| Oracle® OpenSSO Release Notes Release 11gR1. Version 11.1.1.3.0 Part Number E17846-03 |
|
|
View PDF |
| Oracle® OpenSSO Release Notes Release 11gR1. Version 11.1.1.3.0 Part Number E17846-03 |
|
|
View PDF |
The Oracle OpenSSO Security Token Service (OpenSSO STS) provides a secure way to handle identity propagation that is controllable by policy. As a trusted authority service, OpenSSO STS issues and validates security tokens. As a web services security provider, OpenSSO STS secures communication among web service clients and web service providers
This chapter contains the following topics:
Section 1.1, "Oracle OpenSSO Security Token Service Supported Standards and Applications"
Section 1.2, "Oracle OpenSSO Security Token Service Download Location"
Section 1.3, "Oracle OpenSSO Security Token Service Issues and Workarounds"
For detailed installation and administration instructions, see the Oracle OpenSSO Security Token Service Administrator's Guide in this documentation library.
For information about the platforms and product versions supported by the Oracle OpenSSO Security Token Service, see the appropriate certification matrix:
http://www.oracle.com/technology/software/products/ias/files/fusion_certification.html
The Oracle OpenSSO Security Token Service is available to download from the Oracle Fusion Middleware 11gR1 Software Downloads page:
http://www.oracle.com/technology/software/products/middleware/htdocs/fmw_11_download.html
This section describes the following issues and workarounds for the Oracle OpenSSO Security Token Service:
Section 1.3.2, "OpenSSO STS ssoadm do-batch Subcommand Throws a Null Pointer Exception"
Section 1.3.4, "OpenSSO STS opensso-client.zip File Contains an Unsupported WAR File"
Section 1.3.5, "Custom Configurator Can Disable an Existing OpenSSO STS Configuration"
Before you configure OpenSSO STS, set the Internet Options settings for Internet Explorer 7 or Internet Explorer 8 as follows:
Permit the execution of JavaScript (Enable Active scripting).
Add the OpenSSO STS site to be configured to the Trusted sites zone.
Included per bug 6940462.
The ssoadm do-batch subcommand throws a Null Pointer Exception (NPE) related to logging before the command completes.
Included per bug 6964741.
After deploying OpenSSO STS (openssosts.war) in Oracle WebLogic Server 10.3.3 in production mode and starting the OpenSSO STS web application, exceptions are thrown in the console where the WebLogic Server domain was started.
After starting OpenSSO STS, it remains started and exceptions are not thrown again until OpenSSO STS is stopped and then restarted.
The workaround is to copy the saaj-impl.jar file from the OpenSSO STS opensso-client-jdk15.war file to the WebLogic Server 10.3.3 configuration endorsed directory, as follows:
Stop the WebLogic Server 10.3.3 domain.
If necessary, unzip the OpenSSO STS ZIP file.
Create a temporary directory and unzip the openssosts-zip-path/opensso/samples/opensso-client.zip file in that directory, where openssosts-zip-path is where you unzipped the OpenSSO STS ZIP file. For example:
cd openssosts-zip-path/samples mkdir ziptmp cd ziptmp unzip ../opensso-client.zip
Create a temporary directory and extract the saaj-impl.jar file from opensso-client-jdk15.war. For example:
cd openssosts-zip-path/opensso/samples/ziptmp/war mkdir wartmp cd wartmp jar xvf ../opensso-client-jdk15.war WEB-INF/lib/saaj-impl.jar
Create a new directory named endorsed under the WEBLOGIC_JAVA_HOME/jre/lib directory (if endorsed does not exist), where WEBLOGIC_JAVA_HOME is the JDK that WebLogic Server is configured to use.
Copy the saaj-impl.jar file to the WEBLOGIC_JAVA_HOME/jre/lib/endorsed directory.
Start the WebLogic Server domain.
Included per bug 6964168.
The openssosts.zip contains the opensso-client.zip, which has samples and corresponding WAR files. The opensso-client-jdk15.war file is not supported, because the minimum supported JDK for OpenSSO STS is JDK 1.6.0_18.
The workaround is to not deploy the openssoclient-jdk15.war file. This WAR file, however, contains the saaj-impl.jar file, which is used in the workaround for Section 1.3.3, "Activating OpenSSO STS in the WebLogic Server 10.3.3 Administration Console Throws Exceptions."
After using stsconfig.jsp to create a successful OpenSSO STS configuration, to avoid an internal accidental configuration overwrite or change of the OpenSSO STS configuration, it is recommended that you perform one of the following procedures.
Without a Load Balancer. If you have not deployed OpenSSO STS behind a load balancer, perform the following steps before deploying the openssosts.war file:
Create a temporary staging area:
mkdir /tmp/staging
Go to the staging area:
cd /tmp/staging
Expand the openssosts.war file:
jar xvf WAR-FILE-HOME/openssosts.war
Go to the config directory:
cd config
Remove the options.htm file:
rm options.htm
Go up one directory:
cd ..
Create openssosts.war from the staging area:
jar cf /tmp/openssosts.war *
Redeploy the /tmp/openssosts.warfile on the same web container instance on which OpenSSO STS was originally deployed and configured.
Remove the staging area directory:
rm -rf /tmp/staging
With a Load Balancer. If OpenSSO STS is fronted by a load balancer, protect DEPLOY_URI/config/options.htm from the load balancer.
|
 Copyright © 2010, 2011, Oracle and/or its affiliates. All rights reserved. Legal Notices |
|
