Tuesday Jul 31, 2007

Configuring Sun Java System Access Manager Policy Agents on IBM WebSphere 6.0 Cluster

 

In this article I am going to discuss how to configure the Sun Java System Access Manager Policy agents on to websphere cluster. For this exercise it is assumed the WebSphere Network Deployment Server (WNDS) has one cell with two clusters in it.(CARE and IS ) Each cluster has exactly two Application Server instances belonging to the same profile, hosting one or more applications. The cluster member Application Servers instances are distributed among two physical nodes as depicted in the diagrams below. The WNDS profile is located in one of the nodes. The clusters are already created before installing the agents. This document will not cover the procedures for creating WebSphere clusters or configuring the IBM HTTP Server for load balancing. Additionally no custom SSL key store is used. The Application Server and Access Manager traffic happens over HTTP.

To deploy the policy agents on the WebSphere clusters there is no need to defederate the nodes.

[Read More]

Thursday Jul 26, 2007

Sun Java System Access Manager Policy Agents - Fetching Header/Response Attributes

Web Applications protected by the Sun Java System Access Manager Policy Agents version 2.2 can obtain the authenticated identity's attributes as well as the resource specific attributes by the following means

  • Set in as HTTP Header values

  • Set in the Browser Cookie as name value pairs.

In this part of doc, only the HTTP header option is discussed. The end application protected by the agents can obtain the authenticated identity's attributes as the HTTP header name value pairs in the following three ways:

  • Retrieve from authenticated identity's profile

  • Retrieve from authenticated identity's Session

  • Retrieve from policy resource response providers

[Read More]

Wednesday Mar 21, 2007

Using OpenDS as a user data store for OpenSSO

Latest version of this article is available here

This is a follow up posting to may original post about OpenSSO and OpenDS. I have tested the OpenSSOOpenDS is used as both configuration and user data store. For this I need to adapt the existing user schema to a form which is acceptable to OpenDS(which more strictly enforcing the schema,spec and DIT content rules). system with OpenDS(bld 30)

[Read More]

Friday Dec 15, 2006

Dynamically enabling/disabling debug mode in the Access Manager Server

In the previous versions of Access Manager servers, to enable the server to debug message mode from the default error mode, one needs to set the com.iplanet.services.debug.level=message in the AMConfig.properties. That is not it, the webcontainer on which the Access Manager is deployed needs to be restarted. This is almost impossible in a production scenario, customers do not want to stop the server or sometimes the anamoly that is being experienced by the customer may not show up if the server is restarted. So there has to be a mechanism to dynamically enable/disable the server's debug level.[Read More]
About

Indira Thangasamy, I manage the OpenSSO Quality engineering team.

Search

Archives
« April 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today