To Modify the Top-Level Realm for User Authentication

1. Access https://osso-1.example.com:1081/opensso/console in a web browser.

2. Log in to the OpenSSO Enterprise console as the administrator.

   User Name:

   amadmin

   Password:

   ossoadmin

3. Click the Access Control tab.

4. Click / (Top Level Realm), the root realm, under the Access Control tab.

5. Click the Data Stores tab.

   The GenericLDAPv3 data store link is displayed.

6. Click GenericLDAPv3.

7. On the GenericLDAPv3 data store properties page, set the following attribute values and click Save.

   LDAP People Container Naming Attribute

   Enter ou.

   LDAP Groups Container Value

   Enter Groups.

   LDAP Groups Container Naming Attribute

   Enter ou.

   LDAP People Container Value

   Enter users.

   ---

   Note –

   If this field is empty, the search for user entries will start from the root suffix.

   ---

8. Click Back to Data Stores.

9. (Optional) Click the Subjects tab to verify that the test users are now displayed.

   testuser1 and testuser2 are displayed under Users (as well as others created during OpenSSO Enterprise configuration.

10. Click the Authentication tab.

11. Click the Advanced Properties link under General.

    The Core Realm Attributes page is displayed.

12. Change the value of User Profile to Ignored.

    This new value specifies that a user profile is not required by the Authentication Service in order to issue a token after successful authentication. This modification is specific to this deployment example because the OpenSSO Enterprise schema and the Directory Server schema have not been mapped.

13. Click Save.

14. Click Back to Authentication.

15. Click Back to Access Control.

16. Log out of the OpenSSO Enterprise console.