Sun One Identity Server Policy Agent 2.0 for IIS 5.0

Similar Messages

• Use of Sun One Identity Server for SAML

  Hi all,
  I want to use Sun One Identity Server as the asserting server and SAP WAS 6.40 as the trusting server. Can any one help me with from where and what patch of Sun One Identity Server i'll have to download and how to make the connectivity of Sun One Identity Server with SAP WAS 6.40.
  Thank you very much.

  Well, it's in the Agent's installation guide, section "Read me first", "Setting Fully Qualified Domain Name". :)

• Can I upgrade Sun ONE Identity Server 6.0 schema v1.0 to schema v2.0

  I'm have Sun ONE Identity Server 6.0
  now I install Sun Java Communications Suite 5，but I'm copy dssetp to Sun ONE Identity Server 6.0 host,
  i'm run pl comm_dssetup.pl
  Welcome to the Directory Server preparation tool for
  Sun Java(tm) System communication services.
  (Version 6.3 Revision 1.0)
  This tool prepares your directory server for use by the
  communications services which include Messaging, Calendar and their components.
  The logfile is /var/tmp/dssetup_20050830165940.log.
  Do you want to continue [y]:
  Please enter the full path to the directory where the Sun ONE
  Directory Server was installed.
  Directory server root [/usr/iplanet/servers/slapd-ids] : /usr/iplanet/servers/slapd-ids
  Please select a directory server instance from the following list:
  [1] slapd-sunldap
  Which instance do you want [1]:
  Please enter the directory manager DN [cn=Directory Manager]: cn=DirMan
  Password:
  DirectoryServernotrunningornotlisteningtoport389.*
  DetectedDSversion0.0*
  Pleasecorrecttheproblemandre-runthisscript.*

  Hi,
  whr25 wrote:
  I'm have Sun ONE Identity Server 6.0
  now I install Sun Java Communications Suite 5，but I'm copy dssetp to Sun ONE Identity Server 6.0 host,
  i'm run pl comm_dssetup.pl
  Welcome to the Directory Server preparation tool for
  Sun Java(tm) System communication services.
  (Version 6.3 Revision 1.0)
  This tool prepares your directory server for use by the
  communications services which include Messaging, Calendar and their components.
  The logfile is /var/tmp/dssetup_20050830165940.log.
  Do you want to continue [y]:
  Please enter the full path to the directory where the Sun ONE
  Directory Server was installed.
  Directory server root [/usr/iplanet/servers/slapd-ids] : /usr/iplanet/servers/slapd-ids
  Please select a directory server instance from the following list:
  [1] slapd-sunldap
  Which instance do you want [1]:
  Please enter the directory manager DN [cn=Directory Manager]: cn=DirMan
  Password:
  DirectoryServernotrunningornotlisteningtoport389.*
  DetectedDSversion0.0*
  Pleasecorrecttheproblemandre-runthisscript.*So is the directory server instance running?
  I'm a little unsure as to what your actual problem is. You say "Can I upgrade Sun ONE Identity Server 6.0 schema v1.0 to schema v2.0" in the question subject but then don't clarify this in the above.
  Regards,
  Shane.

• Identity Server Policy agent for BEA Weblogic Server 8.0

  Hi all,
  I donot find policy agents for BEA weblogic 8.X.
  Is the 6.1SP2 version forward compatible?
  Thanks

  You didn't specified the OS. Please find the PA support with different platforms & softwares..
  http://docs.sun.com/source/816-6884-10/chapter1.html#wp21986

• Sun ONE Identity Server 6.0

  Is there any way of downloading a copy of Identity Server 6.0 - I'm trying to interface to an old system and we don't have the communications link yet, so I'm trying to get around this by installing a copy locally to test the interfaces.
  Regards
  Paul

  If you are a partner you can access the NFR site and download older versions of the products from there. I don't know if it goes all the way back to that version though

• Modifiying View field in Sun ONE Identity Server 6.0

  I have several Roles defined and for users in those roles when they login they should not see the View drop-down menu on the upper left-hand side of the web page. The View should default to Users. Anyone know how to configure this? Thank you.

  If you are a partner you can access the NFR site and download older versions of the products from there. I don't know if it goes all the way back to that version though

• Sun One Web Server 6.1 max value for ChunkedRequestBufferSize

  Hi,
  I was wondering if there was a maximum value for ChunkedRequestBufferSize.
  I have an application that is sending chunked data to the server and I don't really know what the size of the chunks will be.
  I'd like to set a max.
  I know the default is 8K.
  Just wondering if there is a value. Though common sense would tell me it would depend on the heap size :).
  Thanks for your help

  Yes, the buffer is allocated from the heap. It must be less than 2GB and small enough to fit on the heap.

• Policy Agent 2.0 for iis under W2K

  Hi all,
  For those who have the interests to try out the agent 2.0 on W2K platform. Make sure you have the right MFC library installed on the host where you would install the agent, the one downloaded from the download center is not a released build and so, some MFC libraries are assumed to be there to make it works. That, made me headache for few days. I finally figured out this via a dump binary trace.
  rgds,
  Sammy

  Well, After getting the agent to work downloading the MFC 4.2, I was unable to re-create the fix with W2K using the same exact procedures. After some additional research and after getting some advice from the people on this forum; I have discovered the file that the iis5 agent calls is MSVCP60.DLL Apparently this agent was developed with C++ installed, and the dll listed above is necessary for proper operation. It is also NOT in the generic Windows 2K installation. Nor is it included in SP4. I downloaded the file from:
  http://www.dll-files.com/dllindex/dll-files.shtml?msvcp60
  This has fixed the problem on a generic windows 2k box with only SP4 installed. And can be recreated in a lab setting.
  Larry

• Policy agent 2.1 for apache 1.3.27 reinstallation problem

  hi
  i've uninstalled Apache_1.3.27_agent_2.1_sparc-sun-solaris2.8 policy agent [Java(TM) 2 Runtime Environment, Standard Edition (build 1.4.2_04-b05)] to reinstall it from scratch.
  during the reinstallation i've the problem listed below. i did remove all remaining parts of agent but doesn't work.
  Any idea ?
  Thanks
  Installing Sun ONE Identity Server Policy Agent
  Listener:com.iplanet.am.installer.listeners.ApacheInstallListener@1372656 threw exception during "installFinishing" method while listening to SUNWamapc install directory=[DETERMINED AT RUNTIME]:java.lang.reflect.InvocationTargetException
  Target Exception trace:
  java.lang.RuntimeException: error executing ///bin/config at com.iplanet.am.installer.listeners.InstallListenerBase.executeCommand(InstallListenerBase.java:829) at com.iplanet.am.installer.listeners.InstallListenerBase.configureSolarisWebAgent(InstallListenerBase.java:294) at com.iplanet.am.installer.listeners.InstallListenerBase.installFinishing(InstallListenerBase.java:150) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:324)
  at com.sun.install.products.Product.processEvents(Product.java:753) at com.sun.install.products.Product.processEvents(Product.java:787) at com.sun.install.products.Product.processEvents(Product.java:787) at com.sun.install.products.Product.performInstallation(Product.java:643) at com.sun.install.tasks.ProductTask.perform(ProductTask.java:191) at com.sun.wizards.core.Sequence.perform(Sequence.java:336) at com.sun.wizards.core.SequenceManager.run(SequenceManager.java:226) at java.lang.Thread.run(Thread.java:534)

  I had the same problem because of a missconfiguration in AMAgent.properties. I changed manually all URLs to the Identity Server from http to https and found out the port number has definitly to be specified (bad URL parsing of Policy Agent). You should check your configuration...
  HTH
  J�rgen

• This log -------------policy agent 2.1 for iis5.0

  Sun Java System Identity Server Policy Agent 2.1 for Microsoft IIS 5.0
  Sun\Identity_Server\Agents\2.1\debug\C__Inetpub_wwwroot\amAgent
  2004-07-25 18:06:22.156 Warning 1064:00D01120 PolicyAgent: OnPreprocHeaders(): Identity Server Cookie not found.
  2004-07-25 18:06:22.156 Error 1064:00D01120 PolicyAgent: do_redirect() ServerSupportFunction did not succeed: Attempted status = 302 Found
  2004-07-25 18:06:22.156 Warning 1064:00D01120 PolicyAgent: OnPreprocHeaders(): No cookies found.
  2004-07-25 18:06:22.156 Error 1064:00D01120 PolicyAgent: do_redirect() ServerSupportFunction did not succeed: Attempted status = 302 Found
  2004-07-25 18:07:53.921 Error 1064:00D01120 PolicyEngine: am_policy_evaluate: InternalException in Service::getPolicyResult with error message:Policy not found for resource: http://guorui.mygodsun.com:49153/index.asp and code:7
  2004-07-25 18:07:53.921 Warning 1064:00D01120 PolicyAgent: am_web_is_access_allowed(http://guorui.mygodsun.com:49153/index.asp, GET) denying access: status = no policy found (7)
  2004-07-25 18:07:53.937 128 1064:00D01120 RemoteLog: User amAdmin was denied access to http://guorui.mygodsun.com:49153/index.asp.
  2004-07-25 18:07:54.062 Error 1064:00D01120 PolicyAgent: do_redirect(): Error while calling am_web_get_redirect_url(): status = success
  2004-07-25 18:07:54.078 Error 1064:00D01120 PolicyAgent: do_redirect() WriteClient did not succeed: Attempted message = HTTP/1.1 403 Forbidden
  Content-Length: 13
  Content-Type: text/plain
  403 Forbidden
  from that log,help me
  my:
  Sun Java System Identity Server 6.1
  Sun Java System Directory Server 5.2
  Sun Java System Identity Server Policy Agent 2.1 for Microsoft IIS 5.0
  help me for that how config?
  what error ?
  thanks!

  Sorr for so many people faced the sam or similar issues. I just joined this support a short while. If you think any old problem which is still critical to you, please repost. We shall try our best to give you assistance. Jerry
  Here are some of tips for debugging Web agent.
  From the AMAgent.properties, are both IIS and AM are in the same domain? If they are not, then you need to use CDSSO. Also please check in AM, under "Service Configuration-> Platform -> Cookie Domains" , whether cookie is set for the entire domain which includes AM and IIS ("test.com") or just the AM machine name.
  Also check whether correct value for "Agent-Identity Server Shared Secret" is entered. This should be your internal ldap password (amldapuser). In the AMAgent.properties for the below property the password will be encrypted and assigned: "com.sun.am.policy.am.password".
  Could you also check if the Identity servver and the IIS web server are time synchronized. The problem may be that agent requests policy decisions and the response from server may be timed out due to non-syncrhonized clock.
  Don't forget to restart the whole IIS service using internet
  management console after making agent changes.
  Some of the common error codes:
  20: Application authentication failed. This occurs when Agent cannot sucessfully authenticate with Identity Server. This is mainly due to incorrect password for agent entered during agent installation. Please refer to another faq describing how to change password.
  7: Policy not found. This error occurs typically if there are no policies defined on Identity server for the given web server URL. Otherwise, there may be time skew between Identity Server and Agent. So, polices fetched from Identity Server is instantly flushed by Agent and attempted to refetch over and over again. This can be solved by running rdate or similar command to synchronize time between the two machines. It is recommended to run NNTP server syncrhonize times between your Identity systems.

• Which traps are sent by Sun One Application Server?

  In the "Monitoring the Sun ONE Application Server" guide (http://docs.sun.com/source/817-1953/agmon.html#18289) there's no detailed information about which SNMP traps are really sent by the Sun One Application Server sub agent. The only thing said is that "The server subagent sends a message or trap to the NMS when a significant event has occurred".
  Anyone who knows if there's a list anywhere of these events? Or if there's any further documentation on the subject?
  Thanks!

  In that same document, look for "HTTP Server Monitorable Objects". You will get the the equivalent SNMP traps for those.
  Cheers,
  Erick Ramirez
  Melbourne, Australia

• Enable secure session cookie on Sun ONE Web Server 6.1

  How can I enable secure session cookie (JSESSIONID) on Sun ONE Web Server 6.1?.
  For 6.0 is <session-cookie is-secure="true"/> inside the <web-app> tags in web-apps.xml but I'm not able to find this setting for 6.1.

  There is a fix in 6.1sp5 that enables the session cookie to be marked as secure.
  See the release notes and search for 6262885 under Issues Resolved in 6.1sp5:
  http://docs.sun.com/app/docs/doc/819-2479/6n4p1bdea?a=view

• Web Policy Agent 2.1 for Apache 1.3.27 with Identity Server 6.1

  Web Policy Agent 2.1 for Apache 1.3.27 with Identity Server 6.1
  Does anybody has a working combination of the above ? I get a ID login page and after that I always get a access denied page. I get this exception on the agent logs:
  2004-10-14 16:28:00.917 Warning 6347:c1818 PolicyAgent: in get_cookie: no cooki
  e in ap_table
  2004-10-14 16:28:01.895 Warning 6359:c1818 PolicyAgent: Invalid URL for propert
  y (com.sun.am.policy.agents.accessDeniedURL) specified
  2004-10-14 16:28:56.742 Warning 6349:c1818 PolicyAgent: am_web_is_access_allowe
  d(http://xx.xx.xx.net:8080/, GET) denying access: status = access de
  nied (20)
  2004-10-14 16:28:56.743 128 6349:c1818 RemoteLog: User testuser1 was denie
  d access to http://xx.xx.xx.net:8080/.
  2004-10-14 16:28:56.831 -1 6349:c1818 PolicyAgent: URL Access Agent: acces
  s denied to testuser1
  We can ignore Invalid URL property part because its just looking for a custom url in place there. I have cookies enabled in my browser. I even turned on the prompt option. No luck yet.
  Any suggestions would be of great help.
  Thanks,
  Sunil.

  From your description, since the agent installs file with a different JRE, I would suspect it has something to do with the availability of JCE provider in the first JRE. By default, WebSphere's JRE is equipped with IBM JCE provider which is what the agent uses to encrypt the necessary
  information. If this provider is not configured correctly it could result in the error that you are seeing. Please check the WebSphere installation and make sure that the JRE used by it has the necessary IBM JCE provider configured. The java.security file for this should contain something like:
  security.provider.1=sun.security.provider.Sun
  security.provider.2=com.ibm.crypto.provider.IBMJCE
  security.provider.3=com.ibm.jsse.IBMJSSEProvider
  security.provider.4=com.ibm.security.cert.IBMCertPath
  security.provider.5=com.ibm.crypto.pkcs11.provider.IBMPKCS11
  Also, make sure that when you are installing the agent you specify the Java Home as prompted by the agent to point to the location where this JRE is installed. Typically this is under WebSphere/AppServer/java directory. HTH, Jerry

• Policy Agent 2.1 for IBM WebSphere Application Server 5.0 can't install

  I install Policy Agent 2.1 for IBM WebSphere Application Server 5.0
  But Can't install success
  resone:
  Base Installation completed Successfully
  WebSphere 5.0 Agent ClassPath : C:/Sun/IdentityServer/j2ee_agents/lib/am_sdk.jar;C:/Sun/IdentityServer/j2ee_agents/lib/am_services.jar;C:/Sun/IdentityServer/j2ee_agents/lib/am_sso_provider.jar;C:/Sun/IdentityServer/j2ee_agents/lib/am_logging.jar;C:/Sun/IdentityServer/j2ee_agents/config/F__Program Files_WebSphere_AppServer_config_cells_tmbsp103_nodes_tmbsp103_servers_server1;C:/Sun/IdentityServer/j2ee_agents/locale
  WebSphere 5.0 Agent Boot ClassPath : C:/Sun/IdentityServer/j2ee_agents/lib/jdk_logging.jar
  WebSphere 5.0 Agent JVM options : -Damconfig=AMAgent -Dmax_conn_pool=10 -Dmin_conn_pool=1 -Dcom.iplanet.coreservices.configpath=C:/Sun/IdentityServer/j2ee_agents/config/F__Program Files_WebSphere_AppServer_config_cells_tmbsp103_nodes_tmbsp103_servers_server1/ums -Djava.util.logging.manager=com.sun.identity.log.LogManager -Djava.util.logging.config.file=C:/Sun/IdentityServer/j2ee_agents/config/F__Program Files_WebSphere_AppServer_config_cells_tmbsp103_nodes_tmbsp103_servers_server1/AMAgent.properties -Djava.protocol.handler.pkgs=com.ibm.net.ssl.internal.www.protocol -Dws.ext.dirs=C:/Sun/IdentityServer/j2ee_agents/lib
  The server.policy file was configured successfully.
  Global Security Settings Configured Successfully.
  sas.client.props file Configuration FAILED.
  soap.client.props file Configuration FAILED.
  sas.client.props /soap.client.props two file how to Configuration ??

  From your description, since the agent installs file with a different JRE, I would suspect it has something to do with the availability of JCE provider in the first JRE. By default, WebSphere's JRE is equipped with IBM JCE provider which is what the agent uses to encrypt the necessary
  information. If this provider is not configured correctly it could result in the error that you are seeing. Please check the WebSphere installation and make sure that the JRE used by it has the necessary IBM JCE provider configured. The java.security file for this should contain something like:
  security.provider.1=sun.security.provider.Sun
  security.provider.2=com.ibm.crypto.provider.IBMJCE
  security.provider.3=com.ibm.jsse.IBMJSSEProvider
  security.provider.4=com.ibm.security.cert.IBMCertPath
  security.provider.5=com.ibm.crypto.pkcs11.provider.IBMPKCS11
  Also, make sure that when you are installing the agent you specify the Java Home as prompted by the agent to point to the location where this JRE is installed. Typically this is under WebSphere/AppServer/java directory. HTH, Jerry

• Problem instaliing sun one LDAP server on windows server 2008 r2

  Hi all ,
  I am trying to install Ldap server (Sun ONE Directory Server) on windows server 2008
  I am using apache-tomcat-7.0.28 and java jdk1.7.0_05
  I am following this manual for installing :
  https://blogs.oracle.com/marginNotes/entry/installing_directory_server_enterprise_edition1
  I have a problem with the cacao agent and how to install it .
  I've got this error message :
  c:\Program Files\Sun\dsee7\bin>dsccsetup cacao-reg
  Configuring Cacao...
  ## Failed to run "c:/Program Files/Sun/dsee7/ext/cacao_2/bin/cacaoadm.bat" set-
  aram "jdmk-home=c:/Program Files/Sun/dsee7/lib/private"
  #### Cannot create service for instance: [cacao.instance.name].
  #### Cannot perform firstime inialisation and configuration.
  ## Exit code is 1
  Failed to configure Cacao.
  I stuck and with no other solutions . I hope if you could to help with this issue .
  i will glad to know if there is any other ways to install this specific Ldap server ,
  Thanks,
  Alon

  You most likely skipped the step of starting the installed server prior to trying to access admin URL. Please check this document:
  http://docs.sun.com/source/817-1830-10/win.html
  Relevant section is:
  You can start the Administration Server in either of the following ways:
  # Select Start Menu -> Programs -> Sun ONE Web Server, and choose Start Web Server Administration Server.
  # From the Control Panel�s Services item.
  HTH...