Sun Java System Access Manager 7 2005Q4 Developer's Guide

Chapter 13 Notification Service

Sun JavaTM System Access Manager 7 2005Q4 Notification Service allows for session notifications to be sent to remote web containers. It is necessary to enable this service for use by SDK applications running remotely from the Access Manager server itself. This chapter explains how to enable a remote web container to receive the notifications. It contains the following sections:

Overview

The Notification Service allows for session notifications to be sent to web containers that are running the Access Manager SDK remotely. The notifications apply to the Session, Policy and Naming Services only. In addition, the remote application must be running in a web container. The purpose of the notifications would be:

Note that the notifications can be received only if the remote SDK is installed on a web container.

Enabling The Notification Service

Following are the steps to configure the remote SSO SDK to receive session notifications. Setting up clients to receive notifications

ProcedureTo Receive Session Notifications

  1. Install Access Manager on Machine 1.

  2. Install Sun Java System Web Server on Machine 2.

  3. Install the SUNWamsdk on the same machine as the Web Server.

    For instructions on installing the Access Manager SDK remotely, see the Sun Java Enterprise System 2005Q1 Installation Guide.

  4. Ensure that the following are true concerning the machine where the SDK is installed.

    1. Ensure that the right access permissions are set for the / remote_SDK_server/ SUNWam/lib and / remote_SDK_server / SUNWam/locale directories on the server where the SDK is installed.

      These directories contains the files and jars on the remote server.

    2. Ensure that the following permissions are set in the Grant section of the server.policy file of the Web Server.

      server.policy is in the config directory of the Web Server installation. These permissions can be copied and pasted, if necessary:

      permission java.security.SecurityPermission "putProviderProperty.Mozilla-JSS"

      permission java.security.SecurityPermission "insertProvider.Mozilla-JSS";

    3. Ensure that the correct classpath is set in server.xml.

      server.xml is also in the config directory of the Web Server installation. A typical classpath would be:

      <JAVA javahome="/export/home/ws61/bin/https/jdk" 
      serverclasspath="/export/home/ws61/bin/https/jar/webserv-rt.jar:
      ${java.home}/lib/tools.jar:/export/home/ws61/bin/https/jar/webserv-ext.jar:
      /export/home/ws61/bin/https/jar/webserv-jstl.jar:/export/home/ws61/
      	bin/https/jar/nova.jar"
      classpathsuffix="::/IS_CLASSPATH_BEGIN_DELIM:
      				//usr/share/lib/xalan.jar:
      				//export/SUNWam/lib/xmlsec.jar:
      				//usr/share/lib/xercesImpl.jar:
      				//usr/share/lib/sax.jar:
      				//usr/share/lib/dom.jar:
      				//export/SUNWam/lib/dom4j.jar:
      				//export/SUNWam/lib/jakarta-log4j-1.2.6.jar:
      				//usr/share/lib/jaxm-api.jar:
      				//usr/share/lib/saaj-api.jar:
      				//usr/share/lib/jaxrpc-api.jar:
      				//usr/share/lib/jaxrpc-impl.jar:
      				//export/SUNWam/lib/jaxm-runtime.jar:
      				//usr/share/lib/saaj-impl.jar:/export/SUNWam
      				//lib:/export/SUNWam/locale:
      				//usr/share/lib/mps/jss3.jar:
      				//export/SUNWam/lib/	am_sdk.jar:
      				//export/SUNWam/lib/am_services.jar:
      				//export/SUNWam/lib/am_sso_provider.jar:
      				//export/SUNWam/lib/swec.jar:
      				//export/SUNWam/lib/acmecrypt.jar:
      				//export/SUNWam/lib/iaik_ssl.jar:
      				//usr/share/lib/jaxp-api.jar:
      				//usr/share/lib/mail.jar:
      				//usr/share/lib/activation.jar:
      				//export/SUNWam/lib/servlet.jar:
      				//export/SUNWam/lib/am_logging.jar:
      				//usr/share/lib/commons-logging.jar:
      				//IS_CLASSPATH_END_DELIM:" 
      envclasspathignored="true" debug="false"
      debugoptions="-Xdebug -Xrunjdwp:
      transport=dt_socket,
      server=y,suspend=n" 
      javacoptions="-g" 
      dynamicreloadinterval="2">
      
  5. Use the SSO samples installed on the remote SDK server for configuration purposes.

    1. Change to the / remote_SDK_server /SUNWam/samples/sso directory.

    2. Run gmake.

    3. Copy the generated class files from / remote_SDK_server /SUNWam/samples/sso to / remote_SDK_server /SUNWam/lib/.

  6. Copy the encryption value of am.encryption.pwd from the AMConfig.properties file installed with Access Manager to the AMConfig.properties file on the remote server to which the SDK was installed.

    The value of am.encryption.pwd is used for encrypting and decrypting passwords.

  7. Login into Access Manager as amadmin.

    http://AcceessManager-HostName:3000/amconsole

  8. Execute the servlet by entering http:// remote_SDK_host:58080/servlet/SSOTokenSampleServlet into the browser location field and validating the SSOToken.

    SSOTokenSampleServlet is used for validating a session token and adding a listener. Executing the servlet will print out the following message:

    SSOToken host name: 192.18.149.33 SSOToken Principal name: uid=amAdmin,ou=People,dc=red,dc=iplanet,dc=com Authentication type used: LDAP IPAddress of the host: 192.18.149.33 The token id is AQIC5wM2LY4SfcyURnObg7vEgdkb+32T43+RZN30Req/BGE= Property: Company is - Sun Microsystems Property: Country is - USA SSO Token Validation test Succeeded

  9. Set the property com.iplanet.am.notification.url= in AMConfig.properties of the machine where the Client SDK is installed:


    com.iplanet.am.notification.url=http://clientSDK_host.domain:port
    /servlet
        com.iplanet.services.comm.client.PLLNotificationServlet
  10. Restart the Web Server.

  11. Login into Access Manager as amadmin.

    http://AcceessManager-HostName:3000/amconsole

  12. Execute the servlet by entering http:// remote_SDK_host:58080/servlet/SSOTokenSampleServlet into the browser location field and validating the SSOToken again.

    When the machine on which the remote SDK is running receives the notification, it will call the respective listener when the session state is changed. Note that the notifications can be received only if the remote SDK is installed on a web container.