Run agentsample but all access OK…why?

This topic has 2 replies, 2 voices, and was last updated 6 years ago by T.Hirano.

  • Author
    Posts
  • #13287
     T.Hirano
    Participant

    Hi and sorry for many question…

    Now, try to run agentsample but all user can see the pages.

    1. go to subjects and create user “ichiro” to group “manager”, “hideo” to group “employee”.
    2. create new policy in “iPlanetAMWebAgentService” policy set like this.
    http://j2ee.example.com:8080/agentsample/*
    http://j2ee.example.com:8080/agentsample/*?*
    post/get allow
    All of Authenticated Users
    3. create agent to J2EE, name “nomonomo”

    I access to http://j2ee.example.com:8080/agentsample/, and go to OpenAM login.
    But both user can access to /protectedservlet…

    Is there more settings?

    #13288
     Rogerio Rondini
    Participant

    I believe the Policy with “/*” and “/*?*” grant access to “All of authenticated users” are overlaying other policies.

    #13359
     T.Hirano
    Participant

    Hi Rogerio, thank you for your reply.

    I only set the Policy above…but I found the cause by your reply!

    There’s no config for “privileged attribute mapping” under application tab, j2ee-agent.
    I added two values like this.

    map-key : id=employee,ou=group,dc=opensso,dc=java,dc=net
    map-value : SR_EMPLOYEE_ROLE
    map-key : id=manager,ou=group,dc=opensso,dc=java,dc=net
    map-value : SR_MANAGER_ROLE

    Each key-value is written in agentsampe’s web.xml.

    I can’t solve this without your reply, thanks!

Viewing 3 posts - 1 through 3 (of 3 total)

You must be logged in to reply to this topic.

©2022 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?