Centralized Agent Configuration and Eurovision

Policy agents function based on a set of configuration properties. Previously, these properties were stored in the AMAgent.properties file that resides on the same machine as the agent. With centralized agent configuration, OpenSSO moves most of the agent configuration properties to the configuration data store.

Agent profiles can be configured to store properties locally (on the machine to which the agent was deployed) or centrally (in the configuration data store), making this new function compatible with both older 2.x agents and newer 3.0 agents. Agent configuration data is now relegated to the following:

  1. FAMAgentBootstrap.properties\* contains bootstrap data and is stored on the agent machine. This file indicates the location from where the configuration properties need to be retrieved. It is used by agents profiles configured locally or centrally.
  2. FAMAgentConfiguration.properties\* contains local configuration data and is stored on the agent machine. It is only used by agent profiles configured locally.
  3. The configuration data store holds the remainder of the agent configuration data.

With agent configuration centralized, an administrator is able to manage multiple agent configurations from the OpenSSO console. Most of the agent properties are hot swappable. (Properties can be modified without rebooting the underlying agent web container.) Additionally, notification of the agent when configuration data changes and polling by the agent for configuration changes is enabled. Agents can also receive notifications of session and policy changes.

NOTE: The configuration change notification does not contain the new data; it is just a ping that, when received, tells the agent to make a call to OpenSSO and reload the latest. Session and policy notifications, on the other hand, contain the actual data changes. Also, when using a load balancer, the notification is sent directly to the agent whose configuration has been changed. It does not go through the load balancer.

The figure below illustrates how an agent retrieves bootstrapping and local configuration data, and configuration data from the configuration data store.

Now that you've got an idea about centralized agent configuration in OpenSSO, how about checking out the Icelandic entry in Eurovision 2008. Here's Euroband singing This Is My Life.

\*UPDATE: Thanks to Sean for the properties files update.
Comments:

I'm using the 2.2-01 apache webagent and I've been unable to get centralized management working for the most basic things (like login.url / FAM login url). The agent is installed, and it redirects based on the value in the local configuration file, I have changed the username and password (encrypted with cryptit), created an agent under Configuration->Agents. I added a FAM login url to the access manager that is different than the one specified in the properties file and I'm always directed to login url specified in the properties file. Roughly the same goes for the "non protected" URLs. Is centralized management available in the windows apache web agent?

Version: 2.2-01
Date: Thu Aug 23 03:25:56 PDT 2007
Build Platform: WOOKIE
Hotpatch Version: Hotpatch-

Thanks
Ahnjoan

This has been cross posted to the users opensso mailing list

Posted by Ahnjoan Amous on June 11, 2008 at 05:34 AM PDT #

I'm glad you cross posted, Ahnjoan. I'm not the most knowledgeable agent person and someone on the list will know.

Posted by DocTeger on June 13, 2008 at 01:46 AM PDT #

Post a Comment:
Comments are closed for this entry.
About

docteger

Search

Categories
Archives
« April 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today