Manualshelf

Installation guide

ManualsBrandsRed Hat ManualsComputer equipmentNETSCAPE DIRECTORY SERVER 6.02 - DEPLOYMENT
121122123124125126127128129130
Shared Secret Encryption Utility
Chapter 4 Policy Agents on Red Hat, SuSE, and Debian Linux 125
The AMAgent.properties file contains a property named
com.sun.am.policy.agents.client_ip_validation_enable, which by default
is set to false.
If you set this property to
true, client IP address validation will be enabled for
each in-coming request that contains an SSO token. If the IP address from which
request was generated does not match the IP address issued for the SSO token, the
request will be denied. This is essentially the same as enforcing a deny policy.
This featureshould notbe used,however, if the client browser uses a web proxy or
if there is a load-balancing application somewhere between the client browser and
the agent-protected web server. In such cases, the IP address appearing in the
request will not reflect the real IP address on which the client browser runs.
Shared Secret Encryption Utility
The policy agent stores the shared secret in the AMAgent.properties file. By
default, this password is the Identity Server internal LDAP authentication user
password. This can be changed on the server side by editing the
AMConfig.Properties file.
The property com.sun.am.policy.am.password in the AMConfig.Properties
file is set with the encrypted shared secret while installing the agent.
To reset or change the shared secret, you can use the following utility and set the
value in the property.
1. Go to the following directory:
Agent_Install_Dir/bin
2. Execute the following script from the command line:
crypt_util shared_secret
3. Cut and paste the output from Step 2 in the property:
com.sun.am.policy.am.password
4. Restart the Web Server and try accessing any resource protected by the agent.
If the agent gets redirected to the Sun ONE Identity Server, this indicates the
above steps were executed properly.