Access the Identity Manager console.
In this example, go to http://ApplicationServerHost:Port/idm/login.jsp. The Identity Manager login page is displayed.
Log in using the following credentials:
Add the OpenSSO Enterprise realm adapter to the resource classpath.
Navigate to Resources | Configure Types.
At the bottom of the page, click “Add Custom Resource.”
Add the following to the Resource Classpath:
In earlier versions of OpenSSO Enterprise, it was possible to install Access Manager in the legacy mode of operation. In legacy mode, a different Identity Manager resource adapter com.waveset.adapter.SunAccessManagerResourceAdapter, should be configured on Identity Manager. Both types of adapters have the same functionality. But com.waveset.adapter.SunAccessManagerResourceAdapter uses the legacy Access Manager AMSDK API, while the com.waveset.adapter.SunAccessManagerRealmResourceAdapteruses the OpenSSO Enterprise idRepo API.
Configure the OpenSSO Enterprise Realm adapter.
Navigate to Resources | List Resources
Choose --Resource Type Actions-- | New Resource
Choose Sun Access Manager Realm from the list of resources. Click New.
In the Create Sun Access Manager Realm Resource Wizard screen, click Next.
In the Resource Parameters screen, provide the following information:
Fully-qualified hostname of the OpenSSO Enterprise server. Example: host1.example.com
Port number of the OpenSSO Enterprise server. In this example, 48080.
You must use an OpenSSO Enterprise realm administrator, and not a non-administrator user, because it requires special permissions. If you use a non-administator user, this test will fail. Use the realm administrator configured in the previous section.
This is the plain-text password of the user realm administrator.
Protocol of the OpenSSO Enterprise server realm or Identity Manager. In this example, enter http.
This is the realm name of the OpenSSO Enterprise server. In this example, enter /idm. If the user entered above were in the top-level realm, you would enter just a slash (/).
This is the value of the am.encryption.pwd property in the AMConfig.properties file.
You can obtain the value of am.encryption.pwd from the OpenSSO console. Navigate to Configuration > Servers and Sites > server-entry > Security .
This is the value of the com.iplanet.security.encryptor property in the AMConfig.properties file.
In this example, enter: com.iplanet.services.util.JCEEncryption.
This is the value of the com.iplanet.am.naming.url property in the AMConfig.properties file.
In this example, enter :http://host1.example.com:48080/opensso/namingservice.
Directory into which the Identity Manager Access Manager Resource will write debug logs. This directory must already exist.
In this example, enter:/opt/SUNWappserver91/domains/domain1/logs/opensso_debug.
Click Test Configuration.
The following message will be displayed: “Test connection succeeded for resource(s): SunAccessManagerRealm.” If you don't see this message, then you must troubleshoot by looking at the following logs:
Application Server server.log
Access Manager client logs at /opt/SUNWappserver91/domains/domain1/logs/opensso_debug (specified in the form above)
In the Account Attributes page, set the following mapping:
In the Identity Template page, make sure you have this entry:
In the Identity System Parameters page, select uid for the Display Name Attribute parameter.
Click Save to save the value.
The Resource List page is displayed. You should see a resource of the type Sun Access Manager Realm. To expand this branch, click the arrow next to it.
Expand the Sun Access Manager Realm type by clicking the arrow next to it.
You should see an entry SunAccessManagerRealm.
Expand the SunAccessManagerRealm branch by clicking the arrow next to it.
You should see a listing of all OpenSSO Enterprise roles and groups under this branch that exist in the OpenSSO Enterprise sub-realm that the Identity Manager Resource was configured with in step 4e above.