How To

How do I configure the Web policy agent 3.x for multi-site SSO?

Last updated Jan 5, 2021

The purpose of this article is to provide information on configuring the Web policy agent when you have multiple sites with the same cookie domain and are doing SSO between the sites. This configuration might be used for failover, for example, between data centers.

1 reader recommends this article


This article has been archived and is no longer maintained by ForgeRock.

Configuring the Web policy agent for multi-site SSO

If you have multiple sites where you do SSO between them, you need to specify both site URLs in the policy agent bootstrap file to prevent a redirect loop. You can do this as follows:

  1. Stop the policy agent server on one site.
  2. Make a backup of the file (located in the /config directory where the Web policy agent is installed).
  3. Edit the file by specifying both site URLs in the com.sun.identity.agents.config.naming.url property, where the primary site URL is listed first, for example: com.sun.identity.agents.config.naming.url=http://host1.example.primary:8080/openam/namingservice http://host2.example.secondary:8080/openam/namingservice
  4. Restart the policy agent server.
  5. Repeat steps 1 to 4 for the other site.

See Also

Agents and policies in AM

OpenAM Web Policy Agent Reference › Bootstrap Configuration Properties

Related Training


Related Issue Tracker IDs

AMAGENTS-663 (Does J2EE agent support Naming URL and Failover Properties ?)

Copyright and Trademarks Copyright © 2021 ForgeRock, all rights reserved.