http://docs.sun.com/app/docs/doc/819-4770/6n6ta765o?l=zh&q=ftp&a=viewTo Create or Update an Agent Profile in Access Manager
Perform the following tasks in Access Manager Console. The key steps of this task involve creating an agent ID (agent profile name) and an agent profile password.
-
With the Access Control tab selected click the name of the realm for which you would like to create an agent profile.
-
Select the Subjects tab.
-
Select the Agent tab.
-
Click New.
-
Enter values for the following fields:
ID. Enter the agent profile name or identity of the agent.
This is the agent profile name, which is the name the agent uses to log into Access Manager. Multi-byte names are not accepted. Do not use the web agent default value of UrlAccessAgent.
Password. Enter the agent profile password.
Do not use the web agent default value of this password. The web agent default value of this password is the password of the internal LDAP authentication user, commonly referred to as amldapuser.
Password (confirm). Confirm the password.
Device Status. Select the device status of the agent. The default status is Active. If set to Active, the agent will be able to authenticate to and communicate with Access Manager. If set to Inactive, the agent will not be able to authenticate to Access Manager.
-
Click Create.
The list of agents appears.
-
(Optional) If you desire, add a description to your newly created agent profile:
-
Click the name of your newly created agent profile in the agent list.
-
In the Description field, enter a brief description of the agent.
For example, you can enter the agent instance name or the name of the application it is protecting.
-
Click Save.
http://docs.sun.com/app/docs/doc/819-4768/6n6t8a523?l=zh&a=view
Using the Installation Program of Agent for Apache Tomcat Servlet/JSP Container
After you issue the agentadmin command and accept the license agreement (if necessary) the installation program appears, prompting you for information.
The steps in the installation program are displayed in this section in an example interaction. Your answers to prompts can differ slightly or greatly from this example depending upon your specific deployment. In the example, most of the defaults have been accepted. This example is provided for your reference and does not necessarily indicate the precise information you should enter.
The following bulleted list provides key points about the installation program.
-
Each step in the installation program includes an explanation that is followed by a more succinct prompt.
-
For most of the steps you can type any of the following characters to get the results described:
- ?
-
Type the question mark to display Help information for that specific step.
- <
-
Type the left arrow symbol to go back to the previous interaction.
- !
-
Type the exclamation point to exit the program.
-
Most of the steps provide a default value that can be accepted or replaced. If a default value is correct for your site, accept it. If it is not correct, enter the correct value.
About Installation Prompts in Agent for Apache Tomcat Servlet/JSP Container
The following list provides information about specific prompts in the installation. Often the prompt is self explanatory. However, at other times you might find the extra information presented here to be very helpful. This extra information is often not obvious. Study this section carefully before issuing the agentadmin --install command.
- The Deployment URI for the Agent Application
-
The deployment URI for the agent application is required for the agent to perform necessary housekeeping tasks such as registering policy and session notifications, legacy browser support, and CDSSO support. Accept /agentapp as the default value for this interaction. Once the installation is completed, browse the directory PolicyAgent-base/etc. Use the agentapp.war file to deploy the agent application in the application container. Please note that the deployment URI for agent application during install time should match the deployment URI for the same application when deployed in the J2EE container.
- The Encryption Key
-
This key is used to encrypt sensitive information such the passwords. The key should be at least 12 characters long. A key is generated randomly and provided as the default. You can accept the random key generated by the installer or create your own using the .agentadmin --getEncryptKey command.
For information about creating a new encryption key, see agentadmin --getEncryptKey.
- The Agent Profile Name
-
An agent profile should have been created as a pre-installation step. The creation of the agent profile is mentioned in that section. For the pre-installation steps, see Preparing to Install Agent for Apache Tomcat Servlet/JSP Container. For the actual information on creating an agent profile, see Creating a J2EE Agent Profile.
In summary, the J2EE agent communicates with Access Manager with a specific ID and password created through an agent profile using Access Manager Console. For J2EE agents, the creation of an agent profile is mandatory. Access Manager uses the agent profile to authenticate an agent. This is part of the security infrastructure.
- The J2EE Password File
-
The J2EE password file should have been created as a pre-installation step. For the pre-installation steps, see Preparing to Install Agent for Apache Tomcat Servlet/JSP Container.
When the installation program prompts you for the password for the agent, enter the fully qualified path to this password file.
After you have completed all the steps, a summary of your responses appears followed by options that allow you to navigate through those responses to accept or reject them.
When the summary appears, note the agent instance name, such as agent-001. You might be prompted for this name during the configuration process.
About the options, the default option is 1, Continue with Installation.
-
If you are satisfied with the summary, choose 1 (the default).
-
If you want to edit input from the last interaction, choose 2.
-
If you want to edit input starting at the beginning of the installation program, choose 3.
-
If you want to exit the installation program without installing, choose 4.
You can edit your responses as necessary, return to the options list, and choose option 1 to finally process your responses.
Example of Installation Program Interaction in Agent for Apache Tomcat Servlet/JSP Container
The following example is a sample installation snapshot of Policy Agent 2.2 for Apache Tomcat Servlet/JSP Container. By no means does this sample represent a real deployment scenario.
The section following this example, Implications of Specific Deployment Scenarios in Agent for Apache Tomcat Servlet/JSP Container, provides a short explanation about installing a J2EE agent on multiple Apache Tomcat Servlet/JSP Container instances. If your deployment includes multiple instances of the deployment container, you might want to review that section before proceeding with the agent installation. See Installing a J2EE Agent on Multiple Apache Tomcat Servlet/JSP Container Instances.
************************************************************************
Welcome to the Access Manager Policy Agent for Apache Tomcat 5.5 Servlet/JSP Container
************************************************************************
Enter the complete path to the directory which is used by Tomcat Server to
store its configuration Files. This directory uniquely identifies the
Tomcat Server instance that is secured by this Agent.
[ ? : Help, ! : Exit ]
Enter the Tomcat Server Config Directory Path
[/opt/jakarta-tomcat-5.5.9/conf]:
Enter the fully qualified host name of the server where Access Manager
Services are installed.
[ ? : Help, < : Back, ! : Exit ]
Access Manager Services Host: accessmanager.example.com
Enter the port number of the Server that runs Access Manager Services.
[ ? : Help, < : Back, ! : Exit ]
Access Manager Services port [80]: 8880
Enter http/https to specify the protocol used by the Server that runs Access
Manager services.
[ ? : Help, < : Back, ! : Exit ]
Access Manager Services Protocol [http]:
Enter the Deployment URI for Access Manager Services.
[ ? : Help, < : Back, ! : Exit ]
Access Manager Services Deployment URI [/amserver]:
Enter the fully qualified host name on which the Application Server
protected by the agent is installed.
[ ? : Help, < : Back, ! : Exit ]
Enter the Agent Host name: mycomputer.example.com
$CATALINA_HOME environment variable is the root of the tomcat
installation.
[ ? : Help, < : Back, ! : Exit ]
Enter the $CATALINA_HOME environment variable: /opt/jakarta-tomcat-5.5.9/
Choose yes to deploy the policy agent in the global web.xml file.
[ ? : Help, < : Back, ! : Exit ]
Install agent filter in global web.xml ? [true]:
Enter the preferred port number on which the application server provides its
services.
[ ? : Help, < : Back, ! : Exit ]
Enter the port number for Application Server instance [80]: 8080
Select http or https to specify the protocol used by the Application server
instance that will be protected by Access Manager Policy Agent.
[ ? : Help, < : Back, ! : Exit ]
Enter the Preferred Protocol for Application Server instance [http]:
Enter the deployment URI for the Agent Application. This Application is used
by the agent for internal housekeeping.
[ ? : Help, < : Back, ! : Exit ]
Enter the Deployment URI for the Agent Application [/agentapp]:
Enter a valid Encryption Key.
[ ? : Help, < : Back, ! : Exit ]
Enter the Encryption Key [/gyU5SVWPY/B4TxWhC9m36Bz7pYdcXMS]:
Enter a valid Agent profile name. The agent profile name is used to identify
the agent in Access Manager.
[ ? : Help, < : Back, ! : Exit ]
Enter the Agent Profile name: j2ee
Enter the path to a file that contains the password to be used for identifying
the Agent.
[ ? : Help, < : Back, ! : Exit ]
Enter the path to the password file: /opt/test
-----------------------------------------------
SUMMARY OF YOUR RESPONSES
-----------------------------------------------
Tomcat Server Config Directory : /opt/jakarta-tomcat-5.5.9/conf
Access Manager Services Host : accessmanager.example.com
Access Manager Services Port : 8880
Access Manager Services Protocol : http
Access Manager Services Deployment URI : /amserver
Agent Host name : mycomputer.example.com
$CATALINA_HOME environment variable : /opt/jakarta-tomcat-5.5.9/
Tomcat global web.xml filter install : true
Application Server Instance Port number : 8080
Protocol for Application Server instance : http
Deployment URI for the Agent Application : /agentapp
Encryption Key : /gyU5SVWPY/B4TxWhC9m36Bz7pYdcXMS
Agent Profile name : j2ee
Agent Profile Password file name : /opt/test
Verify your settings above and decide from the choices below.
1. Continue with Installation
2. Back to the last interaction
3. Start Over
4. Exit
Please make your selection [1]: 1
Updating the /opt/jakarta-tomcat-5.5.9/bin/setclasspath.sh script
with the Agent classpathDONE.
Creating directory layout and configuring AMAgent.properties file for
agent_001 instance ...DONE.
Reading data from file /opt/test and encrypting it ...DONE.
Generating audit log file name ...DONE.
Creating tag swapped AMAgent.properties file for instance agent_001 ...DONE.
Creating a backup for file /opt/jakarta-tomcat-5.5.9/conf/server.xml
...DONE.
Creating a backup for file /opt/jakarta-tomcat-5.5.9/conf/web.xml ...DONE.
Adding SJS Tomcat Agent Realm to Server XML file :
/opt/jakarta-tomcat-5.5.9/conf/server.xmlDONE.
Adding filter to Global deployment descriptor file :
/opt/jakarta-tomcat-5.5.9/conf/web.xmlDONE.
Adding SJS Tomcat Agent Filter and Form login authentication to selected Web
applicationsDONE.
|