This section concerns creating agent profiles, and creating groups that let agents inherit settings when you have many agents with nearly the same profile settings.
Procedure 6.1. To Create an Agent Profile
To create a new web or J2EE policy agent profile, you need a name and password for the agent, and the URLs to OpenAM and the application to protect.
-
On the Access Control tab page of the OpenAM console, click the link for the realm in which you manage agents.
-
Click the Agents tab, click the tab page for the kind of agent you want to create, and then click the New... button in the Agent table.
-
Provide a name for the agent, and also the URLs to OpenAM and to the application to protect, then click Create.
-
After creating the agent profile, you can click the link to the new profile to adjust and export the configuration.
Procedure 6.2. To Create an Agent Profile Group & Inherit Settings
Agent profile groups let you set up multiple agents to inherit settings from the group. To create a new web or J2EE agent profile group, you need a name and the URL to the OpenAM server in which you store the profile.
-
On the Access Control tab page of the OpenAM console, click the link for the realm in which you manage agents.
-
Click the Agents tab, click the tab page for the kind of agent you want to create, and then click the New... button in the Group table.
After creating the group profile, you can click the link to the new group profile to fine-tune or export the configuration.
-
Inherit group settings by selecting your agent profile, and then selecting the group name in the Group drop-down list near the top of the profile page.
You can then adjust inheritance by clicking Inheritance Settings on the agent profile page.
Procedure 6.3. To Create an Agent Profile Using the Command Line
You can create a policy agent profile in OpenAM using the ssoadm command-line tool. You do so by specifying the agent properties either as a list of attributes, or by using an agent properties file as shown below. Export an existing policy agent configuration before you start to see what properties you want to set when creating the agent profile.
The following procedure demonstrates creating a web policy agent profile using the ssoadm command.
-
Make sure the ssoadm command is installed as described in the Installation Guide procedure, To Set Up Administration Tools.
-
Determine the list of properties to set in the agent profile.
The following properties file shows a minimal configuration for a web policy agent profile.
$ cat myWebAgent.properties com.sun.identity.agents.config.agenturi.prefix=http://www.example.com:80/amagent com.sun.identity.agents.config.cdsso.cdcservlet.url[0]=https://openam.example.com:8443/openam/cdcservlet com.sun.identity.agents.config.fqdn.default=www.example.com com.sun.identity.agents.config.login.url[0]=http://openam.example.com:8443/openam/UI/Login com.sun.identity.agents.config.logout.url[0]=http://openam.example.com:8443/openam/UI/Logout com.sun.identity.agents.config.remote.logfile=amAgent_www_example_com_80.log com.sun.identity.agents.config.repository.location=centralized com.sun.identity.client.notification.url=http://www.example.com:80/UpdateAgentCacheServlet?shortcircuit=false com.sun.identity.client.notification.url=http://www.example.com:80/UpdateAgentCacheServlet?shortcircuit=false sunIdentityServerDeviceKeyValue[0]=agentRootURL=http://www.example.com:80/ sunIdentityServerDeviceStatus=Active userpassword=password
-
Set up a password file used when authenticating to OpenAM.
$ echo password > /tmp/pwd.txt $ chmod 400 /tmp/pwd.txt
-
Create the profile in OpenAM.
$ ssoadm create-agent --realm / --agentname myWebAgent --agenttype WebAgent --adminid amadmin --password-file /tmp/pwd.txt --datafile myWebAgent.properties Agent configuration was created.
At this point you can view the profile in OpenAM Console under Access Control >
Realm Name> Agents to make sure the configuration is what you expect.
