Configuring OpenSSO Enterprise Server Manually
In this scenario, you want to customize the DAI service (ums.xml file), so you must configure OpenSSO Enterprise server manually by:
-
Updating the Directory Server Information for the AMSDK Plug-in
-
Enabling Persistent Search Connections for the AMSDK Plug-in
Loading the Directory Access Instructions (DAI) Service
To Load the DAI Service
-
In the zip-root/opensso/xml/ums.xml file, replace the following items, as needed for your deployment:
-
@USER_NAMING_ATTR@ with your user naming attribute. For example, uid (which is the default)
-
@ORG_NAMING_ATTR@ with your organization naming attribute. For example, o (which is the default)
-
-
Load the DAI service from the ums.xml file using the ssoadm command with the create-svc subcommand. For example:
# ./ssoadm create-svc -u amadmin -f ./password-file \ --xmlfile zip-root/opensso/xml/ums.xml
where:
-u specifies the administrative user. For example: amadmin
-f specifies the password file for the administrative user.
--xmlfile (or -X) specifies the path to the ums.xml file.
zip-root is where the opensso_enterprise_80.zip file was unzipped.
Loading the AMSDK Subschema
To Load the AMSDK Subschema
-
In zip-root/opensso/xml/idRepoAmSDK.xml, replace @NORMALIZED_ORGBASE@ with the Directory Server root suffix.
-
Load the IdRepo subschema using the ssoadm command with the add-sub-schema subcommand. For example:
# ./ssoadm add-sub-schema -u amadmin -f ./password-file \ -s sunIdentityRepositoryService -t Organization -F zip-root/opensso/xml/idRepoAmSDK.xml
where:
-u specifies the administrative user. For example: amadmin
-f specifies the password file for the administrative user.
-s specifies the service name. Must be sunIdentityRepositoryService
-t specifies the schema type. Must be: Organization
-F specifies the path to the idRepoAmSDK.xml file.
Updating the Directory Server Information for the AMSDK Plug-in
Update the Directory Server information by exporting, modifying, and then re-importing the information.
Important: If your deployment has multiple OpenSSO Enterprise server instances, you must perform the following steps on all server instances.
To Update the Directory Server Information for the
AMSDK Plug-in
-
Export the Directory Server configuration information from the OpenSSO Enterprise server instance using the ssoadm command with the get-svccfg-xml subcommand. For example:
# ./ssoadm get-svrcfg-xml -u amadmin -f ./password-file \ -s http(s)://host.domain:port/opensso -o serverconfig.xml
where:
-u specifies the administrative user. For example: amadmin
-f specifies the password file for the administrative user.
-s specifies the server instance name. For example: https://openssohost1.example.com:8080/opensso
-o specifies the output file name that will contain the Directory Server configuration information. For example: serverconfig.xml
-
Edit the Directory Server configuration information in the serverconfig.xml file as follows:
-
Import the revised Directory Server configuration information using the ssoadm command with the set-svccfg-xml subcommand. For example:
# ./ssoadm set-svrcfg-xml -u amadmin -f ./password-file \ -s http(s)://host.domain:port/opensso -X serverconfig.xml
where:
-u specifies the administrative user. For example: amadmin
-f specifies the password file for the administrative user.
-s specifies the server instance name. For example: http://openssohost1.example.com:8080/opensso
-X specifies the input file name that contains the revised Directory Server configuration information. For example: serverconfig.xml
Enabling Persistent Search Connections for the AMSDK Plug-in
This task involves enabling the persistent search (psearch) connections for the OpenSSO Enterprise server to allow the AMSDK Identity Repository plug-in to receive change notifications.
To Enable Persistent Search Connections for the AMSDK
plug-in
- © 2010, Oracle Corporation and/or its affiliates