Friday, November 26, 2010

OpenSSO - Installing Policy Agent on Oracle/Sun Web Server 7

I'm deploying a large-scale Single Sign-On infrastructure using OpenSSO for the local education ministry. 

There is a Sun Web Server 7 performing a Reverse Proxy to a backend application, and we intend to deploy the OpenSSO Policy Agent on the web server.

There is a certain sequence to follow to ensure the Policy Agent works:
1. Install Sun Web Server 7
2. Install OpenSSO Policy Agent for Sun Web Server 7
3. Configure Reverse Policy to backend application

If you swap 2 with 3, the Policy Agent will not be able to intercept user access via the reverse proxy, thus render the Policy Agent useless.


Take a look at the object configuration file in the Web Server config directory.
(Note: Not obj.conf, but -obj.conf)

The /UpdateAgentCacheServlet and /dummypost/sunpostpreserve must precede reverse-proxy-/.

If you swap 2 with 3, you'll find that 

reverse-proxy-/ precedes /UpdateAgentCacheServlet and /dummypost/sunpostpreserve.

If you to manually swap the sequence to make Policy Agent to work.


No comments:

Post a Comment