Sun OpenSSO Enterprise Policy Agent 3.0 Guide for Apache Tomcat 6.0

Allowing an OpenSSO Enterprise User to Access the Administration Web Application

In this task, you edit the Administration web application's web.xml file to allow an OpenSSO Enterprise user to access the Administration web application.

ProcedureTo Allow an OpenSSO Enterprise User to Access the Administration Web Application

  1. Change to the following directory for the Tomcat 6.0 version 3.0 instance:

    $CATALINA_HOME/server/webapps/admin/WEB-INF

  2. In the web.xml file, find the user and role information for the Administrator role.

    This role is defined in the <role-name> element under the <security-role> element.

  3. Delete the Administrator security role.

  4. Create a new Administrator security role using the user and group that you created in the OpenSSO Enterprise Console, as described in Creating OpenSSO Enterprise Users and Groups.

    For example:

    <security-role>
    <role-name>id=admin,ou=group,dc=realm-name,dc=example,dc=com</role-name>
    </security-role>
  5. Replace the Administrator role defined in the <role-name> element under the <auth-constraint> element with the contents of the <role-name> element as described in the previous step.

    For example:

    <auth-constraint>
    <role-name>id=admin,ou=group,dc=realm-name,dc=example,dc=com</role-name>
    </auth-constraint>
  6. Save the web.xml file.

  7. Restart the Tomcat 6.0 web container.