I'm deploying a large-scale Single Sign-On infrastructure using OpenSSO for the local education ministry.
There is a Sun Web Server 7 performing a Reverse Proxy to a backend application, and we intend to deploy the OpenSSO Policy Agent on the web server.
There is a certain sequence to follow to ensure the Policy Agent works:
1. Install Sun Web Server 7
2. Install OpenSSO Policy Agent for Sun Web Server 7
3. Configure Reverse Policy to backend application
If you swap 2 with 3, the Policy Agent will not be able to intercept user access via the reverse proxy, thus render the Policy Agent useless.
Take a look at the object configuration file in the Web Server config directory.
(Note: Not obj.conf, but
The /UpdateAgentCacheServlet and /dummypost/sunpostpreserve must precede reverse-proxy-/.
If you swap 2 with 3, you'll find that
reverse-proxy-/ precedes /UpdateAgentCacheServlet and /dummypost/sunpostpreserve.
If you to manually swap the sequence to make Policy Agent to work.