Installation guide

Setting the REMOTE_USER Server Variable

90 Sun ONE Identity Server Policy Agents 2.1 • Web Policy Agents Guide • September 2004

Setting the REMOTE_USER Server Variable

The

REMOTE_USER

server environment variable is normally set by the agent to the

user ID of the user who is accessing the page after being authenticated with

Identity Server. By setting this variable to a specific user, the user becomes

available to web applications (such as a CGI, servlet, or an ASP program). This

feature makes it possible to personalize the content of displayed HTML pages to

specific users.

However if the page a user is accessing is not enforced, the

REMOTE_USER

variable

will not be set. To enable setting the

REMOTE_USER

for not-enforced URLs, you must

set

the following property in AMAgent.properties to true (by default the value is

false):

com.sun.am.policy.agents.anonRemoteUserEnabled=TRUE

When you set this property value to

TRUE

, the value of REMOTE_USER will be set to

the value contained in the following property in the AMAgent.properties file (by

default, this value is set to anonymous):

com.sun.am.policy.agents.unauthenticatedUser=anonymous

To enable the REMOTE_USER feature for an IIS 5.0 agent, perform the following

steps:

1. From the Windows Start menu, select Programs > Administrative Tools >

Internet Services Manager.

This will launch the Internet Information Services console.

2. On the web site that you want the Sun ONE Identity Server agent to protect,

select Properties.

3. Select the Directory Security tab.

4. In the Anonymous Access and Authentication Control section, click Edit.

5. In the dialog that displays, select Anonymous Access and Basic

Authentication, then deselect Integrated Windows Authentication.

Validating Client IP Addresses

This feature can be used to enhance security by preventing the stealing or hijacking

of SSO tokens.