Using ssoadm With OpenSSO Enterprise Configured as a Site

In a typical large deployment, OpenSSO Enterprise server instances are configured behind one or load balancers. The HTTP(s) traffic is usually one directional. That is, the traffic goes from one of the load balancers to the servers, but requests from servers are unable to reach the load balancers. If the above scenario applies to your deployment and you need to use the ssoadm utility (Solaris and Linux systems) or ssoadm.bat utility (Windows), perform the following procedure.

To Use ssoadm With OpenSSO Enterprise Configured as a Site

1. After you install the tools, edit the ssoadm or ssoadm.bat utility in the tools-zip-root/deploy_uri/bin directory.

   where:

   • tools-zip-root is the directory where you unzipped the ssoAdminTools.zip file.

   • deploy_uri is the name of the OpenSSO Enterprise deploy URI. For example: opensso

2. In the ssoadm or ssoadm.bat utility, add the following property to the java command:

   -D"com.iplanet.am.naming.map.site.to.server=
   http://lb.example.com:58080/opensso=http://ssohost1.example.com:58080/opensso"

   where:

   • lb is the load balancer.

   • ssohost1 is the OpenSSO Enterprise server where ssoadm is installed.

3. Save the ssoadm or ssoadm.bat utility.

   The utility can now send naming requests to the OpenSSO Enterprise server instance.

   Once the site is enabled, this property prevents the administrator from being denied access to the server when the load balancer is inaccessible. When the ssoadmin command tries to access the load balancer, if the load balancer is not accessible, ssoadmin can directly access the server specified in this property.