Installation guide
POST Data Preservation
Chapter 3 Policy Agents on Microsoft Windows 91
The AMAgent.properties file contains a property titled
com.sun.am.policy.agents.client_ip_validation_enable,whichbydefault,
is set to false.
If you set this property value to
true, client IP address validation will be enabled
for each in-coming request that contains an SSO token. If the IP address from
which request was generated does not match the IP address issued for the SSO
token, the request will be denied. This is essentially the same as enforcing a deny
policy.
This featureshould notbe used,however, if the client browser uses a web proxy or
if there is a load-balancing application somewhere between the client browser and
the agent-protected web server. In such cases, the IP address appearing in the
request will not reflect the real IP address on which the client browser runs.
POST Data Preservation
POST data preservation is supported on the Sun ONE Web Server 6.0 SPx agent
and the Sun ONE Web Server 6.1 agent. Users can preserve POST data, which are
submitted to web servers through html forms before users login to the Identity
server. Presumably the html page containing the form should be in the
not-enforced list. By default, this feature is turned off.
This feature is configurable through two properties in AMAgent.properties file.
To turn off this feature, use the following AMAgent.properties file property and
change the value of the property from true to false:
com.sun.am.policy.agents.is_postdatapreserve_enabled=true
The second property decides how long any POST data can stay valid in the web
server cache. After the specified interval, a reaper thread will wake up and clean
up any POST cache entries that have lived beyond the specified life time. The
following property helps the administrator to configure this time interval. By
default this property is set to 10 minutes.
com.sun.am.policy.agents.postcacheentrylifetime=10
NOTE This feature is not available on the other agents.