Disable IAMSuiteAgent

This post will give an insight into IAMSuiteAgent and how to disable it?

IAMSuiteAgent is a pre-built Java agent that comes with OAM 11g by default. Few important points of IAMSuiteAgent are:

The IAMSuiteAgent is a domain-wide agent:

  • Once Access Manager is deployed, the IAMSuiteAgent is installed on every server in the domain
  • Unless disabled, every request coming into the WebLogic Application Server is evaluated and processed by the IAMSuiteAgent
  • Certain IAMSuiteAgent configuration elements are available in the WebLogic Administration Console (in the Security Provider section) and others in the Oracle Access Management Console.

I’d another OAM 11g R2 PS1 setup in the same node where R2 is installed. For some reason, the PS2 instance OAM Admin Console is redirecting to PS1 IAMSuiteAgent for authentication which is not expected.

So I’ve disabled IAMSuiteAgent in OAM Admin Console in PS2 instance, but of no luck. Troubleshooting why PS2 OAM console is redirecting to PS1 IAMSuiteAgent is a story for another day. Since I was running short of time, I had to disable IAMSuiteAgent. This is how I did:

  1. Set the environment variable export WLSAGENT_DISABLED=true. This change can also be made in setDomainEnv.sh.
  2. Restart the WebLogic Admin Server.
  3. Access the OAM Admin Console and notice that IAMSuiteAgent will not intercept. Refer the below screenshot for login page.

 

References:

Oracle Documentation: http://docs.oracle.com/cd/E27559_01/admin.1112/e27239/webgate.htm

 

About the Author Mahendra

I am engulfed in Oracle Identity & Access Management domain. I have expertise on providing the optimized solutions for user provisioning, web access management, Single Sign-On and federation capabilities etc., I am also well versed with complex integrations within Identity Management and other product domains. I have expertise on building demos and implementation experience on products Oracle Access Manager, Oracle Adaptive Access Manager, Oracle Entitlement Server, Oracle Virtual Directory, Oracle Internet Directory etc., Look @ my blog: http://talkidentity.blogspot.com

Leave a Comment:

3 comments
chandra says October 15, 2014

Hi Mahendra,

I did the OAMwebgate 11g install and configure.And able to protect the OHS by using webgate via OAM 11g server.I am able to log into OAM Console with individual port like http://hostname:7001/oamconsole.But when i am clicking on signout button, i found the below error message on browser.Can you please help on this and greatly apprecitated..

Error Message:
===============
Error:Single Sign Off didn’t take place.

Cause:The IDMDomainAgent for SingleSignOn is not enabled,but SingleSignOff tried to access the Agent’s logout page..

Action: Enable the IDMDomainAgent or use a Webgate for SingleSignOn protection.Direct access to this page with the IDMDomainAgent is invalid.

Reply
Sachin Gupta says August 25, 2015

Hi Mahendra,
I am trying to delete IAMSuitAgent via wlst but unable to do.
getting the error message as
“Error while browsing MBeans : java.lang.ClassNotFoundException: oracle.security.am.agent.wls.providers.safiap.OAMServletAuthenticationFilterIAProviderMBean”

can you guide where to set WLSAGENT_DISABLED=true through wlst to disable IAMSuitAgent

Reply
Sachin Gupta says August 25, 2015

one more thing to add,
though I am able to manually delete this provider from admin console, but want to achieve this using wlst, actually I am trying to automate OAM stuff.

Reply
Add Your Reply