Chapter 4 Creating a Specialized OpenSSO Enterprise 8.0 Update 1 WAR File
Overview of the createwar Script
Sun OpenSSO Enterprise 8.0 Update 1 includes the createwar script to simplify the creation of the following specialized OpenSSO WAR files:
-
OpenSSO Administration Console only WAR
-
Distributed Authentication UI server WAR
-
OpenSSO server only WAR, without the Administration Console
-
IDP Discovery Service WAR
This script creates specialized OpenSSO WAR files by automatically executing several steps that you previously had to perform using the jar command.
The createwar script is available for the following platforms:
-
Solaris and Linux systems: createwar.sh
-
Windows: createwar.bat
After you unzip opensso_enterprise_80U1.zip for OpenSSO Enterprise 8.0 Update 1, the script is in the following directory:
zip-root/deploy_uri/deployable-war
where:
-
zip-root is the directory where you unzipped opensso_enterprise_80U1.zip for OpenSSO Enterprise 8.0 Update 1.
-
deploy_uri is the OpenSSO deploy URI. The default is opensso.
For example: /downloads/opensso/deployable-war
The following table shows the contents of the zip-root/opensso/deployable-war directory, where zip-root is where you unzip the opensso_enterprise_80U1.zip file.
|
File or Directory |
Description |
|---|---|
|
README |
README file |
|
createwar.sh |
Shell script to create WAR files on Solaris and Linux systems. |
|
createwar.bat |
Script to create WAR files on Windows. |
|
opensso.war |
OpenSSO Enterprise 8.0 Update 1 server WAR with samples. |
|
fam-idpdiscovery.list |
Files list for an IDP Discovery Service WAR. |
|
fam-distauth.list |
Files list for a Distributed Authentication UI server WAR. |
|
fam-console.list |
Files list for a Console Only WAR. |
|
fam-noconsole.list |
Files list for an OpenSSO Enterprise 8.0 Update 1 server WAR without the console. |
|
classes |
Directory containing resources and classes for executing the createwar.sh and createwar.bat scripts. |
|
idpdiscovery |
Directory containing additional files for an IDP Discovery Service WAR. |
|
distauth |
Directory containing additional files for Distributed Authentication UI server WAR. |
|
console |
Directory containing additional files for a console only WAR. |
|
noconsole |
Directory containing additional files for an OpenSSO Enterprise 8.0 Update 1 server WAR without the console. |
Running the createwar Script
To run the createwar script, follow this usage:
createwar --staging|-s stagingDir --type |-t typeOfWarFile --warfile|-w warfileName [--locale|-l locale]
where:
-
createwar is either createwar.sh or createwar.bat, depending on your platform.
-
stagingDir is the staging directory where the opensso.war files are extracted.
-
typeOfWarFile is the type of WAR file you want to create:
-
console - OpenSSO Administration Console only WAR
-
distauth - Distributed authentication UI server WAR
-
noconsole - OpenSSO server only WAR (without the Administration Console)
-
ldpdiscovery - IDP Discovery Service
-
-
warfileName is the name of the specialized WAR file to be created.
-
locale (optional) indicates the locale of your system where you are running the createwar script. Choices can be de (German), en_US (US English), es (Spanish), fr (French), ja (Japanese), zh_CN (Simplified Chinese), or zh_TW (Traditional Chinese).
To display the createwar help:
createwar -help|? [--locale|-l locale] |
Before You Begin Creating a Specialized WAR
-
If necessary, download and unzip the opensso_enterprise_80U1.zip file for OpenSSO Enterprise 8.0 Update 1.
-
Set your JAVA_HOME environment variable to the location of your JDK installation. The createwar script requires JDK 1.5 or later.
-
On Solaris and Linux systems, make the createwar.sh script executable. For example: chmod +x createwar.sh
Examples of Creating Specialized OpenSSO War Files
The following examples are intended for Solaris and Linux systems. If you are on a Windows system, run the createwar.bat script and adjust the paths for Windows conventions.
Creating a Console Only WAR File
To Create a Console Only WAR File
1. Create a staging directory and extract the files from opensso.war. For example:
mkdir /tmp/consolewarstaging cd /tmp/consolewarstaging jar xvf /downloads/opensso/deployable-war/opensso.war |
2. Run the createwar.sh script to create a console only WAR file named console.war.
You must execute createwar.sh (or createwar.bat on Windows) script in the deployable-war directory.
cd /downloads/opensso/deployable-war ./createwar.sh -s /tmp/consolewarstaging -t console -w /tmp/console.war |
3. You are now ready to deploy your new WAR, as described in After You Finish Creating a Specialized WAR.
Creating a Distributed Authentication UI Server WAR File
To Create a Distributed Authentication UI Server WAR File
1. Create a staging directory and extract the files from opensso.war. For example:
mkdir /tmp/dawarstaging cd /tmp/dawarstaging jar xvf /downloads/opensso/deployable-war/opensso.war |
2. Run the createwar.sh script to create a Distributed Authentication UI server WAR file named distauth.war.
You must execute createwar.sh (or createwar.bat on Windows) script in the deployable-war directory.
cd /downloads/opensso/deployable-war ./createwar.sh -s /tmp/dawarstaging -t distauth -w /tmp/distauth.war |
3. You are now ready to deploy your new WAR, as described in After You Finish Creating a Specialized WAR.
Creating a Server Only (No Admin Console) WAR File
To Create a Server Only (No Admin Console) WAR File
1. Create a staging directory and extract the files from opensso.war. For example:
mkdir /tmp/serveronlywarstaging cd /tmp/serveronlywarstaging jar xvf /downloads/opensso/deployable-war/opensso.war |
2. Run the createwar.sh script to create a server only WAR file named serveronly.war.
You must execute createwar.sh (or createwar.bat on Windows) script in the deployable-war directory.
cd /downloads/opensso/deployable-war ./createwar.sh -s /tmp/serveronlywarstaging -t noconsole -w /tmp/serveronly.war |
3. You are now ready to deploy your new WAR, as described in After You Finish Creating a Specialized WAR.
Creating an IDP Discovery Service WAR File
To Create an IDP Discovery Service WAR File
1. Create a staging directory and extract the files from opensso.war. For example:
mkdir /tmp/idpdiscoverywarstaging cd /tmp/idpdiscoverywarstaging jar xvf /downloads/opensso/deployable-war/opensso.war |
2. Run the createwar.sh script to create a IDP Discovery Service WAR file named idpdiscovery.war.
You must execute createwar.sh (or createwar.bat on Windows) script in the deployable-war directory.
cd /downloads/opensso/deployable-war ./createwar.sh -s /tmp/idpdiscoverywarstaging -t idpdiscovery -w /tmp/idpdiscovery.war |
3. You are now ready to deploy your new WAR, as described in After You Finish Creating a Specialized WAR.
After You Finish Creating a Specialized WAR
-
If you are deploying a Distributed Authentication UI server WAR file, see Creating a Distributed Authentication UI Server WAR File.
-
Deploy the specialized WAR file into your web container.
-
Access the specialized WAR deployment URL from your browser. For example, for a console only WAR: http://console-host.example.com:8080/console
-
When the configurator page is displayed, enter the configuration information for the specialized WAR.
The OpenSSO Configurator creates configuration data as follows:
-
OpenSSO Administration Console only: AMConfig.properties file in the home directory of the user running the web container where the specialized WAR file is deployed
-
Distributed Authentication UI server: /FAMDistAuth/AMDistAuthConfig.properties file in the home directory of the user running the web container where the specialized WAR file is deployed
-
OpenSSO server only:
-
Default configuration directory, which is opensso in the home directory of the user running the Configurator. For example, if the Configurator is run by super user (root), the configuration directory is /opensso.
-
user-home-directory.openssocfg, where user-home-directory is the home directory of the user who deployed the WAR file. For example, if the user is super user (root), the directory is /.openssocfg.
-
-
IDP Discovery Service: libIDPDiscoveryConfig.properties file in the home directory of the user running the web container where the specialized WAR file is deployed
Note –
It is highly recommended that you change the permissions of a configuration file to limit access to sensitive configuration information, such as the administrator password.
Next Steps
Access the specialized OpenSSO WAR from your browser for its specific function, using the same URL from Step 3.
For example: http://console-host.example.com:8080/console
Creating a Distributed Authentication UI Server User
Before you configure a Distributed Authentication UI server WAR file, on the OpenSSO Enterprise sserver, create a user who has the “Read and write access to all realm and policy properties” privilege. You will specify this user (and password) when you run the Configurator (distAuthConfigurator.jsp) to configure the WAR file.
To Create a Distributed Authentication UI Server User
-
Log in to the OpenSSO server administration console as amadmin.
-
Click Access Control, the default realm, and then Subjects.
-
Create a new user. For example: dauser
-
Create a new group. For example: dagroup
-
Add the new user to the new group.
-
Click Privileges and then the link for the new group.
-
Select the "Read and write access to all realm and policy properties" privilege and click Save.
Related Information
For information about deploying and configuring your new specialized WAR file, see the Sun OpenSSO Enterprise 8.0 Installation and Configuration Guide.
- © 2010, Oracle Corporation and/or its affiliates