2. OpenSSO 8.0 Update 2 Patch Releases
3. Installing OpenSSO 8.0 Update 2
4. Using the Security Token Service
5. Using the Oracle OpenSSO Fedlet
6. Integrating the OpenSSO 8.0 Update 2 with Oracle Access Manager
Unpacking the Integration Bits
Building Source Files for Oracle Access Manager in OpenSSO
To Build the Source Files for Oracle Access Manager
(Optional) Build an Authentication Scheme for OpenSSO in Oracle Access Manager
To Build an Authentication Scheme for OpenSSO in Oracle Access Manager
Configuring Single Sign-On Using Oracle Access Manager and Oracle OpenSSO STS
To Configure Single Sign-On Using Oracle Access Manager and Oracle OpenSSO 8.0 Update 2
(Optional) Installing of Oblix AuthScheme into Oracle Access Manager
Integrating the OpenSSO 8.0 Update 2 with Oracle Access Manager
Before you begin: Sun Java System Web Server 7.x must already be installed and configured. See the Sun Java System Web Server Documentation Wiki for Web Server installation instructions.
For installation instructions, see the Policy Agent 3.0 guide for the agent you are using. These guides are available in the following documentation collection:
See the Oracle Access Manager Installation Guide 10g (10.1.4.3)
See the Oracle Access Manager Installation Guide 10g (10.1.4.3)
Configure OpenSSO so that it protects only deployURI/UI/* of the OpenSSO web application. Example:/opensso/UI/.../*
For Oracle Access Manager policies, resources and other configuration details, check the Oracle Access Manager administration guide. Unprotect every other URL in OpenSSO Enteprise. This is for simple single sign-on integration scenario, but evaluate policies based on full integration and other deployment dependencies.
The browser redirects to Oracle Access Manager for authentication. After successful authentication, OpenSSO presents a login page. Log in using the OpenSSO admin user name and password.
The authentication module service can be loaded from command line ssoadm utility, and as well as browser based ssoadm.jsp.
This loads the authentication module service into the OpenSSO configuration.
The Core service contains a list of authenticators. Choose the register-auth-module option in http://host:port/opensso/ssoadm.jsp. Enter com.sun.identity.authentication.oblix.OblixAuthModule as the authentication module class name.
Access OpenSSO using the URL http://host:port/opensso. In the OpenSSO console, click the default realm, and then click the Authentication tab. Click New to create a new authentication module named OblixAuth.
Configure the Oblix SDK directory. Enable Check Remote User Header Only, and specify the remote header name as OAM_REMOTE_USER. This parameter is configurable based on the deployment.
In the OpenSSO console, go to Configuration > Core > Realm Attributes > User Profile . Choose Ignored, and then click Save.
This configuration prevents OpenSSO from searching for an existing user profile after successful authentication. However, if the user repository used by OpenSSO and Oracle Access Manager are exactly same, then this step is not necessary. Go to Admin Console -> Configuration -> Core -> Realm Attributes -> User Profile. Choose Ignored, and then click Save.
Update LD_LIBRARY_PATH in the startserv script to include the shared libraries from $ACCESSDKDIR/oblix/lib.