Java Policy Agents 2023.3

Properties reference

This reference covers agent configuration properties.

When you create the agent profile, you choose whether to store the agent configuration in AM’s configuration store or locally to the agent installation. The local configuration file syntax is the same as of a standard Java properties file.

Property aliases

A property alias specifies a path for a property. One property can have an unlimited number of aliases, however, an alias must be unique.

How the agent manages multiple aliases

When a property has multiple aliases, the agent evaluates the aliases in alphabetical order. If each alias specifies a different value for the property, the agent assigns the value specified by the first alias in the alphabetical order, and then propagates that value to the other aliases.

The following example assigns different values to a property with three aliases:

com.sun.identity.agents.app.username=AGENT3
com.sun.identity.agents.config.profilename=AGENT1
org.forgerock.agents.profile.name=AGENT2

The agent evaluates com.sun.identity.agents.app.username first, and propagates that value to the other aliases, resulting in this:

com.sun.identity.agents.app.username=AGENT3
com.sun.identity.agents.config.profilename=AGENT3
org.forgerock.agents.profile.name=AGENT3

How AM manages multiple aliases

Each version of AM recognizes a different group of agent aliases. When you are using AM commands, such as ssoadm to configure an agent, consider the following points on using recognized and unrecognized aliases:

  • When you use a recognized alias in an ssoadm command (for example, com.sun.identity.agents.config.notenforced.ip.cache.size=2000), the agent updates the value for the property represented by that alias.

    For the above example, Max Entries in Not-Enforced IP Cache is displayed as 2000 in the Application tab of the AM console.

  • When you use an unrecognized alias in an ssoadm command (for example, org.forgerock.agents.notenforced.ip.cache.size=4000), the agent creates a custom property.

    For the above example, org.forgerock.agents.notenforced.ip.cache.size=4000 is displayed in Custom Properties, in the Advanced tab of the AM console.

  • When a property is set by both a standard property and a custom property, the custom property takes precedence. The value of the standard property is not updated, and both values are displayed in the configuration.

Property files

The agent searches for local property files in a location defined by a property added to JAVA_OPTS.

In Tomcat, the agent can take the file location from bin/setenv.sh as follows:

JAVA_OPTS="$JAVA_OPTS -Dopenam.agents.bootstrap.dir=/path/to/agents/agent/agent_instance/config"

Bootstrap properties

The agent configurations support the following bootstrap properties:

Properties by function

The agent configurations support properties that have the following functions.

Access denied

Agent

Attributes

Audit

Authentication failure

Authentication service

Client identification

Connection pooling

Container

Continuous security

Cross-domain single sign-on

Cross-site scripting

Custom login redirect

Default Login Redirect

Deprecated

Encryption

Fragment

Fully qualified domain name

Global

Legacy support

Locale

Login

Login Redirect (Default)

Login redirect

Logout

Logs

Miscellaneous

Monitoring

Not-enforced

Notifications

POST data preservation

Policy enforcement

Port check

Pre-authentication

Profile

Query parameter

Required

Response

SameSite

Session

Timeout

User mapping

Copyright © 2010-2023 ForgeRock, all rights reserved.