Creating the manager and admin Groups
To Create the host-manager and admin Groups
-
Login to OpenSSO Enterprise Administration Console.
-
Create two new groups: manager and admin, as follows:
-
To test access to the manager and host-manager applications, add several test users to each group.
-
Create a policy with two rules and allow access to the manager and admin groups. For example:
http://sso-host.example.com:8080/host-manager/*
http://sso-host.example.com:8080/manager/*
-
If the redirect loop issue is a concern, set the Cookie Encode property to Yes in the OpenSSO Enterprise server:
-
In the console, click Configuration, Server and Sites, and the OpenSSO Enterprise Server Instance name.
-
Click Security and then Cookie. By default Encode Cookie is set to No.
-
Click Inheritance Settings, deselect Encode Cookie, and then click Save.
You can now change the cookie encoding option.
-
Click Back to Server Profile.
-
Set Cookie Encoding to Yes and click Save.
-
-
Make the following Tomcat 6.0 manager and host-manager application changes:
-
For the manager application, in the $CATALINA_HOME/webapps/manager/WEB-INF/web.xml, change <role-name>manager</role-name> to:
<role-name>id=manager,ou=group,dc=opensso,dc=java,dc=net</role-name>
-
For the host-manager application, in the $CATALINA_HOME/webapps/host-manager/WEB-INF/web.xml, change <role-name>admin</role-name> to:
<role-name>id=admin,ou=group,dc=opensso,dc=java,dc=net</role-name>
Note. The dc=opensso,dc=java,dc=net part in the manager and admin role values is used because OpenSSO Enterprise is deployed using the default mode. If you have a custom setup and the DN is different, change the value for your deployment.
-
-
Restart the OpenSSO Enterprise server.
- © 2010, Oracle Corporation and/or its affiliates