Login to OpenSSO Enterprise Administration Console.
Create two new groups: manager and admin, as follows:
To test access to the manager and host-manager applications, add several test users to each group.
Create a policy with two rules and allow access to the manager and admin groups. For example:
If the redirect loop issue is a concern, set the Cookie Encode property to Yes in the OpenSSO Enterprise server:
In the console, click Configuration, Server and Sites, and the OpenSSO Enterprise Server Instance name.
Click Security and then Cookie. By default Encode Cookie is set to No.
Click Inheritance Settings, deselect Encode Cookie, and then click Save.
You can now change the cookie encoding option.
Click Back to Server Profile.
Set Cookie Encoding to Yes and click Save.
Make the following Tomcat 6.0 manager and host-manager application changes:
For the manager application, in the $CATALINA_HOME/webapps/manager/WEB-INF/web.xml, change <role-name>manager</role-name> to:
For the host-manager application, in the $CATALINA_HOME/webapps/host-manager/WEB-INF/web.xml, change <role-name>admin</role-name> to:
Note. The dc=opensso,dc=java,dc=net part in the manager and admin role values is used because OpenSSO Enterprise is deployed using the default mode. If you have a custom setup and the DN is different, change the value for your deployment.
Restart the OpenSSO Enterprise server.