Enable CDSSO for the Centralized Mode policy agent profile.
Log in to the OpenSSO Enterprise server as an administrator.
In the OpenSSO Enterprise administration console, go to Realm > Agents > J2EE Agents > Agent_Name > SSO.
Enable the property Cross Domain SSO
Set the value for the CDSSO Redirect URI.
Example: /agentapp/sunwCDSSORedirectURI
Set the value for the CDSSO Servlet URL.
Example:
lb2_server_protocol://lb2_server.hostname:lb2_server.port/server-deployment-uri/cdcservlet |
Set the CDSSO Clock Skew to 0.
Add the CDSSO Trusted ID Provider.
Example:
server1_protocol://server1.hostname:server1.port/server1-deployment-uri/cdcservlet server2_protocol://server2.hostname:server2.port/server2-deployment-uri/cdcservlet |
Enable CDSSO for the Local Mode policy agent profile:
Edit OpenSSOAgentConfiguration.properties and set CDSSO related parameters. Example:
com.sun.identity.agents.config.cdsso.enable = true com.sun.identity.agents.config.cdsso.redirect.uri=/agentapp/sunwCDSSORedirectURI com.sun.identity.agents.config.cdsso.cdcservlet.url[0] = <lb2_server_protocol>://<lb2_server.hostname>: <lb2_server.port>/<server-deployment-uri>/cdcservlet com.sun.identity.agents.config.cdsso.clock.skew = 0 com.sun.identity.agents.config.cdsso.trusted.id.provider[0]= <server1_protocol>://<srver1.hostname>: <server1.port>/<server1-deployment-uri>/cdcservlet com.sun.identity.agents.config.cdsso.trusted.id.provider[1] = <server2_protocol>://<server2.hostname>: <server2.port>/<server2-deployment-uri>/cdcservlet |
Enable Cookie Hijacking Prevention in the OpenSSO Enterprise server.
Log in OpenSSO Enterprise server as an administrator.
In the OpenSSO Enterprise administration console, go to Configuration >Sites and Server >Default server settings > Advanced and set the following properties:
com.sun.identity.enableUniqueSSOTokenCookie=true com.sun.identity.authentication.uniqueCookieName=sunIdentityServerAuthNServer com.sun.identity.authentication.uniqueCookieDomain=server domain |
Go to Configuration > System > Platform .
Remove server domain and add the OpenSSO Enterprise server host name.
If OpenSSO Enterprise is deployed behind a load balancer, then in step 3c, do not use the OpenSSO server host name. Instead, be sure to use the load balancer host name.
Enable a unique SSO token cookie in the agent profile.
Do one of the following:
For the Centralized Mode policy agent, go to RootRealm > Agents> J2EE Agents > AgentName > Advanced > Custom Properties, and add the following property: com.sun.identity.enableUniqueSSOTokenCookie=true.
For the Local Mode policy agent, in the OpenSSOAgentConfiguration.properties file, add the following property: com.sun.identity.enableUniqueSSOTokenCookie=true.