WebAgentTrouble

2.2 OpenSSO Agent installation is failing

1. Unpack the product binaries

2. Change directories to PolicyAgent-base/bin.

Ensure executable permissions are set for the following programs:

agentadmin

crypt_util

certutil

For example the following command is one method for setting executable permissions for these three programs:

chmod +x agentadmin certutil crypt_util

#. Now try running the ./agentadmin --install

Unable to load Web Agent

Possible Solution: Main reason will be the agent dependent libraries are not present on the system
Unix Platforms:
ldd -d <shared library>
ex: ldd -d libames6.so

Please make sure that all the dependent libraries are present in the system.

Windows platforms:

Download depends.exe . Launch the same. Try
openining up the Agentds dll (ex: amiis6.dll). Please make sure that all dependent libraries are present.

Agent running into an infinite loop

Possible Solutions:
1) Agent and AM machines are not time synchronized. Please sync up the time between these two machines. Restart the instances once this is complete

2) Different cookies might be set: AM might be setting a sso cookie "iPlanetDirectoryPro-a", whereas agent by default will be looking for "iPlanetDirectoryPro". Make sure that AM and Agent are sharing the same cookies.

Failure to load Domino Agent dll

Possible Solution: If you have recently un-installed any anti-virus software (Panda), this will also remove the agent dependent dlls (msvcp70.dll and msvcr70.dll), please make sure that these dlls are present.

libstdc++.so.5 not found on bare CentOS
Output in opt/apache22_agent/Agent_001/config/dsame.conf
Cannot load /opt/apache22_agent/lib/libamapc22.so into server: libstdc++.so.5: 
cannot open shared object file: No such file or directory

Solution:
yum install compat-libstdc++-33-3.2.3-61

2.2 Web Agents having X11 display issue

2.2 web agents, which are not open sourced, having a dependency on X11 display. If X11 display is not available, then all types of install options fail. The following workaround is needed on Solaris and Linux platforms. Example of Apache and Sun Web Server 6 agents on Solaris below:

Apache:
1. Extract agent installation tar file and do:
2. pkgadd -d . SUNWamapc
3. cd /opt/SUNWam/agents/apache/bin/
4. Execute config script ./config (or ./config -r ./response). This configures you web server instance, setup AMAgent.properties and debug directories etc.
5. Restart web server instance.

WS6:
1. Extract agent installation tar file and do:
2. pkgadd -d . SUNWames6
3. cd /opt/SUNWam/agents/es6/bin/
4. Execute config script: ./config (or ./config -r ./response). This configures you web server instance, setup AMAgent.properties and debug directories etc.
5. Restart web server instance.

On Linux, the above steps are applicable. Add the agent package using rpm tool.

Web Agents authenticating with a sub-realm

By default, web agents authenticate to root realm, "/". In order to make an agent to authenticate with a particular sub-realm, say Foo, do the following.

2.2 web agents: Set the following property in AMAgent.properties and restart the web agent container
com.sun.am.policy.am.org.name = Foo

3.0 web agents: Set the following in OpenSSOBootstrap.properties and restart the web agent container
com.sun.identity.agents.config.organization.name = Foo

Apache agent and Virtual servers usage

Apache agent protects entire Apache server. If Apache server is configured with multiple virtual servers, then agent protects all of them. The following examples illustrates different use cases.

Agent host: myhost.mydomain.com
Agent port: 5050
Virtual servers: myhost-v1.mydomain.com, myhost-v2.mydomain.com, myhost-v3.mydomain.com

2.2 agent examples:

com.sun.am.policy.agents.config.fqdn.default = myhost.mydomain.com
com.sun.am.policy.agents.config.fqdn.map = valid1|myhost-v1.mydomain.com,valid2|rmyhost-v2.mydomain.com,valid3|myhost-v3.mydomain.com

Case 1.
com.sun.am.policy.agents.config.notenforced_list = http://myhost-v*.mydomain.com:5050/* — All virtual host url accesses are not enforced.

Case 2.
com.sun.am.policy.agents.config.notenforced_list = http://myhost-v1.mydomain.com:5050/* — Only v1 url accesses are not enforced. v2 and v3 urls are enforced.

Case 3.
com.sun.am.policy.agents.config.notenforced_list = http://myhost-v1.mydomain.com:5050/* http://myhost-v2.mydomain.com:5050/* — v1 and v2 url accesses are not enforced. v3 urls are enforced.

Different combinations can be worked out this way.

Enter labels to add to this page:
Please wait 
Looking for a label? Just start typing.

Sign up or Log in to add a comment or watch this page.


The individuals who post here are part of the extended Sun Microsystems community and they might not be employed or in any way formally affiliated with Sun Microsystems. The opinions expressed here are their own, are not necessarily reviewed in advance by anyone but the individual authors, and neither Sun nor any other party necessarily agrees with them.

Copyright 1994-2009 Sun Microsystems, Inc.
Powered by Atlassian Confluence Sun Guidelines on Public Discourse Privacy Policy Terms of Use Trademarks Site Map Employment Investor Relations Contact