Deployment Example: SAML v2 Using Sun OpenSSO Enterprise 8.0

5.4 Configuring the OpenSSO Enterprise Platform Service

The Platform Service provides centralized configuration management for an OpenSSO Enterprise deployment. In this procedure, you configure the two instances of OpenSSO Enterprise to work as a single unit. Once configured as a site, all client requests go through the configured load balancer. Use the following list of procedures as a checklist for completing this task.

To Create a Site on OpenSSO Enterprise 1

It is not necessary to repeat this procedure on OpenSSO Enterprise 2.

Access https://osso1.idp-example.com:1081/opensso/console in a web browser.

Under the Configuration tab, click Servers and Sites.

The Servers and Sites page is displayed.

Click New under Sites.

The New Site properties page is displayed.

Enter the following values for the load balancer and click OK.

Name

External

Primary URL

https://lb2.idp-example.com:1081/opensso

A new site called External is displayed in the Sites list.

Click on the https://osso1.idp-example.com:1081/opensso server entry under the Servers list.

The Edit https://osso1.idp-example.com:1081/opensso page is displayed.

Assign External from the Parent Site drop down list and click Save.

Click the Advanced tab.

Enter the number generated for the osso1.idp-example.com host machine as the value of the com.iplanet.am.lbcookie.value property and click Save.

The number was generated using the makecookie command in To Configure OpenSSO Enterprise Load Balancer 2.

Click Back to Server and Sites.

Click on the https://osso2.idp-example.com:1081/opensso server entry under the Servers list.

The Edit https://osso2.idp-example.com:1081/opensso page is displayed.

Assign External from the Parent Site drop down list and click Save.

Click the Advanced tab.

Enter the number generated for the osso2.idp-example.com host machine as the value of the com.iplanet.am.lbcookie.value property and click Save.

The number was generated using the makecookie command in To Configure OpenSSO Enterprise Load Balancer 2.

Click Back to Server and Sites.

Note –
You should see External under the Site Name column for both servers.

Log out of the OpenSSO Enterprise console.

As a root user, log in to the osso1.idp-example.com host machine.

Restart the web container for the changes to take effect.

# su osso80adm
# cd /export/osso80adm/domains/ossodomain/bin
# ./stopserv; ./startserv

Server was successfully stopped.

admin username:  domain2adm

admin password:  domain2pwd

master password: domain2master

Redirecting output to /export/osso80adm/domains/ossodomain/logs/server.log

As a root user, log in to the osso2.idp-example.com host machine.

Restart the web container for the changes to take effect.

# su osso80adm
# cd /export/osso80adm/domains/ossodomain/bin
# ./stopserv; ./startserv

Server was successfully stopped.

admin username:  domain2adm

admin password:  domain2pwd

master password: domain2master

Redirecting output to /export/osso80adm/domains/ossodomain/logs/server.log

Log out of both OpenSSO Enterprise host machines.

To Verify that the OpenSSO Enterprise Site was Configured Properly

Access the load balancer at https://lb2.idp-example.com:1081/opensso/UI/Login.

If an error message is displayed indicating that the browser cannot connect to either osso1.idp-example.com or osso2.idp-example.com, the site configuration is not correct. If the site configuration is correct, all browser interactions will occur as expected.

When the OpenSSO Enterprise login page is displayed, verify that the browser URL still contains the Primary Site URL configured for the load balancer.

If it does not contain the Site URL, the site configuration is incorrect. If the site configuration is correct, all browser interactions will occur through the secure Site URL.

Log in to the OpenSSO Enterprise console as the administrator.

User Name:

amadmin

Password:

ossoadmin

A successful login occurs when the site configuration is correct.

Log out of the OpenSSO Enterprise console.