Installation guide
POST Data Preservation
54 Sun ONE Identity Server Policy Agents 2.1 • Web Policy Agents Guide • April 2005
The AMAgent.properties file contains a property titled
com.sun.am.policy.agents.client_ip_validation_enable, which by default
is set to false.
If you set this property value to
true, client IP address validation will be enabled
for eachincoming request that contains an SSO token. If the IP address from which
request was generated does not match the IP address issued for the SSO token, the
request will be denied. This is essentially the same as enforcing a deny policy.
This featureshould notbe used,however, if the client browser uses a web proxy or
if there is a load-balancing application somewhere between the client browser and
the agent-protected web server. In such cases, the IP address appearing in the
request will not reflect the real IP address on which the client browser runs.
POST Data Preservation
POST data preservation is supported on the Sun ONE Web Server 6.0 SPx agent.
Users canpreserve POSTdata, whichare submittedto web servers through HTML
forms before users login to Sun ONE Identity Server. Presumably, the HTML page
containing the form should be in the not-enforced list. By default, this feature is set
off.
This feature is configurable through two properties in AMAgent.properties file.
To turn off this feature, use the following AMAgent.properties file property and
change the value of the property from true to false:
com.sun.am.policy.agents.is_postdatapreserve_enabled = true
com.sun.am.policy.agents.postcacheentrylifetime = 10
The second property decides how long any POST data can stay valid in the web
server cache. After the specified interval, a reaper thread will wake up and clean
up any POST cache entries that have lived beyond the specified life time. The
following property helps the administrator to configure this time interval. By
default, this property is set to 10 minutes.
NOTE
This feature is available only on the agent for Sun ONE Web Server 6.0 SPx.