Before Deploying OpenSSO on WebSphere Application Server 7.0

Complete the following steps:

1. Add genericJvmArguments and Security Permissions

2. Run the JSP compiler

Before making changes to any file described in this chapter, it a good practice to stop the web container and make a backup of the file.

Add GenericJvmArguments and Security Permissions

Add the genericJvmArguments using the WebSphere Admin Console or by editing the server.xml file:

1. Open the following file:

   install_root/IBM/WebSphere/AppServer/profiles/AppSrv01/config/cells/<cellName>/nodes/<nodeName>/servers/server/server.xml

2. Find the jvmEntries element.

3. Add the following JVM options to genericJVMArguments in server.xml and save the file:

   genericJvmArguments="-Djava.awt.headless=true -DamCryptoDescriptor.provider=IBMJCE -DamKeyGenDescriptor.provider=IBMJCE -Djavax.management.builder.initial= / -Dcom.sun.management.jmxremote"

4. If the Java Security Manager is enabled, add the following security permissions to the server.policy file, and then save the file:

   grant { permission java.net.SocketPermission "*", "listen,connect,accept,resolve"; permission java.util.PropertyPermission "*", "read, write"; permission java.lang.RuntimePermission "modifyThreadGroup"; permission java.lang.RuntimePermission "setFactory"; permission java.lang.RuntimePermission "accessClassInPackage.*"; permission java.util.logging.LoggingPermission "control"; permission java.lang.RuntimePermission "shutdownHooks"; permission javax.security.auth.AuthPermission "getLoginConfiguration"; permission javax.security.auth.AuthPermission "setLoginConfiguration"; permission javax.security.auth.AuthPermission "modifyPrincipals"; permission javax.security.auth.AuthPermission "createLoginContext.*"; permission java.io.FilePermission "<<ALL FILES>>", "read,write,execute,delete"; permission java.util.PropertyPermission "java.util.logging.config.class", "write"; permission java.security.SecurityPermission "removeProvider.SUN"; permission java.security.SecurityPermission "insertProvider.SUN"; permission javax.security.auth.AuthPermission "doAs"; permission java.util.PropertyPermission "java.security.krb5.realm", "write"; permission java.util.PropertyPermission "java.security.krb5.kdc", "write"; permission java.util.PropertyPermission "java.security.auth.login.config", "write"; permission java.util.PropertyPermission "user.language", "write"; permission javax.security.auth.kerberos.ServicePermission "*", "accept"; permission javax.net.ssl.SSLPermission "setHostnameVerifier"; permission java.security.SecurityPermission "putProviderProperty.IAIK"; permission java.security.SecurityPermission "removeProvider.IAIK"; permission java.security.SecurityPermission "insertProvider.IAIK"; permission java.lang.RuntimePermission "setDefaultUncaughtExceptionHandler"; permission javax.management.MBeanServerPermission "newMBeanServer"; permission javax.management.MBeanPermission "*", "registerMBean"; permission java.lang.RuntimePermission "createClassLoader"; permission javax.security.auth.AuthPermission "getSubject"; permission javax.management.MBeanTrustPermission "register"; permission java.lang.management.ManagementPermission "monitor"; permission javax.management.MBeanPermission "*", "queryMBeans"; permission javax.management.MBeanServerPermission "createMBeanServer"; permission java.security.SecurityPermission "getProperty.authconfigprovider.factory"; permission java.security.SecurityPermission "setProperty.authconfigprovider.factory"; permission java.lang.RuntimePermission "createClassLoader"; permission java.lang.RuntimePermission "getClassLoader"; permission java.lang.RuntimePermission "setContextClassLoader"; permission java.lang.RuntimePermission "setFactory"; permission java.lang.RuntimePermission "setIO"; permission java.lang.RuntimePermission "modifyThread"; permission java.lang.RuntimePermission "stopThread"; permission java.lang.RuntimePermission "getProtectionDomain"; permission java.lang.RuntimePermission "readFileDescriptor"; permission java.lang.RuntimePermission "writeFileDescriptor"; permission java.lang.RuntimePermission "loadLibrary.*"; permission java.lang.RuntimePermission "accessClassInPackage.*"; permission java.lang.RuntimePermission "defineClassInPackage.*"; permission java.lang.RuntimePermission "accessDeclaredMembers"; permission java.lang.RuntimePermission "queuePrintJob"; permission java.io.FilePermission "<<ALL FILES>>", "read,write,execute,delete"; permission java.util.PropertyPermission "*", "read,write"; permission com.ibm.oti.shared.SharedClassPermission "*", "read,write"; permission com.ibm.websphere.security.WebSphereRuntimePermission "getSSLConfig", / "read,write,execute,delete"; permission java.lang.reflect.ReflectPermission "suppressAccessChecks"; permission javax.management.MBeanPermission "*", "isInstanceOf"; permission javax.management.MBeanPermission "*", "getAttribute"; permission java.net.NetPermission "getProxySelector"; };

5. Restart WebSphere Application Server 7.0.