Federation (Sun Java System Federation Manager 7.0 Release Notes)

Sun Java System Federation Manager 7.0 Release Notes

Federation

The following issues are related to the federation features of Federation Manager.

ambulkfed script refers to wrong paths on Linux (6435835)
Single Sign-On Using Artifact Fails when Federation Manager is Deployed in WebSphere Application Server 5.1.1.3 (6431994)
Web Browser Artifact Profile fails when Federation Manager is Deployed in WebSphere Application Server (6320498)
Federation fails when Federation Manager is deployed in WebSphere Application Server and using Secure Sockets Layer (6322995)
Federation fails when Federation Manager is deployed in BEA WebLogic Server and using Secure Sockets Layer (6324673)

`ambulkfed` script refers to wrong paths on Linux (6435835)

The ambulkfed script federates LDAP users in bulk with remote providers.

WORKAROUND: Change the following lines in the ambulkfed script:

gettext=/usr/bin/gettext
ECHO=/usr/bin/echo
RM=/usr/bin/rm

gettext=/bin/gettext
ECHO=/bin/echo
RM=/bin/rm

Single Sign-On Using Artifact Fails when Federation Manager is Deployed in WebSphere Application Server 5.1.1.3 (6431994)

WebSphere Application Server 5.1.1.3 bundles an older version of javax.xml.namespace.QName which does not have the getPrefix method.

WORKAROUND: After installing Federation Manager, copy fm_staging_dir/web-src/WEB-INF/lib/jax-qname.jar to websphere_install_root/AppServer/lib/qname.jar

Web Browser Artifact Profile fails when Federation Manager is Deployed in WebSphere Application Server (6320498)

When Federation Manager is deployed in WebSphere Application Server, federation using the Web Browser Artifact Profile fails when the service provider attempts to send an artifact back to the identity provider.

WORKAROUND: You must override WebSphere's default SOAP factory by doing the following:

Edit WebSphere's server.xml file by replacing:

<jvmEntries xmi:id="JavaVirtualMachine_1" classpath="" bootClasspath="" 
verboseModeClass="false" verboseModeGarbageCollection="false" 
verboseModeJNI="false" runHProf="false" hprofArguments="" 
debugMode="false" debugArgs="-Djava.compiler=NONE -Xdebug 
-Xnoagent -Xrunjdwp:transport=dt_socket,server=y,suspend=n,
address=7777" genericJvmArguments="">

with

<jvmEntries xmi:id="JavaVirtualMachine_1" verboseModeClass="false" 
verboseModeGarbageCollection="false" verboseModeJNI="false" 
initialHeapSize="256" maximumHeapSize="256" runHProf="false" 
hprofArguments="" debugMode="false" debugArgs="-Djava.compiler=NONE 
-Xdebug -Xnoagent -Xrunjdwp:transport=dt_socket,server=y,suspend=n,address=7777" 
genericJvmArguments="-Dcom.iplanet.am.serverMode=true">
<classpath>/usr/share/lib/saaj-api.jar:/usr/share/lib/saaj-impl.jar</classpath>

server.xml is located in websphere-base/WebSphere/AppServer/config/cells/cell-name/nodes/node-name/servers/server-instance/. The cell-name/node-name/server-instance variables identify the name of the cell/node/server in which Federation Manager is deployed. For example, /opt/WebSphere/AppServer/config/cells/moonriver/nodes/moonriver/servers/server1/server.xml

Restart the WebSphere instance.

Federation fails when Federation Manager is deployed in WebSphere Application Server and using Secure Sockets Layer (6322995)

User federation between an identity provider and a service provider fails when Federation Manager is deployed in WebSphere Application Server and using Secure Sockets Layer (SSL).

WORKAROUND: You must find the Java Development Kit (JDK) 1.4 or above and modify WebSphere's server.xml file as described below. server.xml is located in websphere-base/WebSphere/AppServer/config/cells/cell-name/nodes/node-name/servers/server-instance/. The cell-name/node-name/server-instance variables identify the name of the cell/node/server in which Federation Manager is deployed. For example, /opt/WebSphere/AppServer/config/cells/moonriver/nodes/moonriver/servers/server1/server.xml.

Add Sun Microsystems' library to the classpath by adding the following to the jvmEntries element:
<classpath>JAVA_HOME/jre/lib/jsse.jar</classpath>
Note –
The jsse.jar used here must be from the same version of the JDK that WebSphere is using.

Add the protocol handler package to the genericJvmArguments property of jvmEntries element by adding the following:

-Djava.protocol.handler.pkgs=com.sun.net.ssl.internal.www.protocol

It will look like this:

<jvmEntries xmi:id="JavaVirtualMachine_1" verboseModeClass="false" 
verboseModeGarbageCollection="false" verboseModeJNI="false" 
runHProf="false" hprofArguments="" debugMode="false" 
debugArgs="-Djava.compiler=NONE -Xdebug -Xnoagent 
-Xrunjdwp:transport=dt_socket,server=y,suspend=n,address=7777" 
genericJvmArguments="-Djava.protocol.handler.pkgs=
com.sun.net.ssl.internal.www.protocol">
<classpath>/usr/j2se/jre/lib/jsse.jar</classpath>
</jvmEntries>

Copy the stronger US_export_policy.jar and local_policy.jar files to the /jdk/jre/lib/security directory if the SSL handshake requires.
Restart WebSphere.

Federation fails when Federation Manager is deployed in BEA WebLogic Server and using Secure Sockets Layer (6324673)

User federation between an identity provider and a service provider fails when using SSL and Federation Manager is deployed in WebLogic Server.

WORKAROUND: Modify the startWebLogic.sh script by adding the following:

-DUseSunHttpHandler=true