Book

Agents and policies in AM/OpenAM

This books provides information on agents and their use in AM/OpenAM. It includes chapters on SSL and policies.


Printer friendly view

Table of Contents

  • 1 What versions of Policy Agents are compatible with AM/OpenAM?
  • 2 How do I check that a Policy Agent (All versions) can connect to AM/OpenAM?
  • 3 How do I set up a monitoring page for the load balancer in front of Web Policy Agents (All versions) for health checks?
  • 4 How does Post Data Preservation work for Web agents (All versions)?
  • 5 How do I silently remove a Web Policy Agent 4.x or 5.x?
  • 6 Installation
    • 6.1 How do I configure AM 6.0.0.x to work with older policy agents (Web 4.x and JEE 3.5.x)?
    • 6.2 Best practice for installing IIS Web Policy Agents (All versions)
    • 6.3 How do I install AM/OpenAM (All versions) with Apache Web Policy Agent on Red Hat Enterprise Linux or CentOS configured with SELinux?
    • 6.4 How do I upgrade to Web Policy Agent 4.x from a previous version?
    • 6.5 Tips and feature insights for Web Policy Agents 4.x
  • 7 Configuration
    • 7.1 How do I export configuration details for the Policy Agent (All versions)?
    • 7.2 How do I configure Agents 5.x to authenticate users against a specific realm, tree or authentication module in AM?
    • 7.3 How do I configure policy agents (Web 4.x and JEE 3.5.x) to authenticate users against a specific realm in AM 6, 5.x and OpenAM (All versions)?
    • 7.4 How do I create a policy agent that inherits group settings using ssoadm in AM/OpenAM (All versions)?
    • 7.5 How do I define a list of Not Enforce URLs that Web Policy Agents can ignore for authentication purposes in AM/OpenAM (All versions)?
    • 7.6 How do I define a list of Not Enforce URIs that Java Policy Agents can ignore for authentication purposes in AM/OpenAM (All versions)?
    • 7.7 How do I change the session cookie name for AM/OpenAM and Policy Agents (All versions)?
    • 7.8 How do I capture HTTP headers set by Web Policy Agents (All versions) in Apache HTTP server using a Perl script?
  • 8 SSL Offloading
    • 8.1 How do I configure a Web Policy Agent (All versions) for SSL offloading?
    • 8.2 How do I configure a Java Policy Agent (All versions) for SSL offloading?
    • 8.3 How do I configure SSL offloading at the Policy Agent (All versions) for virtual hosts?
  • 9 Policies
    • 9.1 Best practice for creating and testing policies in AM/OpenAM (All versions)
    • 9.2 How do I export and import policies in AM/OpenAM (All versions)?
    • 9.3 How do I add additional HTTP actions to make them available to policies in AM/OpenAM (All versions)?
    • 9.4 How do I reduce the number of policy matches in AM/OpenAM (All versions)?
    • 9.5 How do I share values between scripted policies in AM/OpenAM (All versions)?
  • 10 Frequently Asked Questions
    • 10.1 FAQ: Installing Policy Agents in AM/OpenAM
    • 10.2 FAQ: Configuring Policy Agents in AM/OpenAM
    • 10.3 FAQ: Configuring policies in AM/OpenAM
    • 10.4 FAQ: SSL/TLS secured connections in AM/OpenAM and Policy Agents
    • 10.5 FAQ: SSL certificate management in AM/OpenAM and Policy Agents
    • 10.6 FAQ: AM/OpenAM performance and tuning
  • 11 How do I troubleshoot WebSocket issues in Agents 5.x?
  • 12 Logging
    • 12.1 How do I enable debug logging for troubleshooting Policy Agents (All versions)?
    • 12.2 How do I enable message level debugging for the Java SDK in OpenAM 12.x and 13.x?
    • 12.3 How do I rotate Web Policy Agents (All versions) debug and audit logs?
    • 12.4 How do I rotate Java Policy Agents (All versions) debug and audit logs?
    • 12.5 How do I clear debug logs in AM/OpenAM (All versions)?
  • 13 Known Issues
    • 13.1 Out of Memory exception causes AM/OpenAM (All versions) to hang due to increasing number of open policy agent sessions
    • 13.2 Apache Web Agent (All versions) repeatedly reports failed to load OPENSSL_init_ssl errors
    • 13.3 An illegal reflective access operation has occurred when using Java 11 with ForgeRock products
    • 13.4 Schannel communications fail in Web Agents 4.1, 4.2 and 5.x running on Microsoft Windows 2008 R2 or 2012 with TLS 1.2 enabled
    • 13.5 ERROR: Failed to obtain auth service url from server: null://null:null stops JEE Policy Agent 3.5.x from starting up correctly
    • 13.6 Installation
      • 13.6.1 redirect_uri_mismatch error occurs after upgrading to, or installing Web Agents 5.x
      • 13.6.2 Installing Web policy agent 4.x or 5.x fails with a no ssl/library support error
      • 13.6.3 Apache Web Policy Agent 4.1.0 fails to start with no space left on device Configuration Failed error
      • 13.6.4 Web policy agents 4 install fails with messages such as send_session_request or Server returned HTTP response code
      • 13.6.5 Unable to find the "User" entry in the httpd.conf file error when installing the Apache Web policy agent 4.x or 5.x
      • 13.6.6 Policy Agents and AM/OpenAM (All versions) fail to install on IBM WebSphere when SSL is enabled
      • 13.6.7 Permission denied when starting Apache Web Policy Agent on Red Hat Enterprise Linux or CentOS system configured with SELinux
    • 13.7 Redirect
      • 13.7.1 Policy Agent (All versions) does not redirect user correctly if the redirect URL is too long
      • 13.7.2 Redirect loop between AM and Agent 5.x after successful authentication
      • 13.7.3 XUI Login URL with goto parameter causes redirect loop or prevents OpenAM 12.x and 13.x login page loading
      • 13.7.4 Redirect loop between OpenAM and JEE Policy Agent 3.5.0 causes high session numbers and poor performance
      • 13.7.5 JEE Policy Agent 3.5.x fails to redirect to AM/OpenAM login or logout URL and shows 500: Internal server error
    • 13.8 Policies
      • 13.8.1 Guice configuration errors when importing or exporting policies using ssoadm in AM 5, 5.1.x and OpenAM 13.5.1
      • 13.8.2 Upgrade to OpenAM 12.x or 13.x fails with Failed to modify privilege! message when migrating policies
      • 13.8.3 Policy import fails in OpenAM 13.0 with Invalid resource type null message
      • 13.8.4 OpenAM 13.0 hangs when creating or updating policies and policy sets with BLOCKED and WAITING threads
      • 13.8.5 Unreliable policy evaluation results when using root or subtree mode in OpenAM 12.x or 13.x
    • 13.9 Source
      • 13.9.1 Aether ClassNotFound when building Policy Agents and OpenAM 12.x, 13 from source
Loading...