2.3 Configuring the Agent for Direct Access

  1. In the Administration Console, click Access Manager > J2EE Agents > Edit.

    Configuring a J2EE Agent

  2. Fill in the fields:

    Identity Server Cluster: Select the Identity Server you want the agent to trust for authentication by selecting the configuration you have assigned to the Identity Server.

    The [None] option is used as the default, before you configure the agent.

    Contract: Select the type of contract, which determines the information a user must supply for authentication. By default, the Administration Console allows you to select from the following contracts and options when specifying an authentication contract.

    • Name/Password - Basic: Specifies basic authentication over HTTP, using a standard login pop-up provided by the Web browser.

    • Name/Password - Form: Specifies a form-based authentication over HTTP, using the Access Manager login form.

    • Secure Name/Password - Basic: Specifies basic authentication over HTTPS, using a standard login pop-up provided by the Web browser.

    • Secure Name/Password - Form: Specifies a form-based authentication over HTTPS, using the Access Manager login form.

    • Any Contract: If the user has authenticated, allows any contract defined for the Identity Server to be valid; or if the user has not authenticated, prompts the user to authenticate by using the default contract assigned to the Identity Server configuration.

    You can configure other contract types. See Configuring Authentication Contracts in the Novell Access Manager 3.0 SP4 Administration Guide.

    J2EE Application Server URL: Specify the URL of your application server, including the port. For example, if the DNS name of your J2EE server is j2ee.mycompany.com, enter the following:

    https://j2ee.mycompany.com:8443

    The URL has three parts:

    • Scheme: For the scheme, specify the scheme you have configured the application server to use for connections (http or https). See your application server documentation for information on configuring SSL so you can use HTTPS. For more information on SSL and the required certificates for the agent, see Section 4.3, Configuring SSL Certificate Trust.

    • Domain: You need to specify a DNS name in the URL if you want to configure the application server so that it is accessible internally behind your firewall and externally outside the firewall.

    • Port: Port 8443 is the standard HTTPS port for an SSL connection to a JBoss server, port 7002 for an SSL connection to a WebLogic server, and port 9443 for an SSL connection to a WebSphere server. The HTTP port is 8080 for JBoss, 7001 for WebLogic, and 9080 for WebSphere. If you have configured a different port, use that port.

  3. Click OK, then click Update > OK.

  4. To update the Identity Server, click Identity Servers, then click Update > OK.

    Whenever you set up a new trusted identity configuration, you need to update the Identity Server configuration.

  5. Continue with Preparing the Applications and the J2EE Servers.