amserver/namingservice]
03/02/2006 05:57:32:018 PM GMT+05:30: Thread[Servlet.Engine.Transports : 0,5,main]
Only one naming service URL specified. NamingServiceMonitor will be disabled.
03/02/2006 05:57:32:018 PM GMT+05:30: Thread[Servlet.Engine.Transports : 0,5,main]
getServiceURL for service: auth protocol: https host: my.domain.com port: 443
03/02/2006 05:57:32:112 PM GMT+05:30: Thread[Servlet.Engine.Transports : 0,5,main]
ERROR: Naming service connection failed
com.iplanet.services.comm.client.SendRequestException: com.ibm.ws.orbimpl.transport.protocol.https.HttpsURLConnection
at com.iplanet.services.comm.client.PLLClient.send(PLLClient.java:141)
at com.iplanet.services.comm.client.PLLClient.send(PLLClient.java:73)
at com.iplanet.services.naming.WebtopNaming.getNamingResponse(WebtopNaming.java:360)
at com.iplanet.services.naming.WebtopNaming.updateNamingTable(WebtopNaming.java:421)
at com.iplanet.services.naming.WebtopNaming.getNamingProfile(WebtopNaming.java:353)
at com.iplanet.services.naming.WebtopNaming.getServiceURL(WebtopNaming.java:187)
at com.sun.identity.authentication.AuthContext.setLocalFlag(AuthContext.java:1159)
at com.sun.identity.authentication.AuthContext.createAuthContext(AuthContext.java:1100)
at com.sun.identity.authentication.AuthContext.createAuthContext(AuthContext.java:1071)
at com.sun.identity.authentication.AuthContext.<init>(AuthContext.java:142)
at com.sun.identity.policy.client.AuthService.getAppSSOToken(AuthService.java:103)
at com.sun.identity.policy.client.AuthService.getApplicationSSOToken(AuthService.java:79)
at com.sun.identity.policy.client.PolicyEvaluator.getAppSSOToken(PolicyEvaluator.java:499)
at com.sun.identity.policy.client.PolicyEvaluator.init(PolicyEvaluator.java:193)
at com.sun.identity.policy.client.PolicyEvaluator.<init>(PolicyEvaluator.java:172)
at com.sun.identity.policy.client.PolicyEvaluatorFactory.getPolicyEvaluator(PolicyEvaluatorFactory.java:118)
at com.sun.identity.policy.client.PolicyEvaluatorFactory.getPolicyEvaluator(PolicyEvaluatorFactory.java:87)
at com.sun.identity.agents.policy.AmWebPolicy.<init>(Unknown Source)
at com.sun.identity.agents.policy.AmWebPolicyManager.<init>(Unknown Source)
at com.sun.identity.agents.policy.AmWebPolicyManager.<clinit>(Unknown Source)
at com.sun.identity.agents.filter.AmFilter.<init>(Unknown Source)
at com.sun.identity.agents.filter.AmFilterManager.getAmFilter(Unknown Source)
at com.sun.identity.agents.filter.AmFilterManager.getAmFilter(Unknown Source)
at com.sun.identity.agents.filter.AmFilterManager.getAmFilterInstanceForModeConfigured(Unknown Source)
at com.sun.identity.agents.filter.AmAgentFilter.doFilter(Unknown Source)
at com.ibm.ws.webcontainer.filter.FilterInstanceWrapper.doFilter(FilterInstanceWrapper.java:132)
at com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:71)
at com.ibm.ws.webcontainer.webapp.WebAppRequestDispatcher.handleWebAppDispatch(WebAppRequestDispatcher.java:863)
at com.ibm.ws.webcontainer.webapp.WebAppRequestDispatcher.dispatch(WebAppRequestDispatcher.java:491)
at com.ibm.ws.webcontainer.webapp.WebAppRequestDispatcher.forward(WebAppRequestDispatcher.java:173)
at com.ibm.ws.webcontainer.srt.WebAppInvoker.doForward(WebAppInvoker.java:79)
at com.ibm.ws.webcontainer.srt.WebAppInvoker.handleInvocationHook(WebAppInvoker.java:199)
at com.ibm.ws.webcontainer.cache.invocation.CachedInvocation.handleInvocation(CachedInvocation.java:71)
at com.ibm.ws.webcontainer.srp.ServletRequestProcessor.dispatchByURI(ServletRequestProcessor.java:182)
at com.ibm.ws.webcontainer.oselistener.OSEListenerDispatcher.service(OSEListener.java:331)
at com.ibm.ws.webcontainer.http.HttpConnection.handleRequest(HttpConnection.java:56)
at com.ibm.ws.http.HttpConnection.readAndHandleRequest(HttpConnection.java:432)
at com.ibm.ws.http.HttpConnection.run(HttpConnection.java:343)
at com.ibm.ws.util.ThreadPool$Worker.run(ThreadPool.java:592)
Thanks & Regards
SainiThis is an SSL handshake problem of Websphere - has nothing to do with AM.
Websphere�s JDK does not trust the Signer / Cert of AM�s deployment container.
Either configure a truststore (or use an existing webshpere truststore) where you import the Cert of the Signing CA of your AM DC�s cert.
Other option - import the mentioned cert in cacert file of IBM JDK - but be aware that this might get lost when applying an Websphere fixpack/refreshpack.
BTW what have you configured for server.port,server.host and server.protocol in your AMConfig.properties?
If you have not changed that settings agent will use the port/protocol specified to communicate with AM.
-Bernhard -
Getting error while opening Sun access manager console
We are facing problem while accessing console of Sun Access Manager. We got No Page Found error whenever we try to access the Sun Access Manager console. We have tried restarting the directory server and web server but even that doesn�t help us. Following are the error that gets recorded in log files:-
ERROR: AuthD init() com.iplanet.dpro.session.SessionException: AuthD failed to get auth session
ERROR: Error creating service session java.lang.NullPointerExceptionThe ns-slapd.exe process belongs to the Directory Server. You should therefore check if your DS instance is set up properly.
Michael -
Please help me about Sun Access Manager . . .
Hi every body,
I deploy successful Access Manager 7.1 on domain1 in GlassFish server.
At address admin console domain1 : http://my.test.domain:4848/
At adress listening : http://my.test.domain:8080/amserver/
And then I install Policy Agent 2.2 and deploy agentapp.war succesful on domain2 in GlassFish server.
At address admin console domain2 : http://my.test.domain:6868/
At adress listening : http://my.test.domain:6948/agentapp.war.
And then I deploy agentsample.ear on domain2 in GlashFish server and addess deployment is : http://my.test.domain:6948/agentsample
And then I login Access Manager that create policy : http://my.test.domain:6948/agentsample/*
When I browser http://my.test.domain:6948/agentsample on IE it redirect to Access Manager login.
But I read a attach document, it asked me, created user and asign roles employee, manager, admin.
I wondered that employee, manager and admin roles are available?
If it hasnt that roles, How to create it ?
And How to use LDAP and install Sun Directory server in window xp?
Then end, Can you tell me, Whats wrong if I configure like above ?
I hope you help me . . .
Thank you very much.
VinhND
Edited by: javatoall on Jan 17, 2008 9:44 PMHi,
I added a page to the wiki which adds more detail to the steps to create the sample app policies on the am/fam/opensso server console UI. This includes some screen shots as well.
This is one good thing about the sample app is that you have to learn to install the opensso server, install the agent, configure the agents properties for the sample app security and also use the opensso server UI to create policies.
It is a bit of work, but when done you will know how to use a lot of opensso features.
You do not need a directory server. The sample app readme refers to some directory things that really can be ignored. The wording should be changed.
Anyhow you can use this wiki page along with the readme to help you set up the policies, the subjects etc that map to the sample app
http://wikis.sun.com/display/OpenSSO/samplepolicy
I will try to make a getting started page for new users, though you have done most the steps now, and need to set up sample. But this page might be useful for others who want to get started http://wikis.sun.com/display/OpenSSO/getstarted
hth,
Sean -
Policy Agent doesn't reset Sun Access Manager session time idle value
Hi,
We have the following setup in our environment:
- apache web server/web and policy agent 2.2 for apache 2.0.54
- webmethods portal server (jetty)
-Sun Access Manager (with Sun Directory Server)
We use policy agent for authentication purpose only (via Sun Access Manager/LDAP) when the users access the portal. We have custom code that creates session in Sun Access Manager for custom LDAP services. For testing purpose, we configure SAM session to have Max Session Timeout at 120mins and Time Idle at 15mins. I would assume that, after the initial login request, for all subsequent accesses to the portal the policy agent should intercept the request and reset the Time Idle value of SAM session. However, when I monitor time idle value using SAM console, session tab, the time idle value didn't change when the portal user access pages, submit actions, etc. I can see in the debug log of policy agent that requests are being intercepted/processed, but the time idle didn't get reset.
Does anyone know if this is a bug in configuration or in policy agent itself or am I making the wrong assumption?
Thanks a lot for the help.Thanks for the reply, Shivaram. The issue appears to occur at random time, not accurately at the 3 min interval as you mention. I tested changing this value to 1, theoretically, after one 1 minute of idle time, accessing a link would make the agent reset the time idle value for the user session in SAM, but it didn't even after 3 minutes. This seems to be either a policy agent or system access manager bug.
We performed a 'vanilla' test using the apache server manual pages (only plain HTML, no POST requests), the pages are protected by the policy agent. At the first login, rwe were prompted to enter credential to be validated by SAM/LDAP, and then a user session is created in SAM session table. We browse around the manual pages, once in a while, certain pages cause the policy agent to reset the time idle. However, revisiting these links after a few minutes doesn't reset the idle value. Caching setting has been disable as well. Could there be or lack of some settings in AMConfig.properties or AMAgent.properties that might have caused this behavior?
Thanks for all your help, -
Sun Access Manager Event Sequence
I have a third party black box piece of hardware that is redirecting browser requests to my server for authentication. I want to utilize the Sun Access Manager to perform these authentications. Do I need to use the Policy Agent, or should I attempt to communicate directly with the Access Manager? What benefit will I gain from including the Policy Agent into the mix?
If I don't use the policy agent, here is the sequence of events as I understand them:
1) Browser hits Black Box (BB) for protected information.
2) BB redirects the browser to me.
3) Browser sends me a SAML snippet. I decode and inflate the snippet, then send it off to the access manager (AM).
4) The AM throws an invalid id exception because the user has never logged in.
5) I catch the invalid id exception, and redirect the browser to the AM login URL. The user enters a valid id and password and hits submit.
6) ... ?
Is this correct up to step 5, and what happens after step 5? Any hints would be greatly appreciated.Okay, never mind then.
-
Hi all,
i am developing a sample application using sun access manager.it would be very helpful if anyone could help me out in giving some code examples and help me out in developing a sample web app.I have to use the oracle database to get the users and roles.If anyine could post me some sample code for the same it would be really great of u..
Thanx in advance,
Sidharthya thats right.....i tried the purejaasexample given in that...and it worked...but my problem is that....supppose i create an user in my db and then when his authntication is suceeded then can i know from the console who has logged in and all...tell me what is the best example i can try from the samples directory....
basically i want to create a smaple application using sun access manager and implement it in one of our companys big app -
Integrating windows authentication with Sun ACCESS MANAGER
Hi,
I have implemented sun access manager and successfully protected an application (ABC). At present iam using the SDS as the authentication and authorization directory. I login in to the machine using the network username and password which is on AD.
I want to integrate my authentication/authorization mechanism from SDS to AD. so that when i login into the machine and open application ABC it should not ask me for the credentials; instead allow me to the homepage directly.
How to do this.
Thanks in advance
MaruthiHi!
Maybe this helps you, it describes how to setup AM and policy agent to handle basic authentication protected sites. While the article is about sharepoint it should work for any application.
http://developers.sun.com/identity/reference/techart/sharepoint.html
Christoph
Maybe you are looking for
-
Sometimes, when Firefox has been open on my laptop for a few minutes but I've not been active on it, a new tab will automatically open up with a message saying, for example, that I should download a new video player or some PC cleaner software. I kno
-
Setting page size in Numbers on Ipad?
Anyone know if you can set page size in Numbers on Ipad?
-
Help with Shockwave player reinstall
I recently updated my system (PC, Windows 7, updated to IE 11), and the shockwave player needed to be updated. Tried to do that, but won't work. My system is 64 bit, but the IE 11 running is 32 bit version. Tried numerous ways to update, then I remo
-
Macbook pro locks up after doing the simplest tasks!
I seriously don't understand this. I am editing HDV, the most consumer cost efficient format available. I am doing a somewhat easy task - optical flow retiming in motion....ok no CG or crazy graphics, and my computer has locked up twice already. How
-
Adobe Reader v8.1.2 Compatible with Windows XP Pro SP3
I need to know if Adobe Reader v8.1.2 is compatible with Windows XP Pro SP3. Thank you.