Customizing the Distributed Authentication User Server Interface

A Sun OpenSSO Enterprise Distributed Authentication UI server provides for secure, distributed authentication across two firewalls in an OpenSSO Enterprise deployment. You install the Distributed Authentication UI server subcomponent on a web container on one or more servers within the DMZ layer of the OpenSSO Enterprise deployment. This subcomponent acts as an authentication interface between end users and the OpenSSO Enterprise instances behind the second firewall, thus eliminating the exposure of the OpenSSO Enterprise service URLs to the end users.

The remote Distributed Authentication UI server subcomponent uses authentication client APIs and utility classes to authenticate users. The subcomponent uses a customizable JATO presentation framework.

You can modify the JSP templates and module configuration properties files to reflect branding and specific functionality for the following:

Organization/SubOrganization

Organization or sub-organization of the request.

Locale

Locale of the request.

Client Path

Client type information of the request.

Service Name (serviceName)

Service name for service-based authentication.

For background information about a Distributed Authentication UI server, see the Sun OpenSSO Enterprise 8.0 Installation and Configuration Guide.

To Customize the Distributed Authentication Server User Interface

In this procedure, you will create a Distributed Authentication Server UI WAR file from opensso.war and then customize the new WAR file.

1. Make sure that your JAVA_HOME environment variable points to a JDK of version 1.5 or later.

2. If necessary, download and unzip the opensso_enterprise_80.zip file.

   The opensso.war file is then in the zip-root/opensso/deployable-war directory, where zip-root is where you unzipped the opensso_enterprise_80.zip file.

3. Create a new staging directory to extract the files from opensso.war. For example:

   # mkdir opensso-staging

4. In the staging directory, extract the files from opensso.war. For example:

   # cd opensso-staging
   # jar xvf zip-root/opensso/deployable-war/opensso.war

5. Create the Distributed Authentication UI server WAR using the files in fam-distauth.list:

   # cd opensso-staging
   # jar cvf zip-root/opensso/deployable-war/distauth.war \
      @zip-root/opensso/deployable-war/fam-distauth.list

   where distauth.war is the name of the new Distributed Authentication UI server WAR file.

   Note: Some web containers require the Distributed Authentication WAR file name to use the same name as the deployment URI.

6. Update the WAR file created in previous step with the additional files required for the Distributed Authentication UI server. For example:

   # cd zip-root/opensso/deployable-war/distauth
   # jar uvf zip-root/opensso/deployable-war/distauth.war *

   You are now ready to customize the new distauth.war.

7. Create a new directory to explode your new distauth.war. For example:

   # mkdir distauth-staging

8. Explode the new Distributed Authentication User Interface WAR in the staging directory you created in the previous step. For example:

   # cd distauth-staging
   # jar xvf zip-root/opensso/deployable-war/distauth.war

9. Create a new directory for your customized files. For example:

   # cd distauth-staging/config/auth
   # mkdir custdaui

   Use the following form:

   org_locale/orgPath/filePath
           org/orgPath/filePath
           default_locale/orgPath/filePath
           default/orgPath/filePath

   where:

   orgPath = subOrg1/subOrg2
           filePath = clientPath + serviceName
           clientPath = clientType/sub-clientType

   The following items are optional: Sub-org, Locale , Client Path , and Service Name . In the following example, orgPath and filePath are optional.

   For example, given the following:

   org = iplanet
   locale = en
   subOrg = solaris
   clientPath = html/company/
   serviceName = paycheck

   The appropriate directory paths for the above are:

   iplanet_en/solaris/html/company/paycheck    
   iplanet/solaris/html/company/paycheck          
   default_en/solaris/html/company/paycheck         
   default/solaris/html/company/paycheck

10. Change to the directory where the JSP and XML files are stored, and copy the JSP and authentication module configuration (XML) files from the default directory to the new directory.

    #cd distauth-staging/config/auth/default
    cp *.jsp distauth-staging/config/auth/custdaui
    cp *.xml distauth-staging/config/auth/custdaui

11. Customize the following files in the custdaui directory, as required for your deployment:

    • JSP files: Java Server Page (JSP) Files

    • XML configuration files: XML Files

12. Update the WAR file with the customized files:

    # cd distauth-staging/config/auth/custdaui
    # jar uvf zip-root/opensso/deployable-war/distauth.war *

    You are now ready to deploy the customized distauth.war file.

Next Steps

To deploy and configure the customized Distributed Authentication User Interface server WAR file, see Chapter 8, Deploying a Distributed Authentication UI Server, in Sun OpenSSO Enterprise 8.0 Installation and Configuration Guide.