Enabling The Notification Service

Following are the steps to configure the remote SSO SDK to receive session notifications.

To Receive Session Notifications

1. Install Access Manager on Machine 1.

2. Install Sun Java System Web Server on Machine 2.

3. Install the SUNWamsdk on the same machine as the Web Server.

   For instructions on installing the Access Manager SDK remotely, see the Sun Java Enterprise System 5 Installation Guide for Unix.

4. Ensure that the following are true concerning the machine where the SDK is installed.

   1. Ensure that the right access permissions are set for the / remote_SDK_server/ SUNWam/lib and / remote_SDK_server / SUNWam/locale directories on the server where the SDK is installed.

      These directories contains the files and jars on the remote server.

   2. Ensure that the following permissions are set in the Grant section of the server.policy file of the Web Server.

      server.policy is in the config directory of the Web Server installation. These permissions can be copied and pasted, if necessary:

      permission java.security.SecurityPermission "putProviderProperty.Mozilla-JSS"

      permission java.security.SecurityPermission "insertProvider.Mozilla-JSS";

   3. Ensure that the correct classpath is set in server.xml.

      server.xml is also in the config directory of the Web Server installation. A typical classpath would be:

      <JAVA javahome="/export/home/ws61/bin/https/jdk" 
      serverclasspath="/export/home/ws61/bin/https/jar/webserv-rt.jar:
      ${java.home}/lib/tools.jar:/export/home/ws61/bin/https/jar/webserv-ext.jar:
      /export/home/ws61/bin/https/jar/webserv-jstl.jar:/export/home/ws61/
      	bin/https/jar/nova.jar"
      classpathsuffix="::/IS_CLASSPATH_BEGIN_DELIM:
      				//usr/share/lib/xalan.jar:
      				//export/SUNWam/lib/xmlsec.jar:
      				//usr/share/lib/xercesImpl.jar:
      				//usr/share/lib/sax.jar:
      				//usr/share/lib/dom.jar:
      				//export/SUNWam/lib/dom4j.jar:
      				//export/SUNWam/lib/jakarta-log4j-1.2.6.jar:
      				//usr/share/lib/jaxm-api.jar:
      				//usr/share/lib/saaj-api.jar:
      				//usr/share/lib/jaxrpc-api.jar:
      				//usr/share/lib/jaxrpc-impl.jar:
      				//export/SUNWam/lib/jaxm-runtime.jar:
      				//usr/share/lib/saaj-impl.jar:/export/SUNWam
      				//lib:/export/SUNWam/locale:
      				//usr/share/lib/mps/jss3.jar:
      				//export/SUNWam/lib/	am_sdk.jar:
      				//export/SUNWam/lib/am_services.jar:
      				//export/SUNWam/lib/am_sso_provider.jar:
      				//export/SUNWam/lib/swec.jar:
      				//export/SUNWam/lib/acmecrypt.jar:
      				//export/SUNWam/lib/iaik_ssl.jar:
      				//usr/share/lib/jaxp-api.jar:
      				//usr/share/lib/mail.jar:
      				//usr/share/lib/activation.jar:
      				//export/SUNWam/lib/servlet.jar:
      				//export/SUNWam/lib/am_logging.jar:
      				//usr/share/lib/commons-logging.jar:
      				//IS_CLASSPATH_END_DELIM:" 
      envclasspathignored="true" debug="false"
      debugoptions="-Xdebug -Xrunjdwp:
      transport=dt_socket,
      server=y,suspend=n" 
      javacoptions="-g" 
      dynamicreloadinterval="2">
      

5. Use the SSO samples installed on the remote SDK server for configuration purposes.

   1. Change to the / remote_SDK_server /SUNWam/samples/sso directory.

   2. Run gmake.

   3. Copy the generated class files from / remote_SDK_server /SUNWam/samples/sso to / remote_SDK_server /SUNWam/lib/.

6. Copy the encryption value of am.encryption.pwd from the AMConfig.properties file installed with Access Manager to the AMConfig.properties file on the remote server to which the SDK was installed.

   The value of am.encryption.pwd is used for encrypting and decrypting passwords.

7. Login into Access Manager as amadmin.

   http://AcceessManager-HostName:3000/amconsole

8. Execute the servlet by entering http:// remote_SDK_host:58080/servlet/SSOTokenSampleServlet into the browser location field and validating the SSOToken.

   SSOTokenSampleServlet is used for validating a session token and adding a listener. Executing the servlet will print out the following message:

   SSOToken host name: 192.18.149.33 SSOToken Principal name: uid=amAdmin,ou=People,dc=red,dc=iplanet,dc=com Authentication type used: LDAP IPAddress of the host: 192.18.149.33 The token id is AQIC5wM2LY4SfcyURnObg7vEgdkb+32T43+RZN30Req/BGE= Property: Company is - Sun Microsystems Property: Country is - USA SSO Token Validation test Succeeded

9. Set the property com.iplanet.am.notification.url= in AMConfig.properties of the machine where the Client SDK is installed:

   com.iplanet.am.notification.url=http://clientSDK_host.domain:port /servlet com.iplanet.services.comm.client.PLLNotificationServlet

10. Restart the Web Server.

11. Login into Access Manager as amadmin.

    http://AcceessManager-HostName:3000/amconsole

12. Execute the servlet by entering http:// remote_SDK_host:58080/servlet/SSOTokenSampleServlet into the browser location field and validating the SSOToken again.

    When the machine on which the remote SDK is running receives the notification, it will call the respective listener when the session state is changed. Note that the notifications can be received only if the remote SDK is installed on a web container.