Deploying the SAML v2 Plug-in for Federation Services in Sun Java System Application Server
With Sun Java System Application Server, you can
use the deploy subcommand of the asadmin utility
to deploy a WAR file. The syntax is:
# asadmin deploy --user admin-user --passwordfile filename --port port --contextroot deployment-URI --name deployment-URI --target instance-name WAR-file-location
where:
|
admin-user |
Defines the ID of the Application Server administrator. |
|
filename |
Defines the full path to the file that stores the password of the Application Server administrator. You must manually edit this file so it can be understood by the asadmin utility. The password must be in the form: AS_ADMIN_PASSWORD=password where password is the password in text used during the installation of Application Server. |
|
port |
Defines the port for the Application Server Domain Administration Server. The default is 4849. |
|
deployment-URI |
Defines the URI for the application. Note – Note the inclusion of the leading slash. |
|
instance-name |
Defines the instance of Application Server to which the WAR will be deployed. |
|
WAR-file-location |
Defines the full path to the WAR file being deployed. |
Note –
The asadmin options listed above are those relevant to deploying the SAML v2 Plug-in for Federation Services. For more information (including the full set of options), see the Sun Java System Application Server Enterprise Edition 8.1 2005Q2 Reference Manual.
To Deploy the SAML v2 Plug-in for Federation Services in Application Server
To deploy the SAML v2 Plug-in for Federation Services in Application Server, type:
# ApplicationServer-base/bin/asadmin deploy --user AS-administrator --passwordfile filename --port port-number --contextroot deployment-URI --name deployment-URI --target instance-name war-file-location |
For example, when deploying the SAML v2 Plug-in for Federation Services in an instance of Federation Manager deployed in Application Server, you might use:
# /opt/SUNWappserver/appserver/bin/asadmin deploy --user admin --passwordfile /tmp/pwdfile --port 4849 --contextroot fm --name fm --target server1 /var/opt/SUNWam/fm/war_staging/federation.war |
Following the deployment, you must modify the Application Server server.policy file. By default, it is located in the /var/opt/SUNWappserver/domains/domain-name/ directory. In the sample below, the capitalized contents (all but WEB-INF) must be replaced with information applicable to your deployment.
Example A–1 Application Server server.policy File
// Federation Manager RELATED ADDITIONS
grant {
permission java.util.PropertyPermission "user.language", "write";
};
grant codeBase "file:${BASEDIR}/${PROD_DIR}/fm/web-src/WEB-INF/lib/am_sdk.jar" {
permission java.net.SocketPermission "*", "connect,accept,resolve";
};
grant codeBase "file:${BASEDIR}/${PROD_DIR}/fm/web-src/WEB-INF/lib/am_services.jar" {
permission java.net.SocketPermission "*", "connect,accept,resolve";
};
grant codeBase "file:$AS81_VARDIR/domains/$AS81_DOMAIN/applications/
j2ee-modules/${DEPLOY_WARPREFIX}/-" {
permission java.net.SocketPermission "*", "connect,accept,resolve";
};
grant {
permission java.lang.RuntimePermission "modifyThreadGroup";
permission java.lang.RuntimePermission "setFactory";
permission java.lang.RuntimePermission "accessClassInPackage.*";
permission java.util.logging.LoggingPermission "control";
permission java.lang.RuntimePermission "shutdownHooks";
permission javax.security.auth.AuthPermission "insertProvider.Mozilla-JSS";
permission java.security.SecurityPermission "putProviderProperty.Mozilla-JSS";
permission javax.security.auth.AuthPermission "getLoginConfiguration";
permission javax.security.auth.AuthPermission "setLoginConfiguration";
permission javax.security.auth.AuthPermission "modifyPrincipals";
permission javax.security.auth.AuthPermission "createLoginContext.*";
permission java.security.SecurityPermission "insertProvider.Mozilla-JSS";
permission javax.security.auth.AuthPermission "putProviderProperty.Mozilla-JSS";
permission java.io.FilePermission "ALL FILES", "execute,delete";
permission java.io.FilePermission "$VAR_SUBDIR/logs/*", "delete,write";
permission java.util.PropertyPermission "java.util.logging.config.class", "write";
permission java.security.SecurityPermission "removeProvider.SUN";
permission java.security.SecurityPermission "insertProvider.SUN";
permission java.security.SecurityPermission "removeProvider.Mozilla-JSS";
permission javax.security.auth.AuthPermission "doAs";
permission java.util.PropertyPermission "java.security.krb5.realm", "write";
permission java.util.PropertyPermission "java.security.krb5.kdc", "write";
permission java.util.PropertyPermission "java.security.auth.login.config", "write";
permission javax.security.auth.kerberos.ServicePermission "*", "accept";
permission javax.net.ssl.SSLPermission "setHostnameVerifier";
};
Modifications to server.policy are made as follows:
Table A–1 server.policy Modifications After Installation|
Replaceable Content |
Default Value |
|---|---|
|
$BASEDIR |
/opt |
|
$PROD_DIR |
SUNWam |
|
$AS81_VARDIR |
/var/opt/SUNWappserver |
|
$AS81_DOMAIN |
domain1 |
|
$VAR_SUBDIR |
/var/opt/SUNWam |
|
$DEPLOY_WARPREFIX |
federation |
To Remove the SAML v2 Plug-in for Federation Services from Application Server
To remove the SAML v2 Plug-in for Federation Services from Application Server, type:
# ApplicationServer-base/bin/asadmin undeploy --user AS-administrator --passwordfile filename --host host --port port --target instance-name deployment-URI |
where:
|
ApplicationServer-base |
Defines the Application Server installation directory. |
|
AS-administrator |
Defines the administrator of the Application Server |
|
filename |
Defines the file that holds the Application Server administrator password. |
|
host |
Defines the host server being used. |
|
port |
Defines the port number being used. |
|
instance-name |
Defines the instance of Application Server to which the application is deployed. |
|
deployment-URI |
Defines the SAML v2 Plug-in for Federation Services URI (with leading slash). |
For example:
# /opt/SUNWappserver/appserver/bin/asadmin undeploy --user admin --passwordfile /tmp/pwdfile --host samplehost.sun.com --port 4849 --target server1 /saml2 |
- © 2010, Oracle Corporation and/or its affiliates