Install the Java System Access Manager Assertion
The Java System Access Manager assertion allows a policy to use the Single Sign-On (SSO) and Policy Service from an existing Oracle Java System Access Manager 7.0 or 7.1 deployment.
gateway92
The Java System Access Manager assertion allows a policy to use the Single Sign-On (SSO) and Policy Service from an existing Oracle Java System Access Manager 7.0 or 7.1 deployment.
This section describes how to install and configure the custom assertion on the Gateway. When configuration is complete, the Access Resource Protected by JSAM Assertion appears in the Policy Manager, under both the Access Control and Custom Assertions palettes.
Contents:
Requirements
- Oracle Java System Access Manager 7 version 7.0 or 7.1
- A Policy Agent profile defined under the realm.
- The custom assertion RPM installation file:ssg-jsam-<version>.noarch.rpmThis file is located in the "CA API Gateway CustomAssertions" distribution archive.
Configure the Gateway
Note:
To install and configure the assertion in a cluster, repeat the following procedures for each Gateway in the cluster.Two main steps are required to configure the Gateway for this custom assertion:
- Install the custom assertion onto the Gateway server.
- Modify two properties files with information configured in the Java System Access Manager Server.
Step 1: Install the Custom Assertion
Note:
In the following steps, “<SSG_home>” is “/opt/SecureSpan/Gateway” by default.To install the custom assertion:
- Log in asssgconfigand open a privileged shell from the Gateway configuration menu.
- Stop the Gateway:# service ssg stop
- Navigate to the location of the custom assertion installation file.
- Run the following command to install the RPM:# rpm -Uvh ssg-jsam-<version>.noarch.rpmwhere"<version>"is the version number of the Gateway, plus an archive number.
Step 2: Edit the Properties Files
Perform the following configuration after the installing the custom assertion package:
- Open the following file in a text editor:<SSG_home>/node/default/etc/conf/sun-jsam-client.properties
- Review and update the properties.PropertyDescriptioncom.sun.identity.agents.app.usernameName of the Policy Agent profile created on the Access Manager server.com.iplanet.am.service.passwordThe plain text password of the Policy Agent profile.If an encrypted password is used instead, enter it in the “com.iplanet.am.service.secretproperty.com.iplanet.am.service.secretThe encrypted password of the Policy Agent profile. If a plain text password is used instead, enter it in thecom.iplanet.am.service.passwordproperty.am.encryption.pwdIf an encrypted password is used, then this value must matchAMConfig.properties.com.iplanet.am.naming.urlThis value must matchAMConfig.properties.com.iplanet.am.notification.urlThis value must matchAMConfig.properties.com.iplanet.am.server.protocolThis value must matchAMConfig.properties.com.iplanet.am.server.hostThe fully qualified host name of the Access Manager server. This value must matchAMConfig.properties.com.iplanet.am.server.portThis value must matchAMConfig.properties.com.iplanet.services.debug.levelControls the Access Manager Client SDK internal logging. Enter the minimum severity level to be logged:off (logging disabled)errorwarningmessagecom.iplanet.services.debug.directoryThe directory to store the Access Manager Client SDK internal log files.
- You can optionally verify that the following entries match those in the Java System Access Manager. They should match if the server uses the factory default values.:
- Open the following file in a text editor:<SSG_home>/node/default/etc/conf/sun-jsam-ca.properties
- Verify these properties:PropertyDefault Valuecom.l7tech.custom.sun.jsam.PolicyServiceNameiPlanetAMWebAgentServicecom.l7tech.custom.sun.jsam.SsoCookieNameiPlanetDirectoryProNote:The default values are automatically used if the file or the properties are missing.
- Restart the Gateway:# service ssg start