Configuring AM 6.0.0.x
AM 6 introduced profile changes to support Agents 5, which removed the legacy login and logout URL property values required by older policy agents. If you try to use Web policy agents 4.x or JEE policy agents 3.5.x without setting these properties, you may encounter 403 Forbidden responses and will see the following error in the agent debug.log:
2018-10-11 11:37:26.436 +1000 ERROR [0x7fe007f1c8c0:40] handle_exit(): unable to find active OpenAM server URL
New installs and new profiles
If you have a new install of AM 6 or add a new profile, you must populate the AM Login URL and AM Logout URL using either the console, REST or ssoadm:
Console: navigate to: Realms > [Realm Name] > Applications > Agents > [Web or Java] > [Agent Name] > AM Services and specify both the AM Login URL and AM Logout URL including the realm. The URL should be in the correct format, for example:
- REST: update the com.sun.identity.agents.config.login.url and com.sun.identity.agents.config.logout.url properties as described in How do I create and update an agent in AM/OpenAM (All versions) using the REST API?
ssoadm: enter the following command:
$ ./ssoadm update-agent -e [realmname] -b [agentname] -u [adminID] -f [passwordfile] -a com.sun.identity.agents.config.login.url=[loginURL] com.sun.identity.agents.config.logout.url=[logoutURL]replacing [realmname], [agentname], [adminID], [passwordfile], [loginURL] and [logoutURL] with appropriate values.
If you upgrade to AM 6, existing profiles will not be affected and older policy agents will work without any changes needed.
Web policy agents 4.x and JEE policy agents 3.5.x will not be supported in AM 6.5; you will need to upgrade to the latest Agents 5 release ahead of upgrading to AM 6.5.