Book

Agents and policies in AM/OpenAM

This books provides information on agents and their use in AM/OpenAM. It includes chapters on SSL and policies.


Printer friendly view

Table of Contents

  • 1 What versions of Policy Agents are compatible with AM/OpenAM?
  • 2 How do I check that a Policy Agent (All versions) can connect to AM/OpenAM?
  • 3 How do I set up a monitoring page for the load balancer in front of Web Agents (All versions) for health checks?
  • 4 How does Post Data Preservation work for Web agents (All versions)?
  • 5 How do I silently remove a Web Agent (All versions)?
  • 6 Installation
    • 6.1 How do I configure AM 6.0.0.x to work with older policy agents (Web 4.x and JEE 3.5.x)?
    • 6.2 Best practice for installing IIS Web Policy Agents (All versions)
  • 7 Configuration
    • 7.1 How do I export configuration details for the Agent (All versions)?
    • 7.2 How do I configure Agents 5.x to authenticate users against a specific realm, tree or authentication module in AM?
    • 7.3 How do I create a policy agent that inherits group settings using ssoadm in AM 5.x, 6.x and OpenAM 13.x?
    • 7.4 How do I define a list of Not Enforce URLs that Web Policy Agents can ignore for authentication purposes in AM/OpenAM (All versions)?
    • 7.5 How do I define a list of Not Enforce URIs that Java Policy Agents can ignore for authentication purposes in AM/OpenAM (All versions)?
    • 7.6 How do I change the session cookie name for AM/OpenAM and Policy Agents (All versions)?
    • 7.7 How do I capture HTTP headers set by Web Policy Agents (All versions) in Apache HTTP server using a Perl script?
  • 8 SSL Offloading
    • 8.1 How do I configure a Web Policy Agent (All versions) for SSL offloading?
    • 8.2 How do I configure a Java Policy Agent (All versions) for SSL offloading?
    • 8.3 How do I configure SSL offloading at the Policy Agent (All versions) for virtual hosts?
  • 9 Policies
    • 9.1 Best practice for creating and testing policies in AM/OpenAM (All versions)
    • 9.2 How do I export and import policies in AM/OpenAM (All versions)?
    • 9.3 How do I reduce the number of policy matches in AM/OpenAM (All versions)?
    • 9.4 How do I share values between scripted policies in AM/OpenAM (All versions)?
  • 10 Frequently Asked Questions
    • 10.1 FAQ: Installing Policy Agents in AM/OpenAM
    • 10.2 FAQ: Configuring Policy Agents in AM/OpenAM
    • 10.3 FAQ: Configuring policies in AM/OpenAM
    • 10.4 FAQ: SSL/TLS secured connections in AM/OpenAM and Policy Agents
    • 10.5 FAQ: SSL certificate management in AM/OpenAM and Policy Agents
    • 10.6 FAQ: AM/OpenAM performance and tuning
  • 11 How do I troubleshoot WebSocket issues in Agents 5.x?
  • 12 Logging
    • 12.1 How do I enable debug logging for troubleshooting Agents (All versions)?
    • 12.2 How do I rotate Web Policy Agents (All versions) debug and audit logs?
    • 12.3 How do I rotate Java Policy Agents (All versions) debug and audit logs?
    • 12.4 How do I clear debug logs in AM/OpenAM (All versions)?
  • 13 Known Issues
    • 13.1 Out of Memory exception causes AM/OpenAM (All versions) to hang due to increasing number of open policy agent sessions
    • 13.2 Apache and IIS Web Agent (All versions) repeatedly reports failed to load SSL errors
    • 13.3 An illegal reflective access operation has occurred when using Java 11 with ForgeRock products
    • 13.4 Schannel communications fail in Web Agents 4.1, 4.2 and 5.x running on Microsoft Windows 2008 R2 or 2012 with TLS 1.2 enabled
    • 13.5 Installation
      • 13.5.1 Installing a Web Agent (All versions) fails with a no ssl/library support error
      • 13.5.2 Unable to find the "User" entry in the httpd.conf file error when installing the Apache Web Agent (All versions)
      • 13.5.3 Policy Agents and AM/OpenAM (All versions) fail to install on IBM WebSphere when SSL is enabled
      • 13.5.4 Authentication fails with Internal Server Error (500) after installing or upgrading to Agent 5.x
      • 13.5.5 Apache Web Agent 5.x does not start after installing it on RHEL or CentOS configured with SELinux
    • 13.6 Redirect
      • 13.6.1 redirect_uri_mismatch error occurs after upgrading to, or installing Web Agents 5.x
      • 13.6.2 Policy Agent (All versions) does not redirect user correctly if the redirect URL is too long
      • 13.6.3 Redirect loop between AM and Agent 5.x after successful authentication
    • 13.7 Policies
      • 13.7.1 Resource type lookups and policy evaluation fails in AM 6.5.0.x, 6.5.1, 6.5.2, 6.5.2.1 and 6.5.2.2 when the external Policy Store is restarted
      • 13.7.2 Guice configuration errors when importing or exporting policies using ssoadm in AM 5, 5.1.x and OpenAM 13.5.1
Loading...