Chapter 3 Before You Begin

This chapter contains information you need to know before beginning the documented installation and configuration procedures. It contains the following sections:

• 3.1 Technical Reference

• 3.2 Setting Up the Load Balancers

• 3.3 Obtaining Secure Socket Layer Certificates

• 3.4 Resolving Host Names

• 3.5 Known Issues and Limitations

3.1 Technical Reference

See Chapter 2, Technical Overview for a quick reference of host machines, port numbers, operating systems, naming conventions, and component names used in this deployment example. See Part V, Appendices for more detailed information.

3.2 Setting Up the Load Balancers

The load balancer hardware and software used in this deployment environment is BIG-IP® manufactured by F5 Networks. If you are using different load balancer software, see the documentation that comes with that product for detailed settings information. This document assumes that you have already installed the required load balancers. The following identity provider sections require load-balancing hardware and software.

• 4.5 Configuring the Directory Server Load Balancer

• 5.2 Configuring the OpenSSO Enterprise Load Balancer

The following service provider sections require load-balancing hardware and software.

• 7.5 Configuring the Directory Server Load Balancer

• 8.2 Configuring the OpenSSO Enterprise Load Balancer

3.3 Obtaining Secure Socket Layer Certificates

In order to enable secure communications using the Secure Sockets Layer (SSL) protocol you need to obtain root certificates and server certificates from a certificate authority (CA). A CA root certificate proves that the particular CA issued a particular server certificate. CA root certificates are publicly available. The root certificate used in this deployment is a self-signed certificate issued by OpenSSL for testing purposes only; it is named ca.cer. You can obtain a root certificate from any commercial certificate issuer such as VeriSign, Thawte, Entrust, or GoDaddy.

The server certificates are requested from, and issued by, OpenSSL within each procedure. You should know how to request server certificates from your CA of choice before beginning this deployment. The following identity provider sections are related to requesting, installing, and importing root and server certificates.

• To Import a Root Certificate and a Server Certificate to Directory Server 1

• To Import a Root Certificate and a Server Certificate to Directory Server 2

• To Import the Root Certificate to Directory Server Load Balancer 1

• To Request a Certificate for OpenSSO Enterprise Load Balancer 2

• To Install the Certificate Authority Root Certificate to OpenSSO Enterprise Load Balancer 2

• To Install the Server Certificate to OpenSSO Enterprise Load Balancer 2

• To Install a Root Certificate and a Server Certificate on Directory Server 1

The following service provider sections are related to requesting, installing, and importing root and server certificates.

• To Install a Root Certificate and a Server Certificate on Directory Server 1

• To Install a Root Certificate and a Server Certificate on Directory Server 2

• To Import the Root Certificate to the User Data Load Balancer

• To Request a Certificate for OpenSSO Enterprise Load Balancer 2

• To Install a CA Root Certificate to OpenSSO Enterprise Load Balancer 2

• To Install the Server Certificate to OpenSSO Enterprise Load Balancer 2

• To Import a Certificate Authority Root Certificate to Protected Resource 1

• To Import a Certificate Authority Root Certificate to Protected Resource 1

3.4 Resolving Host Names

There are many ways to resolve the host names used in this deployment. You may use a DNS naming service, or you can map IP addresses to host names in the local host file on all UNIX® hosts. The same entries must also be added to equivalent files on Windows hosts, and on client machines where browsers are used. For example:

1xx.xx.xx.x1		ds1 	ds1.sp-example.com
1xx.xx.xx.x2		ds2 	ds2.sp-example.com
1xx.xx.xx.x3		osso1 		osso1.idp-example.com
1xx.xx.xx.x4		osso2 		osso2.idp-example.com

3.5 Known Issues and Limitations

See Appendix G, Known Issues and Limitations for descriptions of problems you may encounter when implementing the deployment example. This list will be updated as new information becomes available.

Although the instructions and procedures documented in this book incorporate many best practices, and may be suitable in many different scenarios, this is not the only way to achieve the same results. If you plan to deviate from the task sequence or details described, you should refer to the relevant product documentation for information on differences in platforms, software versions or other requirement constraints.