Sun's AMAgent

When I run my portal on a window's server, authenticating through sun's access manager, i have no problems. But when I convert to a linux box, none of my jsp's are getting called / displayed. If i take the amagentfilter out, content still displays in both windows and linux. It is only with the filter on, on the linux box, that the jsps will not display. But if I do something such as response.getWriter().println("in do view"), that will display.
any ideas?
Also, running on weblogic 8.1 sp3 on both systems

Hi,
I checked with SUN Support and they have confirmed (if I could say that) this limitation.
Still waiting to hear back from SUN support on any workarounds because this limitation is not documented.
regards
- Paras

Similar Messages

  • Policy Agent doesn't reset Sun  Access Manager session time idle value

    Hi,
    We have the following setup in our environment:
    - apache web server/web and policy agent 2.2 for apache 2.0.54
    - webmethods portal server (jetty)
    -Sun Access Manager (with Sun Directory Server)
    We use policy agent for authentication purpose only (via Sun Access Manager/LDAP) when the users access the portal. We have custom code that creates session in Sun Access Manager for custom LDAP services. For testing purpose, we configure SAM session to have Max Session Timeout at 120mins and Time Idle at 15mins. I would assume that, after the initial login request, for all subsequent accesses to the portal the policy agent should intercept the request and reset the Time Idle value of SAM session. However, when I monitor time idle value using SAM console, session tab, the time idle value didn't change when the portal user access pages, submit actions, etc. I can see in the debug log of policy agent that requests are being intercepted/processed, but the time idle didn't get reset.
    Does anyone know if this is a bug in configuration or in policy agent itself or am I making the wrong assumption?
    Thanks a lot for the help.

    Thanks for the reply, Shivaram. The issue appears to occur at random time, not accurately at the 3 min interval as you mention. I tested changing this value to 1, theoretically, after one 1 minute of idle time, accessing a link would make the agent reset the time idle value for the user session in SAM, but it didn't even after 3 minutes. This seems to be either a policy agent or system access manager bug.
    We performed a 'vanilla' test using the apache server manual pages (only plain HTML, no POST requests), the pages are protected by the policy agent. At the first login, rwe were prompted to enter credential to be validated by SAM/LDAP, and then a user session is created in SAM session table. We browse around the manual pages, once in a while, certain pages cause the policy agent to reset the time idle. However, revisiting these links after a few minutes doesn't reset the idle value. Caching setting has been disable as well. Could there be or lack of some settings in AMConfig.properties or AMAgent.properties that might have caused this behavior?
    Thanks for all your help,

  • Com.sun.identity.authentication.spi.AuthLoginException:

    Hello -
    I'm currently trying to integrate IDM 7.1, Access Manager 7.1 and Directory Server 6.0...
    The problem that I am running into is trying to register Access Manager 7.1 as a resource in IDM:
    I am utilizing the Sun Java Access Manager Realm Resource Adapter.
    I am getting the following exception -
    Test connection failed for resource(s):
    SunAccessManagerRealm: Could not connect as user �uid=amAdmin,ou=People,o=AMRoot� with specified password ==> com.waveset.util.WavesetException: Could not connect as user �uid=amAdmin,ou=People,o=AMRoot� with specified password ==> com.sun.identity.authentication.spi.AuthLoginException: Failed to create new Authentication Context:Naming Service is not available
    I've done the following:
    1) I have verified that the naming service is available because I get the following message when I access the url:
    �Webtop 2.5 Platform Low Level request servlet�
    2) I have edited and added the proper lines in AMAgent.properties
    3) I have created a policy for IDM in AM
    4) I have copied the jar files into IDM_Install_Dir/WEB-INF/lib
    5) I have copied the AMConfig.properties file into IDM_Install_Dir/WEB-INF/classes
    6) Added the custom resource (with no errors) under Configure Types in IDM
    Any help would be greatly appreciated.

    try to use only the amclientsdk.jar and a minimal AMConfig.properties file in the IDM WEB-INF/classes directory. Try these values (modify for your env):
    com.iplanet.am.naming.url=http://amserver.com:80/amserver/namingservice
    com.iplanet.am.naming.failover.url=
    com.iplanet.services.debug.level=error
    com.iplanet.services.debug.directory=/tmp/amDebug
    com.iplanet.security.encryptor=com.iplanet.services.util.JCEEncryption
    com.iplanet.am.notification.url=
    com.sun.identity.agents.notification.enabled=false
    com.sun.identity.agents.notification.url=
    com.sun.identity.agents.app.username=amadmin
    com.iplanet.am.service.password=amdminpassword
    am.encryption.pwd=encpassword

  • InternalException in amAgent logs causing Error 500 in Apache 2 webserver?

    Everyday, at random times of the day, there'll be a log entry that says:
    Error 25233:5d8d70 PolicyEngine: am_policy_evaluate: InternalException in Service::do_update_policy with error message:Policy query failed. and code:6
    And there appears to be periodical 500 errors happening, and the times of their occurrences coincides with the above amAgent exception
    agent version: Version: 2.2-01
    apache version: 2.0.54
    Any ideas for possible causes?
    Would appreciate if anyone could shed some light on what's Code:6
    Thanks

    Hi all,
    we have the same problem.
    Did you resolve it?
    In our environment the problem occurs only when there is a certain number of concurrent users (10 or plus) and sporadically (depends on the traffic - every 5 minutes). When occurs the browser returns internal Server Error.
    We have the following scenario:
    LVS Load Balancer
    Apache 2.0.63
    Sun Policy Agent v 2.2.01 per Apache 2.0.54
    LVS Load Balancer
    Sun Web Server 7.0u3
    Sun Access Manager 7.1
    Sun Directory Server 6.3
    The logs are:
    access.log on Apache web Server
    "GET /Applicazione/dir1/file1?action_name=xyz HTTP/1.1" 500 695amAgent on Policy Agent - Apache web Server
    Error 17774:87e2c20 ThreadPool: ThreadPool::~ThreadPool(): Active thread count is not zero.
    Error 17579:9adbc20 PolicyEngine: am_policy_evaluate: InternalException in Service::do_update_policy with error message:Policy query failed. and code:6 amAutentication.error on AMServer
    "Login Timed Out." LDAP AUTHENTICATION-207 dc=xyz,dc=xyz,dc=xyz "Not Available" INFO "Not Available" xxx.xxx.xxx.xxx "cn=dsameuser,ou=DSAME Users,dc=xyz,dc=xyz,dc=xyz" firewall.<dominio>
    amPolicy.access on AMServer
    "index|dc=xyz,dc=xyz,dc=xyz|iPlanetAMWebAgentService|https://xxx.xxxx.xxxx-xxxx.xx:443|[GET, POST]|POST=[allow]\\nGET=[allow]\\n" amPolicy.access POLICY-1 "Not Available" f0c5fc9c266c9e702 INFO "Not Available" xxx.xxx.xxx.xxx "cn=dsameuser,ou=DSAME Users,dc=xyz,dc=xyz,dc=xyz" firewall.<dominio>
    debug/amPolicy on AMServer
    ERROR: PolicyRequestHandler: Evaluation error
    com.iplanet.sso.SSOException: Session state is invalid.
            at com.iplanet.sso.providers.dpro.SSOTokenImpl.addSSOTokenListener(SSOTokenImpl.java:405)
            at com.sun.identity.policy.plugins.AMIdentitySubject.isMember(AMIdentitySubject.java:447)
            at com.sun.identity.policy.Subjects.isMember(Subjects.java:622)
            at com.sun.identity.policy.Policy.getPolicyDecisionSRC(Policy.java:1960)
            at com.sun.identity.policy.Policy.getPolicyDecision(Policy.java:1549)
            at com.sun.identity.policy.PolicyEvaluator.getPolicyDecision(PolicyEvaluator.java:596)
            at com.sun.identity.policy.PolicyEvaluator.getPolicyDecision(PolicyEvaluator.java:529)
            (...)debug/amSession on AMServer
    ERROR: SessionRequestHandler encounterd exception
    com.iplanet.sso.SSOException: AQIC5wM2LY4SfcwmGdPXuFXAbqKO6vDYo6/KrBHC+0UfOm4=@AAJTSQACMTAAAlMxAAIwMg==# Invalid session ID.AQIC5wM2LY4SfcwmGdPXuFXAbqKO6vDYo6/KrBHC+0UfOm4=@AAJTSQACMTAAAlMxAAIwMg==#
            at com.iplanet.sso.providers.dpro.SSOProviderImpl.createSSOToken(SSOProviderImpl.java:178)
            at com.iplanet.sso.SSOTokenManager.createSSOToken(SSOTokenManager.java:305)
            at com.sun.identity.session.util.RestrictedTokenContext.unmarshal(RestrictedTokenContext.java:125)
            at com.iplanet.dpro.session.service.SessionRequestHandler.processRequest(SessionRequestHandler.java:140)
                        (...)Do you have any suggestions?
    Thanks.

  • Integration of sun identity manager with sun access manager

    Hi i am working on integration of sun identity manager 6.0 with SP1 and sun access manager7.0.IDM was deployed on Sun application server 8.1.SAm is installed on SunOneWebserver i am working on windows 2003 server.I downloaded the agent for the application server and installed.
    when i am configuring resource in IDM i am getting following error.
    testconnection failed for resource(s):
    sun access manager could notconnect as user 'amadmin' with specified password==>com.sun.identity.authentication.spi.AuthLoginException:failed to create new AuthenticationContext{0}\n.
    i modified amagent.properties,amconfig.properties and web.xml also
    can any one help me on this.

    Hi i am working on integration of sun identity manager 6.0 with SP1 and sun access manager7.0.IDM was deployed on Sun application server 8.1.SAm is installed on SunOneWebserver i am working on windows 2003 server.I downloaded the agent for the application server and installed.
    when i am configuring resource in IDM i am getting following error.
    testconnection failed for resource(s):
    sun access manager could notconnect as user 'amadmin' with specified password==>com.sun.identity.authentication.spi.AuthLoginException:failed to create new AuthenticationContext{0}\n.
    i modified amagent.properties,amconfig.properties and web.xml also
    can any one help me on this.

  • Is soap provider agent only available for Sun app server 9.1?

    See the blue print on securing web services with soap provider agent. Is this agent embedded within the J2EE agent for sun app server 9.1? Is the same "soap provider agent" available for websphere 6.x or iis server?
    Thanks

    the agentadmin --install script does not seem to add all the required things to the server-classpath in the domain.xml
    mine now looks like this:
    /opt/j2ee_agents/appserver_v9_agent/lib/agent.jar
    /opt/j2ee_agents/appserver_v9_agent/locale
    /opt/j2ee_agents/appserver_v9_agent/Agent_001/config
    /opt/j2ee_agents/appserver_v9_agent/lib/amclientsdk.jar
    /opt/j2ee_agents/appserver_v9_agent/lib/fmclientsdk.jar
    /opt/j2ee_agents/appserver_v9_agent/lib/opensso-installtools.jar
    /opt/j2ee_agents/appserver_v9_agent/lib/opensso-installtools-launcher.jar
    AND, I've added a system property:
    -Dcom.sun.identity.agents.config.location=/opt/j2ee_agents/appserver_v9_agent/Agent_001/config/AMAgent.properties
    I now at least get a different error:
    Servlet.service() for servlet jsp threw exception
    java.lang.ExceptionInInitializerError
         at com.sun.identity.agents.filter.URLPolicyTaskHandler.initialize(URLPolicyTaskHandler.java:63)
    com.sun.enterprise.web.HttpServiceWebContainer.service(HttpServiceWebContainer.java:2114)
    Caused by: java.lang.RuntimeException: Exception caught in AmWebPolicyManager initializer: Unable to load IAmWebPolicy: com.sun.identity.agents.policy.AmWebPolicy
         at com.sun.identity.agents.policy.AmWebPolicyManager.<clinit>(AmWebPolicyManager.java:135)
         ... 24 more

  • Problem: Protect Sun Web Proxy Server 4.0.5 with Policy Agent 2.2

    We are trying to protect the Sun Web proxy Server 4.0.5 with policy agent 2.2 on solaris 10 machine.
    We are using Access Manager 7.1 along with directory server 6.2
    We are trying to protect the web proxy console url http://domain.example.com with that policy agent so that when we hit web proxy console url
    it should through us access manager login page ie http://abc.com/amserver.
    How can we achieve this.What all changes required in the AMAgent.properties file.Please suggest.

    Hi subho,
    problem is fixed. i have unistalled the policy agent and reinstalled it again. the problem i found is we didnt stop the webproxy instance when installing policy agent. Thanks for the reply

  • What are the clusterable services in Sun App server 8.1?

    My guess is stateful session beans and entity beans.
    what about JMS and timer services?
    thanks,
    Nasrin

    Did you download AS8.1 agent under http://www.sun.com/download/products.xml?id=4266924d?
    If you can unjar am_as81_agent_2_1.jar after installing the J2EE agent, you will find AgentRealm.class under com.sun.amagent.as.realm.
    Please also note that page 161 of J2EE agent guide shows how to disable AgentRealm to better fit your agent policy mode. Check it out http://docs-pdf.sun.com/816-6884-10/816-6884-10.pdf
    Jerry

  • Security Realm class for agentRealm in Sun App server 8.1

    hi All,
    Can someone tell me what the name of the agentRealm class is for configuring agentRealm in Sun app server 8.1. The Policy agent Guide for App server 7 has it as the following
    <auth-realm name="agentRealm"
    classname="com.sun.amagent.as.realm.AgentRealm">
    But I cannot find this class in the Agent Jars for App server 8.1 Policy Agents 2005 Q1
    Thanks for any help.

    Did you download AS8.1 agent under http://www.sun.com/download/products.xml?id=4266924d?
    If you can unjar am_as81_agent_2_1.jar after installing the J2EE agent, you will find AgentRealm.class under com.sun.amagent.as.realm.
    Please also note that page 161 of J2EE agent guide shows how to disable AgentRealm to better fit your agent policy mode. Check it out http://docs-pdf.sun.com/816-6884-10/816-6884-10.pdf
    Jerry

  • Very Urgent: Sun Access Manager 7.1 SSO with Domino 6.5.4

    Hi,
    I am facing some perplexing issue while making SSO work on Domino ( running on Win2k3 )using Sun AM 7.1( running on the same machine ).
    After following all the steps outlined in the policy agent 2.2 guide, I am not being able to access 'names.nsf' in the browser. The Domino Server is getting crashed.
    The log which I get in 'amagent' says :
    2007-05-31 00:31:11.906 Error 4136:7b42aa8 PolicyAgent: render_response(): Entered.
    2007-05-31 00:32:01.109 Error 4136:7b43210 PolicyEngine: am_policy_evaluate: InternalException in AuthService::create_auth_context() with error message:Error sending request for authentication context from server. and code:16
    What do I need to do inorder to make it work.
    I also have some questions regarding the agent. The doc says that the name of the DSAPI filter is "libamdomino6.dll". whereas in the agent which i downloaded from SUN, i only see "amdomino6.dll" & "amdomino.dll". Are the dlls correct. Which one should I use?
    Also i have set the values in properties file as :
    com.sun.am.policy.am.username =testAgent
    com.sun.am.policy.am.password =LYnKyOIgdWt404ivWY6HPQ==
    after creating an Agent under Subjects under the main realm. Have also put the crypted password.
    Moreover, Now if i remove the DSAPI filter value, then the domino server is no longer protected. And i can access any url on the server.
    If you have any idea as to how to make this work, please let me know asap.
    Thanks & Regards,
    Niraj

    Hi,
    I installed opensso (so Sun Java(TM) System Access Manager 7.5) and the agent for Domino 6.5.4 and I have the message in logs "amAgent"
    2007-07-11 18:40:16.119 Error 1708:3dbcf768 PolicyAgent: render_response(): Entered.
    I have the box to identify but it doesnot connect me on my opensso server.
    It still identify with Domino's server
    Thanks for your response
    Thomas

  • SUN Access Manager session attributes

    I'm trying to find out which session attributes that are available for a Policy Agent out of the box from Access Manager 7.1
    The AMAgent.properties file has a property:
    com.sun.am.policy.agents.config.session.attribute.map=
    But the question is which attributes you can fetch through this settup.
    I'm only found the property: successURL.
    I would like to get the authentication level and end user IP adress.

    One clarification. AM 6.1 did have session failvoer feature. But it was container dependent. It used container features to provide this. Each container had its on configuration. It was made independent of the containers in AM 6.3 release. I would stonglry recommend using AM 6.3 or above if you are using session failover.
    shivaram

  • Queries about some AMAgent properties attributes

    I have a fundamental q about AMAgent.properties for a J2EE agent -
    what is the difference between com.sun.am.naming.url and com.sun.am.policy.am.login.url?
    thx
    anand

    Check that the agent can locate the AMAgent.properties configuration file.
    The agent uses the registry key HKEY_LOCAL_MACHINE\Software\iPlanet\DSAME IIS Agent\4.0 to locate the AMAgent.properties file. The AMAgent.properties file is located at:
    Agent_Install_Dir\Agents\iis40\config
    John
    http://www.latimes.com/search/dispatcher.front?page=1&target=google&y=1&x=20&Query=site:www.media-press-release.com+press

  • How to manage coexistance of IIS policy agent and sun-passthrough from AS

    We have an ISS 6 with Policy Agent 2.2 and on same instance we have the sun-passthrough plugin installed to redirect certain pages to an Application mounted on Sun App Server 8,2. We need to apply policies to requests to those pages before redirection is done but seams that passthrough plugin is taking precedence over Policy Agent. Therefore, policies are not evaluated and all traffic is passed. PA agent is installed as a wild card and passthrough as an ISAPI filter. We do not see a way to change priority (already set to HIGH) for the passthrough plugin. PA has the option on amAgent.properties and we set it allready to HIGH. Any hint?
    Edited by: blancay on Sep 20, 2008 9:47 AM

    1) How to restrict the new employee from availing any type of leave company have a policy only after completion of probation employee can avail sick leave?
    Note 897623 User Exits in PT
    Use user exit to check It0019 or monitoring of tasks or reminder of dates or 0041 IT
    2) Sick leaves can be availed only after completion of 1 year wht are the settings do i need to set?
    You can use quota deduction and user exit and read dates from 0041 for his entry date in company
    3) Earned leaves can be given to employees those who complete 2 years of service? what are the settings for this?
    base entitlement ie seniority quota check table v_t559l
    4) Intervening holidays and weekly offs can be treated as leaves in sick leave as well as earned leaves what are the customizing settings for this?
    counting rule and exit
    5) only female employees are entitled to avail maternity leave?what are the settings for this?
    feature pe03 MASEX  Set Infotype 80 Admissability for Employees
    read more on help.sap.com

  • Configuring CDSSO on Sun appserver 7 (update 8)

    Guys,
    I have the following senario
    Sun Appserver 7_08
    Policy Agent 2.1.1
    Windows XP Profesional.
    Tried an application and the policy in a single domain scenario. The so called filter mode was configured 'ALL'. I this scenario, the SJS Acess Manager and Poicy Agent where working fine.
    Agent log
    [Sunday, January 15, 2006 5:48:36 PM GMT+01:00] [AQIC5wM2LY4SfcyVFwe/R26ZBXn84qASkWoeXrU87VOC1SI=@AAJTSQACMDE=#]
    Access to http://frege.afrikaring.net:80/test/everyone/ allowed for user uid=wdoorn,ou=People,o=demo,dc=afrikaring,dc=net
    After that I changed the domain of the appserver machine. Change the AMAgent.proverties as well to create a cross domain situation. I created new policies in the SJS Access Manager (new resource with hostname). This resulted in the fact that the authentication was failing. The agent log tells us the following.
    Access to http://java.domain3.nl:80/test/everyone/ denied for user UNKNOWN [Sunday, January 15, 2006 9:55:54 PM GMT+01:00] [null]
    Even if the user is logged in to SJS access Manager first.
    My questions is whether CDSSO is working in combination with appserver 7 (update 8) and Policy Agent 2.1.1 on Windows XP Professional OS.
    Thanks in advance for any help,
    Elger

    Have you already set the debug and had a look into the agent�s debug log.
    Have you put the "cdssoredirecturi" into the notenforced-list?

  • Default Value is not getting displayed in SUN ONE Ldap

    Hello,
    I have created an attribute in slapd.user_at.conf and it is associated in slapd.user_oc.conf.
    The attribute default value is given through SUN ONE Console. But, In our application the default value is not getting displayed.
    We need the default value to run our applicatin. Can anyone help me for this issue
    Regards,
    K. Senthil Kumar

    Hi anandkumar,
    I belive this issue can be resolved by changing the  Query proprties for the perticular field.
    Kindly check the Field proerties in query designer and ensure that Text is enabled ather than Key.
    __Field property check up:__Go to query designer->click onn the field-> Right hand side in properties click on display tab-> select Text in drop down menu of Display as tab.
    FURTHER CHECK UP: check the master data avaiulability for the perticular info object, if masterdata is not available, do the text data for txt data availability in report level.
    Hope this helps you!!
    Best Regards,
    Maruthi

Maybe you are looking for