To Deploy the SAML v2 Plug-in for Federation Services in Application Server
To deploy the SAML v2 Plug-in for Federation Services in Application Server, type:
# ApplicationServer-base/bin/asadmin deploy --user AS-administrator --passwordfile filename --port port-number --contextroot deployment-URI --name deployment-URI --target instance-name war-file-location |
For example, when deploying the SAML v2 Plug-in for Federation Services in an instance of Federation Manager deployed in Application Server, you might use:
# /opt/SUNWappserver/appserver/bin/asadmin deploy --user admin --passwordfile /tmp/pwdfile --port 4849 --contextroot fm --name fm --target server1 /var/opt/SUNWam/fm/war_staging/federation.war |
Following the deployment, you must modify the Application Server server.policy file. By default, it is located in the /var/opt/SUNWappserver/domains/domain-name/ directory. In the sample below, the capitalized contents (all but WEB-INF) must be replaced with information applicable to your deployment.
Example A–1 Application Server server.policy File
// Federation Manager RELATED ADDITIONS
grant {
permission java.util.PropertyPermission "user.language", "write";
};
grant codeBase "file:${BASEDIR}/${PROD_DIR}/fm/web-src/WEB-INF/lib/am_sdk.jar" {
permission java.net.SocketPermission "*", "connect,accept,resolve";
};
grant codeBase "file:${BASEDIR}/${PROD_DIR}/fm/web-src/WEB-INF/lib/am_services.jar" {
permission java.net.SocketPermission "*", "connect,accept,resolve";
};
grant codeBase "file:$AS81_VARDIR/domains/$AS81_DOMAIN/applications/
j2ee-modules/${DEPLOY_WARPREFIX}/-" {
permission java.net.SocketPermission "*", "connect,accept,resolve";
};
grant {
permission java.lang.RuntimePermission "modifyThreadGroup";
permission java.lang.RuntimePermission "setFactory";
permission java.lang.RuntimePermission "accessClassInPackage.*";
permission java.util.logging.LoggingPermission "control";
permission java.lang.RuntimePermission "shutdownHooks";
permission javax.security.auth.AuthPermission "insertProvider.Mozilla-JSS";
permission java.security.SecurityPermission "putProviderProperty.Mozilla-JSS";
permission javax.security.auth.AuthPermission "getLoginConfiguration";
permission javax.security.auth.AuthPermission "setLoginConfiguration";
permission javax.security.auth.AuthPermission "modifyPrincipals";
permission javax.security.auth.AuthPermission "createLoginContext.*";
permission java.security.SecurityPermission "insertProvider.Mozilla-JSS";
permission javax.security.auth.AuthPermission "putProviderProperty.Mozilla-JSS";
permission java.io.FilePermission "ALL FILES", "execute,delete";
permission java.io.FilePermission "$VAR_SUBDIR/logs/*", "delete,write";
permission java.util.PropertyPermission "java.util.logging.config.class", "write";
permission java.security.SecurityPermission "removeProvider.SUN";
permission java.security.SecurityPermission "insertProvider.SUN";
permission java.security.SecurityPermission "removeProvider.Mozilla-JSS";
permission javax.security.auth.AuthPermission "doAs";
permission java.util.PropertyPermission "java.security.krb5.realm", "write";
permission java.util.PropertyPermission "java.security.krb5.kdc", "write";
permission java.util.PropertyPermission "java.security.auth.login.config", "write";
permission javax.security.auth.kerberos.ServicePermission "*", "accept";
permission javax.net.ssl.SSLPermission "setHostnameVerifier";
};
Modifications to server.policy are made as follows:
Table A–1 server.policy Modifications After Installation|
Replaceable Content |
Default Value |
|---|---|
|
$BASEDIR |
/opt |
|
$PROD_DIR |
SUNWam |
|
$AS81_VARDIR |
/var/opt/SUNWappserver |
|
$AS81_DOMAIN |
domain1 |
|
$VAR_SUBDIR |
/var/opt/SUNWam |
|
$DEPLOY_WARPREFIX |
federation |
- © 2010, Oracle Corporation and/or its affiliates