Documentation Home
> Sun OpenSSO Enterprise 8.0 Installation and Configuration Guide
Sun OpenSSO Enterprise 8.0 Installation and Configuration Guide
Book Information
Index
A
D
O
P
R
S
Preface
Chapter 1 Getting Started With OpenSSO Enterprise 8.0
OpenSSO Enterprise 8.0 Requirements
Overview of Installing and Configuring OpenSSO Enterprise
OpenSSO Enterprise 8.0 Changes to Consider
Summary of the OpenSSO Enterprise 8.0 Installation and Configuration Steps
Using Sun Service Tags With OpenSSO Enterprise
Chapter 2 Deploying the OpenSSO Enterprise Web Container
Planning Your OpenSSO Enterprise Web Container Deployment
Sun Java System Application Server 9.1 Update 1 and Update 2
OpenSSO Enterprise Pre-Deployment Tasks
GlassFish Application Server V2 UR1 and UR2
OpenSSO Enterprise Pre-Deployment Tasks
Sun Java System Web Server 7.0 Update 3
OpenSSO Enterprise Pre-Deployment Tasks
Apache Tomcat 5.5.27 and 6.0.x
OpenSSO Enterprise Pre-Deployment Tasks
OpenSSO Enterprise Post-Deployment Tasks
Oracle WebLogic Server 9.2 MP2
OpenSSO Enterprise Pre-Deployment Tasks
Oracle WebLogic Server 10
OpenSSO Enterprise Pre-Deployment Tasks
Oracle Application Server 10g
OpenSSO Enterprise Pre-Deployment Tasks
IBM WebSphere Application Server 6.1
OpenSSO Enterprise Pre-Deployment Tasks
Adding GenericJvmArguments
Adding Security Permissions
Running the JSP Compiler
Post-Deployment Tasks
Using the ssoadm and ampassword Utilities
Apache Geronimo Application Server 2.1.1
OpenSSO Enterprise Pre-Deployment Tasks
JBoss Application Server 4.x
OpenSSO Enterprise Pre-Deployment Tasks
Adding Security Permissions For a Web Container
Adding OpenSSO Enterprise Security Permissions
OpenSSO Enterprise Security Permissions for Apache Tomcat
OpenSSO Enterprise Security Permissions for WebLogic Server
OpenSSO Enterprise Security Permissions for IBM WebSphere Application Server 6.1
OpenSSO Enterprise Security Permissions for JBoss Application Server
OpenSSO Enterprise Security Permissions for Oracle Application Server
OpenSSO Enterprise Security Permissions for Geronimo Application Server
To Enable the Java Security Manager for Geronimo Application Server
Chapter 3 Installing OpenSSO Enterprise
Downloading OpenSSO Enterprise
Deploying the OpenSSO Enterprise WAR File
To Deploy the OpenSSO Enterprise WAR (opensso.war) File
Creating and Deploying Specialized OpenSSO Enterprise WAR Files
Examples: Deploying OpenSSO Enterprise on JBoss Application Server
Method 1: Deploying OpenSSO Enterprise Server on JBoss Application Server Using the Exploded Archive Method
To Deploy OpenSSO Enterprise Server on JBoss Application Server Using the Exploded Archive Method
Method 2: Deploing OpenSSO Enterprise Server on JBoss Application Server Using the Traditional Single Archive Method
To Deploy OpenSSO Enterprise Server on JBoss Application Server Using the Traditional Single Archive Method
Chapter 4 Configuring OpenSSO Enterprise Using the GUI Configurator
Starting the Configurator
To Start the Configurator
Configuring OpenSSO Enterprise With the Default Configuration
To Configure OpenSSO Enterprise With the Default Configuration
Configuring OpenSSO Enterprise With a Custom Configuration
To Configure OpenSSO Enterprise With a Custom Configuration
Chapter 5 Configuring OpenSSO Enterprise Using the Command-Line Configurator
Requirements to Run the Command-Line Configurator
Installing the Command-Line Configurator
To Install the Command-Line Configurator
Configuring OpenSSO Enterprise Server
To Configure OpenSSO Enterprise Using the Command-Line Configurator
OpenSSO Enteprise Configuration Parameters For the Command-Line Configurator
General and Server Parameters
Configuration Data Store Parameters
Multi-Server Deployment Parameters
User Data Store Parameters
Site Configuration Parameters
Chapter 6 Installing the OpenSSO Enterprise Utilities and Scripts
Installing the OpenSSO Enterprise Utilities and Scripts in the ssoAdminTools.zip File
To Install the OpenSSO Enterprise Utilities and Scripts in the ssoAdminTools.zip File
Using ssoadm With OpenSSO Enterprise Configured as a Site
To Use ssoadm With OpenSSO Enterprise Configured as a Site
Running the Unix Authentication Helper (amunixd Daemon)
To Run the Unix Authentication Helper (amunixd Daemon)
Chapter 7 Running the OpenSSO Diagnostic Tool
Getting Started With the OpenSSO Diagnostic Tool
Unzipping the ssoDiagnosticTools.zip File
Setting Your JAVA_HOME Environment Variable
Invoking the Diagnostic Tool
Running the Diagnostic Tool Tamper-Detection Tests
To Run the Diagnostic Tool to Create Checksum Files
To Run the Diagnostic Tool Detect Tamper Test
Chapter 8 Implementing OpenSSO Enterprise Session Failover
Overview of OpenSSO Enterprise Session Failover
OpenSSO Enterprise Session Failover Components
OpenSSO Enterprise Session Failover Flow
Installing and Configuring the OpenSSO Enterprise Session Failover Components
Unzipping the ssoSessionTools.zip File
To Unzip the ssoSessionTools.zip File
Running the Session Failover setup Script
To Run the Session Failover setup Script
Editing the amsessiondb Script (if Needed)
Encrypting the Message Queue Broker Password Using the amsfopassword Script (Required)
To Encrypt the Message Queue Broker Password Using the amsfopassword Script
Running the amsfo Script to Start and Stop the Session Failover Components
To Run the amsfo Script
Configuring Session Failover in the OpenSSO Enterprise Console
To Configure Session Failover in the OpenSSO Enterprise Console
Chapter 9 Deploying a Distributed Authentication UI Server
Distributed Authentication UI Server Overview
Distributed Authentication UI Server Deployment Scenario
Requirements for a Distributed Authentication UI Server Deployment
Generating a Distributed Authentication UI Server WAR File
To Generate a Distributed Authentication UI Server WAR File
Deploying the Distributed Authentication UI Server WAR File
To Deploy the Distributed Authentication UI Server WAR File
Configuring the Distributed Authentication UI Server
To Configure the Distributed Authentication UI Server
Accessing the Distributed Authentication User Interface Web Application
Chapter 10 Deploying the Identity Provider (IDP) Discovery Service
Generating an IDP Discovery Service WAR File
To Generate an IDP Discovery Service WAR File
Configuring the IDP Discovery Service
To Configure the IDP Discovery Service
Chapter 11 Installing the OpenSSO Enterprise Console Only
Requirements to Deploy Only the Console
Generating a Console Only WAR File
To Generate a Console Only WAR File
Deploying and Configuring the Console Only WAR File
To Deploy and Configure the Console Only WAR File
Accessing the Console
Chapter 12 Installing OpenSSO Enterprise Server Only
Requirements to Deploy OpenSSO Enterprise Server Only
Generating a WAR File to Deploy OpenSSO Enterprise Server Only
To Generate a WAR File to Deploy OpenSSO Enterprise Server Only
Deploying OpenSSO Enterprise Server Only
To Deploy OpenSSO Enterprise Server Only
Chapter 13 Installing the OpenSSO Enterprise Client SDK
OpenSSO Enterprise Client SDK Requirements
Installing the OpenSSO Enterprise Client SDK
To Install the OpenSSO Enterprise Client SDK
Compiling and Running the Client SDK Samples
To Compile and Run the Client SDK Samples
Chapter 14 Configuring OpenSSO Enterprise Sessions
Setting Session Quota Constraints
Deployment Scenarios for Session Quota Constraints
Multiple Settings For Session Quotas
Configuring Session Quota Constraints
To Configure Session Quota Constraints
Configuring Session Property Change Notifications
To Configure Session Property Change Notifications
Chapter 15 Enabling the Access Manager SDK (AMSDK) Identity Repository Plug-in
Requirements to Enable the AMSDK Identity Repository Plug-in
Configuring Sun Java System Directory Server
To Configure an Existing Directory Server With Access Manager 7.x User Data Store
To Configure a New Directory Server
Configuring OpenSSO Enterprise Server
Configuring OpenSSO Enterprise Server Using the ssoadm Command with add-amsdk-idrepo-plugin Subcommand
To Configure OpenSSO Enterprise Server Using the ssoadm Command and add-amsdk-idrepo-plugin Subcommand
Configuring OpenSSO Enterprise Server Manually
Loading the Directory Access Instructions (DAI) Service
To Load the DAI Service
Loading the AMSDK Subschema
To Load the AMSDK Subschema
Updating the Directory Server Information for the AMSDK Plug-in
To Update the Directory Server Information for the AMSDK Plug-in
Enabling Persistent Search Connections for the AMSDK Plug-in
To Enable Persistent Search Connections for the AMSDK plug-in
Creating a Data Store Using the AMSDK Plug-in
To Create a Data Store Using the AMSDK Plug-in
Chapter 16 Managing LDAP Persistent Searches
Enabling Persistent Searches
To Enable Persistent Searches Using the Console
Enabling Persistent Searches by Setting the com.sun.am.event.connection.disable.list Property
Disabling Persistent Searches
To Disable Persistent Searches Using the Console
Disabling Persistent Searches by Setting the com.sun.am.event.connection.disable.list Property
Re-Enabling Persistent Searches
To Disable Persistent Searches for a Data Store
Disabling Persistent Searches on a Data Store
To Disable Persistent Searches on a Data Store
Configuration Properties That Affect Persistent Searches
Chapter 17 Customizing OpenSSO Enterprise Administration Console Pages
Customizing the OpenSSO Enterprise Login and Logout Pages
To Customize the OpenSSO Enterprise Login and Logout Pages
Chapter 18 Loading the OpenSSO Schema into Sun Java System Directory Server
Loading the OpenSSO Schema into Directory Server
To Load the OpenSSO Schema into Directory Server
Chapter 19 Using Active Directory as the User Data Store
Overview of Using Active Directory as the User Data Store
Requirements For Active Directory as the User Data Store
Configuring Active Directory With the OpenSSO Enterprise Schema Files
To Configure Active Directory with OpenSSO Enterprise Schema Files
Configuring a Data Store For Active Directory
To Configure a Data Store For Active Directory
Configuring an Authentication Module to Login Through Active Directory
To Configure an Authentication Module to Login Through Active Directory
Operational Notes
Chapter 20 Using IBM Tivoli Directory Server as the User Data Store
Requirements For Using Tivoli Directory Server as the User Data Store
Loading LDIF Files for Tivoli Directory Server
Configuring the Tivoli Directory Server Data Store in the OpenSSO Console
To Configure the Tivoli Directory Server Data Store in the OpenSSO Console
Chapter 21 Configuring OpenSSO Enterprise 8.0 in FIPS Mode
Enabling FIPS Mode for the NSS Database
To Enable FIPS Mode for the NSS Database
Configuring FIPS Mode for Sun Java System Web Server 7.0
Enabling FIPS Mode for Web Server 7.0
To Enable FIPS Mode for Web Server 7.0
Configuring the Web Server 7.0 Transport Layer Security (TLS) to be FIPS 140 Compliant
To Configure the Web Server 7.0 TLS to be FIPS 140 Compliant
Configuring FIPS Mode for OpenSSO Enterprise 8.0
To Configure FIPS Mode for OpenSSO Enterprise 8.0
OpenSSO Enterprise 8.0 FIPS Compliant Algorithms
Chapter 22 Taking Precautions Against Session-Cookie Hijacking in an OpenSSO Enterprise Deployment
Defining Key Cookie Hijacking Security Issues
Cookie Hijacking Security Issues
OpenSSO Enterprise Solution: Shared Session Cookies
OpenSSO Enterprise Solution: A Less Secure Application
OpenSSO Enterprise Solution: Modification of Profile Attributes
Key Aspects of the OpenSSO Enterprise Solution: Cookie Hijacking Security Issues
OpenSSO Enterprise Session Cookies Involved in Issuing Unique SSO Tokens
Enabling OpenSSO Enterprise to Use Unique SSO Tokens
Implementing the OpenSSO Enterprise Solution for Cookie Hijacking Security Issues
About the Agent Profile
Configuring the OpenSSO Enterprise Deployment Against Cookie Hijacking
To Configure the OpenSSO Enterprise Deployment Against Cookie Hijacking
Chapter 23 Patching OpenSSO Enterprise 8.0
Planning Your Patch Operation
To Plan Your Patch Operation
OpenSSO Patch and Upgrade Paths
Overview of the ssopatch Utility
Running the ssopatch Utility
Installing the ssopatch Utility
To Install the ssopatch Utility
Patching an OpenSSO Enterprise 8.0 WAR File
To Patch OpenSSO Enterprise 8.0
Creating a New OpenSSO Enterprise 8.0 Patched WAR File
To Create a New OpenSSO Enterprise 8.0 Patched WAR File
Running the updateschema Script
To Run the updateschema Script
Patching a Site With Multiple OpenSSO Enterprise Instances
To Patch a Site With Multiple OpenSSO Enterprise Instances
Chapter 24 Uninstalling OpenSSO Enterprise
Uninstalling OpenSSO Enterprise Server
To Uninstall OpenSSO Enterprise Server
Uninstalling the OpenSSO Enterprise Utilities and Scripts
To Uninstall the OpenSSO Enterprise Utilities and Scripts
Uninstalling a Distributed Authentication UI Server Deployment
To Uninstall a Distributed Authentication UI Server Deployment
Uninstalling an IDP Discovery Deployment
To Uninstall an IDP Discovery Deployment
Uninstalling a Client Sample Deployment
To Uninstall a Client Sample Deployment
Uninstalling a Fedlet Deployment
To Uninstall a Fedlet Deployment
Uninstalling an OpenSSO Enterprise Console Only Deployment
To Uninstall an OpenSSO Enterprise Console Only Deployment
Uninstalling the OpenSSO Enterprise Client SDK
To Uninstall the OpenSSO Enterprise Client SDK
Removing OpenSSO Enterprise Entries From Directory Server
To Remove OpenSSO Enterprise Entries From Directory Server
© 2010, Oracle Corporation and/or its affiliates