Installation guide
Installing and Configuring the Policy Agent
Chapter 6 Single Sign-On Solution for SAP Internet Transaction Server 2.0 155
Installing and Configuring the Policy Agent
Once you have configured the SAP R/3systems andSun ONE Identity Server, you
can install Sun ONE Identity Server Policy Agent, version 2.1 for Sun ONE Web
Server 6.0. For details on installing and configuring the policy agent, see Chapter 2
of this guide.
For the SSO solution to work properly, you must take care of the following:
• In Identity Server, policies must exist to allow or deny user access to the SAP
service and resources.
The SAP Service typically resides at:
http://
host
.
domain
:
port
/scripts/wgate/sapdll/!
This is the URL for the
sapdll
PAS module service, which eventually redirects
the user to the requested resource as indicated by the parameters
~redirectHost
and
~redirectQS
in the
sapdll.srvc
file. Policies must exist to
protect the service (
/scripts/wgate/sapdll/!
) and the corresponding
redirecting resource. For information on creating policies in Sun ONE Identity
Server, please see Sun ONE Identity Server documentation.
• The following policy agent shared libraries must be placed in the programs
directory of your SAP ITS instance (\Program Files\SAP\ITS\2.0\programs).
For the PAS shared library to work properly, it is absolutely necessary that the
shared libraries for the policy agent are accessible.
The following are the libraries that you will need:
❍
amsdk.dll
❍
libnspr4.dll
❍
libplc4.dll
❍
libplds4.dll
❍
libxml2.dll
❍
nss3.dll
❍
ssl3.dll
• The
global.srvc
file on theITS which hoststhe Webgui servicemust contain at
least the following parameters: