Table of Contents
- 6.1. Identity Gateway or Policy Agent?
- 6.2. Kinds of Agent Profiles
- 6.3. Creating Agent Profiles
- 6.4. Delegating Agent Profile Creation
- 6.5. Configuring Web Policy Agents
- 6.6. Configuring J2EE Policy Agents
- 6.7. Configuring Web Service Provider Policy Agents
- 6.8. Configuring Web Service Client Policy Agents
- 6.9. Configuring Security Token Service Client Policy Agents
- 6.10. Configuring Version 2.2 Policy Agents
- 6.11. Configuring OAuth 2.0 & OpenID Connect 1.0 Clients
- 6.12. Configuring Agent Authenticators
You install policy agents in web servers and web application containers to enforce access policies OpenAM applies to protected web sites and web applications. Policy agents depend on OpenAM for all authentication and authorization decisions. Their primary responsibility consists in enforcing what OpenAM decides in a way that is unobtrusive to the user. In organizations with many servers, you might well install many policy agents.
Policy agents can have local configurations where they are installed, but usually you store all policy agent configuration information in the OpenAM configuration store, defining policy agent profiles for each, and then you let the policy agents access their profiles through OpenAM such that you manage all agent configuration changes centrally. This chapter describes how to set up policy agent profiles in OpenAM for centralized configuration.
