Sun access Manager session failover
Hi,
I am trying to install Sun Access Manager (2005Q1) with Session failover. I have hardware load balancer under which i have configuring Access Manager on two seperate boxes.
For session failover i have configured Berkelay database on both system but am unable to start the database.
Now i got the information that Access Manager 6.1 does not support session failover.
Can anyone confirm if access manager 6.1 supports failover or we need to upgrade it?
Thx in advance.
ASN
Message was edited by:
asn123
One clarification. AM 6.1 did have session failvoer feature. But it was container dependent. It used container features to provide this. Each container had its on configuration. It was made independent of the containers in AM 6.3 release. I would stonglry recommend using AM 6.3 or above if you are using session failover.
shivaram
Similar Messages
-
Policy Agent doesn't reset Sun Access Manager session time idle value
Hi,
We have the following setup in our environment:
- apache web server/web and policy agent 2.2 for apache 2.0.54
- webmethods portal server (jetty)
-Sun Access Manager (with Sun Directory Server)
We use policy agent for authentication purpose only (via Sun Access Manager/LDAP) when the users access the portal. We have custom code that creates session in Sun Access Manager for custom LDAP services. For testing purpose, we configure SAM session to have Max Session Timeout at 120mins and Time Idle at 15mins. I would assume that, after the initial login request, for all subsequent accesses to the portal the policy agent should intercept the request and reset the Time Idle value of SAM session. However, when I monitor time idle value using SAM console, session tab, the time idle value didn't change when the portal user access pages, submit actions, etc. I can see in the debug log of policy agent that requests are being intercepted/processed, but the time idle didn't get reset.
Does anyone know if this is a bug in configuration or in policy agent itself or am I making the wrong assumption?
Thanks a lot for the help.Thanks for the reply, Shivaram. The issue appears to occur at random time, not accurately at the 3 min interval as you mention. I tested changing this value to 1, theoretically, after one 1 minute of idle time, accessing a link would make the agent reset the time idle value for the user session in SAM, but it didn't even after 3 minutes. This seems to be either a policy agent or system access manager bug.
We performed a 'vanilla' test using the apache server manual pages (only plain HTML, no POST requests), the pages are protected by the policy agent. At the first login, rwe were prompted to enter credential to be validated by SAM/LDAP, and then a user session is created in SAM session table. We browse around the manual pages, once in a while, certain pages cause the policy agent to reset the time idle. However, revisiting these links after a few minutes doesn't reset the idle value. Caching setting has been disable as well. Could there be or lack of some settings in AMConfig.properties or AMAgent.properties that might have caused this behavior?
Thanks for all your help, -
SUN Access Manager session attributes
I'm trying to find out which session attributes that are available for a Policy Agent out of the box from Access Manager 7.1
The AMAgent.properties file has a property:
com.sun.am.policy.agents.config.session.attribute.map=
But the question is which attributes you can fetch through this settup.
I'm only found the property: successURL.
I would like to get the authentication level and end user IP adress.One clarification. AM 6.1 did have session failvoer feature. But it was container dependent. It used container features to provide this. Each container had its on configuration. It was made independent of the containers in AM 6.3 release. I would stonglry recommend using AM 6.3 or above if you are using session failover.
shivaram -
Sun Access Manager 2005Q1 session failover is not working
Hi All
I m using Sun access manager 2005Q1,message queue 2005Q1, Sun Directory server 5.2 ,BerkelyDb 4.2.52 and radware hardware load balancer with sticky session.
I m have configured message queue and BerkeleyDB and both are running with any error.
I m using http://docs.sun.com/source/817-7644/ch5_scenarios.html#wp41008 doc for session failover.
Simple failover is working fine but the Session failover is not working.
Any body has done session failover with Sun Access manager 2005 Q1 I m trying to resolve this issue last two month.
Please it is urgent.It works fine in 2005Q4, after applying a patch 120954 if I am not mistaken. But 2005Q4 and 2005Q1 are probably different in terms of session failover (site configuration etc.)
1. Stop both AM servers
2. Set logging to debug mode in AMConfig.properties.
3. Delete / move everything in /var/opt/SUNWam/debug
4. tail -f /var/opt/SUNWam/debug/amSession
5. Post that file here... you should be able to see if session failover is enabled etc....
hope this helps. -
HELP GETTING Started with Sun Access Manager without TEARS.
I am new to Sun Access Manager.
I am quite familiar with how Sun Java Identity Manager works.
The following is the issue I am facing.
I've downloaded the following images from the sun website
java_es_05Q4-ga1-solaris-x86-1-iso
and
java_es_05Q4-ga1-solaris-x86-2-iso
I've installed the components on sun solaris 10
The following components were installed
/opt/SUNWcomds
I am not sure what this is for
/opt/SUNWdsvmn
I am not sure what it is.
/opt/SUNWma
What is this I was expecting SUNWam the access management software!
/opt/SUNWwbsvr -- This is the Web Server.
I know how to use it.
Can anyone tell me on how to go about it?
Is there any online tutorial for the same.
What is the difference between sparc version and x86. Can i use any of these on solaris 10?
Anyhelp getting started would be highly appreciated.
I am looking at doing the following things.
ssl,fed, auth, custauth etc
Thanks a ton in Advance.
Regards,
VinodI documented my installation procedure for Access Manager 7.0 (2005Q4) and Portal 7.0. Take a look at my wiki page:
http://wiki.its.queensu.ca/display/JES/Access+Manager+installation
It's a two node Access manager Legacy site and I also implemented session-failover using Message Queue and Berkeley Database. -
Getting error while opening Sun access manager console
We are facing problem while accessing console of Sun Access Manager. We got No Page Found error whenever we try to access the Sun Access Manager console. We have tried restarting the directory server and web server but even that doesn�t help us. Following are the error that gets recorded in log files:-
ERROR: AuthD init() com.iplanet.dpro.session.SessionException: AuthD failed to get auth session
ERROR: Error creating service session java.lang.NullPointerExceptionThe ns-slapd.exe process belongs to the Directory Server. You should therefore check if your DS instance is set up properly.
Michael -
Securing web services with Sun Access Manager
Hi!
I have gone through some documentation about Sun Access Manager, and I'm a little bit confused.
What I want is to secure some web services which are deployed on a BEA WebLogic 9.1 server (WLS). Two solutions are possible: To install some kind of plugin into WLS or to place some kind of proxy in front of WLS. In both cases, the purpose would be to authenticate the caller based on some kind of ticket (SAML or similar) and authorize access to the web service.
I have read about the "Sun Java System Access Manager Policy Agent 2.2 for Weblogic 9.1" (those guys really like long names....), but in this documentation web services aren't mentioned at all. They only seem to care about HTTP requests from a browser.
I have also read about the Policy Agent 2.2 in the documentation called "Sun Java System Access Manager Policy Agent 2.2 Guide for Sun Java System Application Server 9.0/Web Services" (puh...). This document explicitly talks about securing web services the way I want.
My questions are:
1) Is it possible to secure WLS based web services in the same way using the Policy Agent for WLS?
2) Are there any documentation/tutorials/etc?
Thanks in advance :-)
Anderswhat you need is a webservices agent that would enable you to "protect" your webservice provider, which I assume is on a BEA weblogic provider.
the "Sun Java System Access Manager Policy Agent 2.2 for Weblogic 9.1" is "NOT" awebservices agent, but a normal J2EE policy agent.
So.. having said that. here's what I'd recommend.
1. install the webservices agent on bea weblogic. (note: NOT the J2EE policy agent)
2. configure it to use your access manager instance for authentication.
3. configure your webservices client to use the webservice provider. (note: you'd need the webservices APi's available on the client too... so the quick dirty method would be to install the webservices agent on your client too....) you can later bundle the webservices client independently and provide your"customers" with a webservices client bundle...
4. voila... your webservices are not "protected" by acces manager ;-) -
Username and password for Sun Access Manager 7.1
Hi
Thank you for reading my post
I ge the new Java Application Platform SDK Update 2 which has access manager and portlet management inside it.
Can you tell me what is username and password for Sun access Manager 7.1 administration cosole?
thankswith me it was amadmin : admin123
in the readme file in the addons directory:
Done! Access the AM server URL and see if the Access Manager is working or not -
<amserver_protocol>://<amserver_host>:<amserver_port>/amserver
user : 'amadmin', password : <admin password>
in a config file i found the password was admin123 -
Sun Access Manager Event Sequence
I have a third party black box piece of hardware that is redirecting browser requests to my server for authentication. I want to utilize the Sun Access Manager to perform these authentications. Do I need to use the Policy Agent, or should I attempt to communicate directly with the Access Manager? What benefit will I gain from including the Policy Agent into the mix?
If I don't use the policy agent, here is the sequence of events as I understand them:
1) Browser hits Black Box (BB) for protected information.
2) BB redirects the browser to me.
3) Browser sends me a SAML snippet. I decode and inflate the snippet, then send it off to the access manager (AM).
4) The AM throws an invalid id exception because the user has never logged in.
5) I catch the invalid id exception, and redirect the browser to the AM login URL. The user enters a valid id and password and hits submit.
6) ... ?
Is this correct up to step 5, and what happens after step 5? Any hints would be greatly appreciated.Okay, never mind then.
-
Hi all,
i am developing a sample application using sun access manager.it would be very helpful if anyone could help me out in giving some code examples and help me out in developing a sample web app.I have to use the oracle database to get the users and roles.If anyine could post me some sample code for the same it would be really great of u..
Thanx in advance,
Sidharthya thats right.....i tried the purejaasexample given in that...and it worked...but my problem is that....supppose i create an user in my db and then when his authntication is suceeded then can i know from the console who has logged in and all...tell me what is the best example i can try from the samples directory....
basically i want to create a smaple application using sun access manager and implement it in one of our companys big app -
Sun Access Manager 7.1 configuration
I am trying to configure Sun Access Manager 7.1 update 1 on websphere 6.1.0.11 running on windows 2003 server and am getting a crypt error on SunJCE. Any suggestions on how to fix this?
The thread dump looks like this
05/16/2008 11:22:00:509 AM EDT: Thread[WebContainer : 2,5,main]
05/16/2008 11:22:00:509 AM EDT: Thread[WebContainer : 2,5,main]ERROR: Crypt: failed to set password-based key
java.security.NoSuchProviderException: no such provider: SunJCE
at sun.security.jca.GetInstance.getService(GetInstance.java:82)
at javax.crypto.b.a(Unknown Source)
at javax.crypto.SecretKeyFactory.getInstance(Unknown Source)
at com.iplanet.services.util.JCEEncryption.setPassword(JCEEncryption.java:377)
at com.iplanet.services.util.Crypt.createInstance(Crypt.java:139)
at com.iplanet.services.util.Crypt.<clinit>(Crypt.java:103)
at java.lang.J9VMInternals.initializeImpl(Native Method)
at java.lang.J9VMInternals.initialize(J9VMInternals.java:192)
at com.sun.identity.setup.ServicesDefaultValues.validatePassword(ServicesDefaultValues.java:396)
at com.sun.identity.setup.ServicesDefaultValues.setServiceConfigValues(ServicesDefaultValues.java:107)
at com.sun.identity.setup.AMSetupServlet.processRequest(AMSetupServlet.java:307)
at com.ibm._jsp._configurator._jspService(_configurator.java:221)
at com.ibm.ws.jsp.runtime.HttpJspBase.service(HttpJspBase.java:85)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:856)
at com.ibm.ws.webcontainer.servlet.ServletWrapper.service(ServletWrapper.java:989)
at com.ibm.ws.webcontainer.servlet.ServletWrapper.service(ServletWrapper.java:930)
at com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:145)
at com.sun.identity.setup.AMSetupFilter.doFilter(AMSetupFilter.java:89)
at com.ibm.ws.webcontainer.filter.FilterInstanceWrapper.doFilter(FilterInstanceWrapper.java:190)
at com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:130)
at com.ibm.ws.webcontainer.filter.WebAppFilterChain._doFilter(WebAppFilterChain.java:87)
at com.ibm.ws.webcontainer.filter.WebAppFilterManager.doFilter(WebAppFilterManager.java:761)
at com.ibm.ws.webcontainer.filter.WebAppFilterManager.doFilter(WebAppFilterManager.java:673)
at com.ibm.ws.webcontainer.servlet.ServletWrapper.handleRequest(ServletWrapper.java:498)
at com.ibm.ws.wswebcontainer.servlet.ServletWrapper.handleRequest(ServletWrapper.java:464)
at com.ibm.wsspi.webcontainer.servlet.GenericServletWrapper.handleRequest(GenericServletWrapper.java:122)
at com.ibm.ws.jsp.webcontainerext.AbstractJSPExtensionServletWrapper.handleRequest(AbstractJSPExtensionServletWrapper.java:205)
at com.ibm.ws.webcontainer.webapp.WebApp.handleRequest(WebApp.java:3276)
at com.ibm.ws.webcontainer.webapp.WebGroup.handleRequest(WebGroup.java:267)
at com.ibm.ws.webcontainer.WebContainer.handleRequest(WebContainer.java:811)
at com.ibm.ws.wswebcontainer.WebContainer.handleRequest(WebContainer.java:1455)
at com.ibm.ws.webcontainer.channel.WCChannelLink.ready(WCChannelLink.java:113)
at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleDiscrimination(HttpInboundLink.java:454)
at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleNewInformation(HttpInboundLink.java:383)
at com.ibm.ws.http.channel.inbound.impl.HttpICLReadCallback.complete(HttpICLReadCallback.java:102)
at com.ibm.ws.tcp.channel.impl.AioReadCompletionListener.futureCompleted(AioReadCompletionListener.java:165)
at com.ibm.io.async.AbstractAsyncFuture.invokeCallback(AbstractAsyncFuture.java:217)
at com.ibm.io.async.AsyncChannelFuture.fireCompletionActions(AsyncChannelFuture.java:161)
at com.ibm.io.async.AsyncFuture.completed(AsyncFuture.java:136)
at com.ibm.io.async.ResultHandler.complete(ResultHandler.java:195)
at com.ibm.io.async.ResultHandler.runEventProcessingLoop(ResultHandler.java:743)
at com.ibm.io.async.ResultHandler$2.run(ResultHandler.java:873)
at com.ibm.ws.util.ThreadPool$Worker.run(ThreadPool.java:1469)
05/16/2008 11:22:00:509 AM EDT: Thread[WebContainer : 2,5,main]ERROR: JCEEncryption:: not yet initializedHave you followed the release notes instructions? There is one specifically about changing JCE:
http://docs.sun.com/app/docs/doc/819-5899/gdpsl?a=view
http://docs.sun.com/app/docs/doc/819-4683/gfvfl?a=view
http://docs.sun.com/app/docs/doc/819-5899/gdxas?a=view
shivaram -
Sun Access Manager login problem
Hi,
This is a very basic problem. I have installed Sun Access Manager 7 using JES installer. It is configured to authenticate against a LDAP datastore. I am able to login into the amconsole application using the amAdmin DN but I am not able to login with any other user that I create through Sun Access Manager.Any help will be highly appreciated.
TIA.Hello,
When you create any user through SUN Access Manager, is that user is created in LDAP
datastore, or is it created in SAM flat file repository ? -
Sun Access Manager Resource & password resets
Hi,
I've got IDM 7.1 and AM 7.1, with a Sun Access Manager Realm resource. The LDAP directory (DS EE 6.0) sitting behind the AM resource has been set up to "Require Password Change at First Login and After Reset".
However, if a user in IDM changes their AM password, the connection to AM is done as the resource adapter user, not themselves; this means that the pwdReset flag is not cleared on their account in AM, and AM will demand a password change on next login.
This is obviously non-optimal for us, as we'd like them to change their password through IDM.
Is there any way to change the DS policies to allow for this situation, OR to set the pwdReset flag through the resource adapter, OR to get the resource adapter to connect as the user when the Change Password flow is performed?
Thanks,
Michael.Hi Michael,
Could you please share the solution for the problem you are facing.
I am facing a similar issue.
When an admin resets the password of a user and when the user logs in, he/she needs to be redirected to IDM change password page. Instead the redirection to AM change password functionality is displayed.
Thanks,
Vinu -
Sun Access Manager - Authentication Error
Hello everyone,
I'm trying to configure Sun Access Manager 7.0 with sun web server 6.1 and directory server 5.2 on windows xp.
I'm getting the following error when I try to login with uid=amAdmin
"Permission to perform the read operation denied to uid=amAdmin,ou=People,dc=example,dc=com"
I do not see any errors from the debug files. Could anyone help me in fixing this problem.
Thanks in advance,
-krishnaIs your AM log level set to message? If not, set to message and retest. You should get output in your debug logs.
On the agent side, set your logging to all:5 -
Sun Access Manager,Policy Agent 2.2, IIS7?
Hello everybody
Is it possible to protect IIS7 with policy agent 2.2 and Sun Access Manager 7.1?
Policy Agents 3.0 (for Open SSO) works with Sun Access Manager 7.1?
regards!
Alex DávilaTanks handat
I found
http://download.oracle.com/docs/cd/E19575-01/820-5816/galtf/index.html
http://download.oracle.com/docs/cd/E19681-01/821-0267/gfxhz.html#scrolltoc
greetings
alex davila
Maybe you are looking for
-
Java.lang.VerifyError - Incompatible object argument for function call
Hi all, I'm developing a JSP application (powered by Tomcat 4.0.1 in JDK 1.3, in Eclipse 3.3). Among other stuff I have 3 classes interacting with an Oracle database, covering 3 use cases - renaming, adding and deleting an database object. The renami
-
Cannot install windows on Satellite Pro A40
Hi I have read through all the posts and cant seem to find an answer. My problems is this .. I have tried to install windows from a Full version and when I choose to install windows in a partition it fails. If I try to delete the partition it fails.
-
Multiple devices -how to sync all to icloud and iphoto then delete from device
Hello, I have 2 ipads, an iphone and a macbook. I want to be able to take pictures using whichever device and have all the pictures be stored in my iphoto on my macbook. I have purchased plenty of icloud storage but want to make sure that all devic
-
TS1567 What if the "Stop the service" is not available?
I really need some help. My iPod will not sync to my iTunes as the "Apple Mobile Device Service" is off or something however I found instructions to help me turn it on and back off but there is no setting for "Stop The Service". I wondered if anyone
-
What's the earliest version of iTunes to include the play next and add to play next feature when right clicking a song?