|Oracle® OpenSSO Release Notes
Release 11gR1. Version 18.104.22.168.0
Part Number E17846-03
The Oracle OpenSSO Security Token Service (OpenSSO STS) provides a secure way to handle identity propagation that is controllable by policy. As a trusted authority service, OpenSSO STS issues and validates security tokens. As a web services security provider, OpenSSO STS secures communication among web service clients and web service providers
This chapter contains the following topics:
For detailed installation and administration instructions, see the Oracle OpenSSO Security Token Service Administrator's Guide in this documentation library.
For information about the platforms and product versions supported by the Oracle OpenSSO Security Token Service, see the appropriate certification matrix:
The Oracle OpenSSO Security Token Service is available to download from the Oracle Fusion Middleware 11gR1 Software Downloads page:
This section describes the following issues and workarounds for the Oracle OpenSSO Security Token Service:
Before you configure OpenSSO STS, set the Internet Options settings for Internet Explorer 7 or Internet Explorer 8 as follows:
Add the OpenSSO STS site to be configured to the Trusted sites zone.
Included per bug 6940462.
do-batch subcommand throws a Null Pointer Exception (NPE) related to logging before the command completes.
Included per bug 6964741.
After deploying OpenSSO STS (
openssosts.war) in Oracle WebLogic Server 10.3.3 in production mode and starting the OpenSSO STS web application, exceptions are thrown in the console where the WebLogic Server domain was started.
After starting OpenSSO STS, it remains started and exceptions are not thrown again until OpenSSO STS is stopped and then restarted.
The workaround is to copy the
saaj-impl.jar file from the OpenSSO STS
opensso-client-jdk15.war file to the WebLogic Server 10.3.3 configuration
endorsed directory, as follows:
Stop the WebLogic Server 10.3.3 domain.
If necessary, unzip the OpenSSO STS ZIP file.
Create a temporary directory and unzip the
openssosts-zip-path/opensso/samples/opensso-client.zip file in that directory, where
openssosts-zip-path is where you unzipped the OpenSSO STS ZIP file. For example:
cd openssosts-zip-path/samples mkdir ziptmp cd ziptmp unzip ../opensso-client.zip
Create a temporary directory and extract the
saaj-impl.jar file from
opensso-client-jdk15.war. For example:
cd openssosts-zip-path/opensso/samples/ziptmp/war mkdir wartmp cd wartmp jar xvf ../opensso-client-jdk15.war WEB-INF/lib/saaj-impl.jar
Create a new directory named
endorsed under the
WEBLOGIC_JAVA_HOME/jre/lib directory (if
endorsed does not exist), where
WEBLOGIC_JAVA_HOME is the JDK that WebLogic Server is configured to use.
saaj-impl.jar file to the
Start the WebLogic Server domain.
Included per bug 6964168.
openssosts.zip contains the
opensso-client.zip, which has samples and corresponding WAR files. The
opensso-client-jdk15.war file is not supported, because the minimum supported JDK for OpenSSO STS is JDK 1.6.0_18.
The workaround is to not deploy the
openssoclient-jdk15.war file. This WAR file, however, contains the
saaj-impl.jar file, which is used in the workaround for Section 1.3.3, "Activating OpenSSO STS in the WebLogic Server 10.3.3 Administration Console Throws Exceptions."
stsconfig.jsp to create a successful OpenSSO STS configuration, to avoid an internal accidental configuration overwrite or change of the OpenSSO STS configuration, it is recommended that you perform one of the following procedures.
Without a Load Balancer. If you have not deployed OpenSSO STS behind a load balancer, perform the following steps before deploying the
Create a temporary staging area:
Go to the staging area:
jar xvf WAR-FILE-HOME/openssosts.war
Go to the config directory:
Go up one directory:
openssosts.war from the staging area:
jar cf /tmp/openssosts.war *
/tmp/openssosts.warfile on the same web container instance on which OpenSSO STS was originally deployed and configured.
Remove the staging area directory:
rm -rf /tmp/staging
With a Load Balancer. If OpenSSO STS is fronted by a load balancer, protect
DEPLOY_URI/config/options.htm from the load balancer.