« Reach Out and Touch... | Main | Spinning for Swag at... »
Friday May 02, 2008

Policy Agent Configuration with Agent 99

When configuring a 3.0 policy agent, you can choose either Local Configuration or Centralized Configuration. (You can also change from centralized to local after configuration using the console.) If Local Configuration is chosen, the properties will be stored in a properties file on the agent machine. You cannot use the console to edit locally configured properties. With Centralized Configuration, 3.0 policy agent properties can be modified using the console or the famadm command line interface.

To set the configuration on the command line, use famadm to set the new property (see table below) com.sun.identity.agents.config.repository.location with a value equal to local. (The default value is centralized.)

The console uses human-readable property labels rather than the programmatic property names; for example, com.sun.identity.agents.config.login.url is displayed as FAM Login URL in the console. When using famadm for configuration, you need to use the 3.0 property names. For version 3.0 web agents, the property names have been changed; for J2EE agents, the property names for 2.2 and 3.0 are the same. Following is a mapping of the old and new web agent properties.

Old Name New Name
com.sun.am.naming.url com.sun.identity.agents.config.naming.url
com.sun.am.log.level com.sun.identity.agents.config.log.level
com.sun.am.policy.agents.config.local.log.file com.sun.identity.agents.config.local.logfile
com.sun.am.policy.am.username com.sun.identity.agents.config.username
com.sun.am.policy.am.password com.sun.identity.agents.config.password
com.sun.am.sslcert.dir com.sun.identity.agents.config.sslcert.dir
com.sun.am.certdb.prefix com.sun.identity.agents.config.certdb.prefix
com.sun.am.certdb.password com.sun.identity.agents.config.certdb.password
com.sun.am.auth.certificate.alias com.sun.identity.agents.config.certificate.alias
com.sun.am.trust_server_certs com.sun.identity.agents.config.trust.server.certs
com.sun.am.receive_timeout com.sun.identity.agents.config.receive.timeout
com.sun.am.connect_timeout com.sun.identity.agents.config.connect.timeout
com.sun.am.tcp_nodelay.enable com.sun.identity.agents.config.tcp.nodelay.enable
com.sun.am.policy.am.login.url com.sun.identity.agents.config.login.url
com.sun.am.cookie.name com.sun.identity.agents.config.cookie.name
com.sun.am.cookie.secure com.sun.identity.agents.config.cookie.secure
com.sun.am.policy.agents.config.local.log.rotate com.sun.identity.agents.config.local.log.rotate
com.sun.am.policy.agents.config.local.log.size com.sun.identity.agents.config.local.log.size
com.sun.am.policy.agents.config.audit.accesstype com.sun.identity.agents.config.audit.accesstype
com.sun.am.policy.agents.config.remote.log com.sun.identity.agents.config.remote.logfile
com.sun.am.policy.agents.config.deny_on_log_failure com.sun.identity.agents.config.deny.access.log.failure
com.sun.am.notification.enable com.sun.identity.agents.config.notification.enable
com.sun.am.policy.am.url_comparison.case_ignore com.sun.identity.agents.config.url.comparison.case.ignore
com.sun.am.policy.am.polling.interval com.sun.identity.agents.config.policy.cache.polling.interval
com.sun.am.sso.polling.period com.sun.identity.agents.config.sso.cache.polling.interval
com.sun.am.policy.am.userid.param com.sun.identity.agents.config.userid.param
com.sun.am.policy.am.userid.param.type com.sun.identity.agents.config.userid.param.type
com.sun.am.policy.agents.config.profile.attribute.fetch.mode com.sun.identity.agents.config.profile.attribute.fetch.mode
com.sun.am.policy.agents.config.profile.attribute.map com.sun.identity.agents.config.profile.attribute.mapping
com.sun.am.policy.agents.config.session.attribute.fetch.mode com.sun.identity.agents.config.session.attribute.fetch.mode
com.sun.am.policy.agents.config.session.attribute.map com.sun.identity.agents.config.session.attribute.mapping
com.sun.am.policy.agents.config.response.attribute.fetch.mode com.sun.identity.agents.config.response.attribute.fetch.mode
com.sun.am.policy.agents.config.response.attribute.map com.sun.identity.agents.config.response.attribute.mapping
com.sun.am.load_balancer.enable com.sun.identity.agents.config.load.balancer.enable
com.sun.am.policy.agents.config.agenturi.prefix com.sun.identity.agents.config.agenturi.prefix
com.sun.am.policy.agents.config.locale com.sun.identity.agents.config.locale
com.sun.am.policy.agents.config.do_sso_only com.sun.identity.agents.config.sso.only
com.sun.am.policy.agents.config.accessdenied.url com.sun.identity.agents.config.access.denied.url
com.sun.am.policy.agents.config.fqdn.check.enable com.sun.identity.agents.config.fqdn.check.enable
com.sun.am.policy.agents.config.fqdn.default com.sun.identity.agents.config.fqdn.default
com.sun.am.policy.agents.config.fqdn.map com.sun.identity.agents.config.fqdn.mapping
com.sun.am.policy.agents.config.cookie.reset.enable com.sun.identity.agents.config.cookie.reset.enable
com.sun.am.policy.agents.config.cookie.reset.list com.sun.identity.agents.config.cookie.reset
com.sun.am.policy.agents.config.cookie.domain.list com.sun.identity.agents.config.cookie.domain
com.sun.am.policy.agents.config.anonymous_user com.sun.identity.agents.config.anonymous.user.id
com.sun.am.policy.agents.config.anonymous_user.enable com.sun.identity.agents.config.anonymous.user.enable
com.sun.am.policy.agents.config.notenforced_list com.sun.identity.agents.config.notenforced.url
com.sun.am.policy.agents.config.notenforced_list.invert com.sun.identity.agents.config.notenforced.url.invert
com.sun.am.policy.agents.config.notenforced_client_ip_list com.sun.identity.agents.config.notenforced.ip
com.sun.am.policy.agents.config.ignore_policy_evaluation_if_notenforced com.sun.identity.agents.config.notenforced.url.attributes.enable
com.sun.am.policy.agents.config.postdata.preserve.enable com.sun.identity.agents.config.postdata.preserve.enable
com.sun.am.policy.agents.config.postcache.entry.lifetime com.sun.identity.agents.config.postcache.entry.lifetime
com.sun.am.policy.agents.config.client_ip_validation.enable com.sun.identity.agents.config.client.ip.validation.enable
com.sun.am.policy.agents.config.profile.attribute.cookie.prefix com.sun.identity.agents.config.profile.attribute.cookie.prefix
com.sun.am.policy.agents.config.profile.attribute.cookie.maxage com.sun.identity.agents.config.profile.attribute.cookie.maxage
com.sun.am.policy.agents.config.cdsso.enable com.sun.identity.agents.config.cdsso.enable
com.sun.am.policy.agents.config.cdcservlet.url com.sun.identity.agents.config.cdsso.cdcservlet.url
com.sun.am.policy.agents.config.logout.url com.sun.identity.agents.config.logout.url
com.sun.am.policy.agents.config.logout.cookie.reset.list com.sun.identity.agents.config.logout.cookie.reset
com.sun.am.policy.am.fetch_from_root_resource com.sun.identity.agents.config.fetch.from.root.resource
com.sun.am.policy.agents.config.get_client_host_name com.sun.identity.agents.config.get.client.host.name
com.sun.am.policy.agents.config.convert_mbyte.enable com.sun.identity.agents.config.convert.mbyte.enable
com.sun.am.policy.agents.config.encode_url_special_chars.enable com.sun.identity.agents.config.encode.url.special.chars.enable
com.sun.am.policy.agents.config.ignore_path_info com.sun.identity.agents.config.ignore.path.info
com.sun.am.policy.agents.config.override_protocol com.sun.identity.agents.config.override.protocol
com.sun.am.policy.agents.config.override_host com.sun.identity.agents.config.override.host
com.sun.am.policy.agents.config.override_port com.sun.identity.agents.config.override.port
com.sun.am.policy.agents.config.override_notification.url com.sun.identity.agents.config.override.notification.url
com.sun.am.policy.agents.config.connection_timeout com.sun.identity.agents.config.connection.timeout
com.sun.am.ignore_server_check com.sun.identity.agents.config.ignore.server.check
com.sun.am.poll_primary_server com.sun.identity.agents.config.poll.primary.server
com.sun.am.ignore.preferred_naming_url com.sun.identity.agents.config.ignore.preferred.naming.url
com.sun.am.policy.agents.config.proxy.override_host_port com.sun.identity.agents.config.proxy.override.host.port
com.sun.am.policy.agents.config.domino.check_name_database com.sun.identity.agents.config.domino.check.name.database
com.sun.am.policy.agents.config.iis.auth_type com.sun.identity.agents.config.iis.auth.type
com.sun.am.replaypasswd.key com.sun.identity.agents.config.replaypasswd.key
com.sun.am.policy.agents.config.iis.filter_priority com.sun.identity.agents.config.iis.filter.priority
com.sun.am.policy.agents.config.iis.owa_enabled com.sun.identity.agents.config.iis.owa.enable
com.sun.am.policy.agents.config.iis.owa_enabled_change_protocol com.sun.identity.agents.config.iis.owa.enable.change.protocol
com.sun.am.policy.agents.config.iis.owa_enabled_session_timeout_url com.sun.identity.agents.config.iis.owa.enable.session.timeout.url
NEW com.sun.identity.agents.config.repository.location
NEW com.sun.identity.agents.config.freeformproperties
NEW com.sun.identity.agents.config.polling.interval
NEW com.sun.identity.agents.config.cleanup.interval

I'll see if I can find mappings between the new names and the console labels and let you know when I do. They ain't always easy to figure out. But, wait, we're not done with agents yet. Here's, what I assume is, Barbara Feldon's only foray into song. It's called 99 and was released when she was on top of her game as Agent 99 in the 1960s television series, Get Smart.

Posted at 02:57PM May 02, 2008 by Michael Teger in Sun  |  Comments[0]

Comments:

Post a Comment:
  • HTML Syntax: NOT allowed