How To
ForgeRock Identity Platform
Does not apply to Identity Cloud

How do I create an Agent that inherits group settings using ssoadm in AM (All versions)?

Last updated Sep 22, 2021

The purpose of this article is to provide information on creating an Agent that inherits group settings using ssoadm in AM.


1 reader recommends this article

Overview

Using Agent groups in AM is recommended when you have multiple agents behind a load balancer as it ensures all agents have the same updated configuration. Consider the following flow:

  1. AM sends a notification to the load balancer.
  2. The load balancer sends it on to one of the agents.
  3. The agent receiving the notification updates its configuration; this means the other agents now have out-of-date configurations.

Where an agent group is used instead in the above flow, the load balancer sends the notification to the agent group. This means the agents within this group will inherit the updated settings.

Creating an agent that inherits group settings

You can use ssoadm to create an agent that inherits group settings as follows:

  1. Create the agent group using the following ssoadm command: $ ./ssoadm create-agent-grp -u [adminID] -f [passwordFile] -t [agentType] -e [realmName] -b [agentGroupName]replacing [adminID], [passwordFile], [agentType], [realmName] and [agentGroupName] with appropriate values.
  2. Create the agent using the following ssoadm command: $ ./ssoadm create-agent -u [adminID] -f [passwordFile] -t [agentType] -e [realmName] -b [agentName] -g [agentURL] -s [serverURL] -a [agentProperties] replacing [adminID], [passwordFile], [agentType], [realmName], [agentName], [agentURL], [serverURL] and [agentProperties] with appropriate values.
  3. Assign the agent you created in step 2 to the group you created in step 1 using the following ssoadm command: $ ./ssoadm add-agent-to-grp -u [adminID] -f [passwordFile] -e [realmName] -b [agentGroupName] -s [agentName]replacing [adminID], [passwordFile], [realmName], [agentGroupName] and [agentName] with appropriate values.
  4. Remove any properties from the agent's configuration that you want to be inherited from the agent group using the following ssoadm command: $ ./ssoadm agent-remove-props -u [adminID] -f [passwordFile] -e [realmName] -b [agentName] -a [agentProperties]replacing [adminID], [passwordFile], [realmName], [agentName] and [agentProperties] with appropriate values.
Note

The agent-remove-props command does not support the use of a data file; if you have lots of properties to remove, you may consider using the do-batch command as detailed in How do I make batch changes using ssoadm in AM (All versions)?

Example (AM 7 and later)

The following example demonstrates an agent group being created, a new Web Agent being created, that Web Agent being assigned to the group and finally two properties being removed that should be inherited from the agent group.

$ ./ssoadm create-agent-grp -u uid=amAdmin,ou=People,dc=openam,dc=forgerock,dc=org -f pwd.txt -t WebAgent -e / -b agentGroup1 Agent group was created. $ ./ssoadm create-agent -u uid=amAdmin,ou=People,dc=openam,dc=forgerock,dc=org -f pwd.txt -t WebAgent -e / -b agent1 -g http://agent.example.com:80 -s http://host1.example.com:8080/openam -a userpassword=password Agent configuration was created. $ ./ssoadm add-agent-to-grp -u uid=amAdmin,ou=People,dc=openam,dc=forgerock,dc=org -f pwd.txt -e / -b agentGroup1 -s agent1 Agent was added to group. $ ./ssoadm agent-remove-props -u uid=amAdmin,ou=People,dc=openam,dc=forgerock,dc=org -f pwd.txt -e / -b agent1 -a com.sun.identity.agents.config.sso.only com.sun.identity.agents.config.sso.cache.polling.interval Properties were removed.

Example (Pre-AM 7)

The following example demonstrates an agent group being created, a new Web Agent being created, that Web Agent being assigned to the group and finally two properties being removed that should be inherited from the agent group.

$ ./ssoadm create-agent-grp -u amadmin -f pwd.txt -t WebAgent -e / -b agentGroup1 Agent group was created. $ ./ssoadm create-agent -u amadmin -f pwd.txt -t WebAgent -e / -b agent1 -g http://agent.example.com:80 -s http://host1.example.com:8080/openam -a userpassword=password Agent configuration was created. $ ./ssoadm add-agent-to-grp -u amadmin -f pwd.txt -e / -b agentGroup1 -s agent1 Agent was added to group. $ ./ssoadm agent-remove-props -u amadmin -f pwd.txt -e / -b agent1 -a com.sun.identity.agents.config.sso.only com.sun.identity.agents.config.sso.cache.polling.interval Properties were removed.

See Also

FAQ: Installing and using ssoadm in AM

FAQ: Configuring Agents in Identity Cloud and AM

Using ssoadm in AM

Create Agent Profiles

Create Java Agent Profiles

Related Training

N/A

Related Issue Tracker IDs

N/A


Copyright and Trademarks Copyright © 2021 ForgeRock, all rights reserved.