test

Sun OpenSSO Enterprise 8.0 Developer's Guide

ProcedureTo Develop a Custom Policy Plug-In

This information is also included in the OpenSSO Enterprise /samples directory. See the following file:

http://openSSO-host:3080/opensso/samples/policy/policy-plugins.html

  1. Write Java source files implementing Subject, Condition, Referral or ResponseProvider interface.

    See Sample Code for Custom Subjects, Conditions, Referrals, and Response Providers.

  2. Compile the source files to create class files.

    Include opensso.jar and opesnsso-sharedlib.jar in the classpath at compilation time.

  3. Package the compiled classes into a JAR file.

    In this example, the file is named policy-plugins.jar.

  4. Explode the opensso.war file.

  5. Add the policy-plugins.jar file to WEB-INF/lib directory.

    Alternatively, you can copy the custom plug-in classes to the WEB-INF/classes directory. Be sure to maintain the directory structure corresponding to the Java package of the plug-in classes.

  6. Update WEB-INF/classes/amPolicy.properties.

    Add the globalization (L10N) values for the new internationalization (I18N) keys used by iPlanetAMPolicyService.

  7. Update WEB-INF/classes/amPolicyConfig.properties.

    Add L10N values for the new I18N keys used by iPlanetAMPolicyConfigService.

  8. Recreate the WAR file.

  9. Redeploy the WAR file.

    Steps 1 through 9 have been already taken care of for the sample plug-ins included in OpenSSO distribution.

  10. Use the ssoadm command to register the new plug-ins with the iPlanetAMPolicyService.

    In the following example, the password.txt file contains the password of amadmin: 


    ssoadm create-svc -X amPolicy_mod.xml -u amadmin -f password.txt

    See the sample amPolicy_mod.xml. The new i18keys are referred in the XML file. Add Corresponding L10N values in amPolicy.properties.

  11. Register the new plug-ins in one of the following ways:

    • Use the ssoadm command to register the new plug-ins as choice values in the iPlanetAMPolicyConfigService.


      # ssoadm set-attr-choicevals -s iPlanetAMPolicyConfigService 
-t Organization -a iplanet-am-policy-selected-subjects 
-k a160=SampleSubject -u amadmin -f password.txt
 # ssoadm set-attr-choicevals -s iPlanetAMPolicyConfigService 
-t Organization -a iplanet-am-policy-selected-conditions 
-k a161=SampleCondition -u amadmin -f password.txt 
# ssoadm set-attr-choicevals -s iPlanetAMPolicyConfigService 
-t Organization -a iplanet-am-policy-selected-referrals 
-k a162=SampleReferral -u amadmin -f password.txt 
#ssoadm set-attr-choicevals -s iPlanetAMPolicyConfigService 
-t Organization -a sun-am-policy-selected-responseproviders 
-k a163=SampleResponseProvider -u amadmin -f password.txt

    • Use the ssoadm command to register the new plug-ins as enabled for a selected realm.


      # ssoadm add-attr-defs -s iPlanetAMPolicyConfigService -t Organization 
-a iplanet-am-policy-selected-subjects=SampleSubject -u amadmin -f password.txt
# ssoadm add-attr-defs -s iPlanetAMPolicyConfigService -t Organization 
-a iplanet-am-policy-selected-conditions=SampleCondition -u amadmin -f password.txt
# ssoadm add-attr-defs -s iPlanetAMPolicyConfigService -t Organization 
-a iplanet-am-policy-selected-referrals=SampleReferral -u amadmin -f password.txt
# ssoadm add-attr-defs -s iPlanetAMPolicyConfigService -t Organization 
-a sun-am-policy-selected-responseproviders=SampleResponseProvider 
-u amadmin -f password.txt

    • Use the administration console to register the new plug-ins for existing realms.

      1. Log in to the administration console as amadmin or administrator.

      2. Navigate to the Realm > Services > Policy Configuration.

      3. In the Policy Configuration page, enable or disable the selected plug-in.

  12. Restart the web application or the container.

  13. Use either the administration console or the ssoadm command to add the instances of the new plug-ins while defining policies.

    The new plug-ins are available as choices in appropriate policy management pages of the administration console.

  14. To disable the custom plug-ins from being added to newly-created policies:

    1. In the administration console, navigate to Access Control > Realm > Services | Policy Configuration.

    2. Deselect the appropriate custom plug-ins.

    3. Save the Policy Configuration properties page for exisiting realms.

    If you navigate to Configuration > Global > Policy Configuration and do this, the custom plug-ins would be deselected for the realms that would be created subsequently.

  15. Copy your custom plug-in classes to <TOOLS_HOME>/classes.

    Be sure to maintain the directory structure corresponding to the Java package of the plug-in classes. You can copy the classes of bundled, custom sample plug-ins from the exploded opensso.war directory WEB-INF/classes/com/sun/identity/samples/policy. This is required if you plan to use ssoadm to export or add policies.