Problem with apache web server and policy agent

This topic has 5 replies, 4 voices, and was last updated 6 years, 11 months ago by miky7.

  • Author
    Posts
  • #5892
     miky7
    Participant

    Hi guys,
    I’m a newbie ;)
    I installed opendj e openam on a virtual machine with centos 6.7 32 bit.
    After the installation i follow the step on this page to install the web policy agent for apache web server 32 bit: https://backstage.forgerock.com/#!/docs/openam-policy-agents/3.3.0/web-install-guide/chap-apache-22
    I tried with httpd 2.2 and httpd 2.4 but after the correct installation of the policy agent, I use the command /path/to/apache22/bin/apachectl -k start and the answer is:
    httpd: Syntax error on line 1012 of /etc/httpd/conf/httpd.conf: Could not open configuration file /root….apache22_agent/Agent_001/config/dsame.conf: Permission denied
    the file have the rw-r–r– permission and I run httpd with the root user
    What could I do? Any suggestion?
    Openam and opendj work fine and also apache webserver without: include /root/Scrivania/agent/web_agents/apache22_agent/Agent_001/config/dsame.conf
    Thanks!
    I’m sorry for my terrible English ;)

    • This topic was modified 6 years, 11 months ago by miky7.
    #5894
     Matt Miller
    Participant

    Have you tried turning off SELinux?

    #5902
     miky7
    Participant

    Thank you!!! Now apache starts. It shows me the 403 forbidden page

    #5918
     ssripathy
    Participant

    Can you post the apache virtual host configuration you’ve setup?

    #5920
     Anonymous
    Inactive

    Hi

    Have you configured any policy for Apache Agent profile, if not enable sso mode only.
    that might work.

    Thanks
    Sagar

    #5942
     miky7
    Participant

    Thanks to everybody! But the problem perists…
    I’ll explain what I am to do. The structure of my test project is: one apache web server where I have installed the policy agent and a tomcat apache web server where I put Openam.
    All is on localhost in the same virtual machine. I want to protect a simple jsp on the tomcat server. I would like to write an url in my browser: http://www.app.xxx.com/OpenAM and access to a resource on tomcat but before that I want that OpenAM authenticates the user.
    I add two url in the file hosts on localhost:
    openam.xxx.com
    and
    http://www.app.xxx.com
    In the apache web server htppd.conf I add this line
    Servername http://www.app.xxx.com
    ProxyPass /OpenAM http://www.app.xxx.com/MyApp/test.jsp
    ProxyPassReverse /OpenAM http://www.app.xxx.com/MyApp/test.jsp

    In OpenAM the real is top level realm and I add realm/dns aliases
    openam.xxx.com
    http://www.app.xxx.com
    In Policies I create a policy, the configuration is:
    Name MyApp Resources http://www.app.xxx.com:*/MyApp/test.jsp
    Actions all allowed
    Subjects Only AuthenticatedUsers
    in enviroments and response attributes nothing

    I create one agent testagent:

    Global
    the current agent root url is http://www.app.xxx.com:80/
    Fqdn check enabled fqdn default http://www.app.xxx.com

    Application
    ignore path info for not enforced urls enabled
    not enforced urls:
    http://www.app.xxx.com/OpenAM/*
    http://www.app.xxx.com:80/OpenAM/*

    SSO
    cross domain sso not enabled
    cdsso servlet url: http://openam.xxx.com:8080/OpenAM/cdcservlet

    OpenAM Services
    OpenAM Login URL: http://openam.xxx.com:8080/OpenAM/UI/Login

    In the first page of OpenAM in Configuration under servers and sites:
    Servers: http://openam.xxx.com:8080/OpenAM with parent site applicazioni
    In Sites I add one applicazioni with primary url: http://www.app.xx.com:80/OpenAM with assigned servers http://openam.xxx.com:8080/OpenAM

    With this configuration It doesn’t work… any suggestion?

    Thanks :)

Viewing 6 posts - 1 through 6 (of 6 total)

You must be logged in to reply to this topic.

©2022 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?