Sun ONE logo      Previous      Contents      Index      Next     

Sun ONE Identity Server Customization and API Guide

Appendix D
Notification Service

Sun ONE Identity Server Notification Service allows for session notifications to be sent to remote web containers. It is necessary to enable this service for use by SDK applications running remotely from the Identity Server server itself. This chapter explains how to enable a remote web container to receive the notifications. It contains the following sections:


The Notification Service allows for session notifications to be sent to web containers that are running the Identity Server SDK remotely. The notifications apply to the Session, Policy and Naming Services only. In addition, the remote application must be running in a web container. The purpose of the notifications would be:

Enabling The Notification Service

Following are the steps to configure the remote SSO SDK to receive session notifications. Setting up clients to receive notifications

  1. Install Identity Server on Machine 1.
  2. Install Sun ONE Web Server on Machine 2.
  3. Install the SUNWamsdk on the same machine as the Web Server.
  4. For instructions on installing the Identity Server SDK remotely, see the Sun Java™ Enterprise System 2003Q4 Installation Guide.

  5. Ensure that the following are true concerning the machine where the SDK is installed.
    1. Ensure that the right access permissions are set for the /remote_SDK_server/SUNWam/lib and /remote_SDK_server/SUNWam/locale directories on the server where the SDK is installed.
    2. These directories contains the files and jars on the remote server.

    3. Ensure that the following permissions are set in the Grant section of the server.policy file of the Web Server.
    4. server.policy is in the config directory of the Web Server installation. These permissions can be copied and pasted, if necessary:

      permission "putProviderProperty.Mozilla-JSS"

      permission "insertProvider.Mozilla-JSS";

    5. Ensure that the correct classpath is set in server.xml.
    6. server.xml is also in the config directory of the Web Server installation. A typical classpath would be:

      <JAVA javahome="/export/home/ws61/bin/https/jdk" serverclasspath="/export/home/ws61/bin/https/jar/webserv-rt.jar:${java.home}/lib/tools.jar:/export/home/ws61/bin/https/jar/webserv-ext.jar:/export/home/ws61/bin/https/jar/webserv-jstl.jar:/export/home/ws61/bin/https/jar/nova.jar" classpathsuffix="::/IS_CLASSPATH_BEGIN_DELIM://usr/share/lib/xalan.jar:/export/SUNWam/lib/xmlsec.jar://usr/share/lib/xercesImpl.jar://usr/share/lib/sax.jar://usr/share/lib/dom.jar:/export/SUNWam/lib/dom4j.jar:/export/SUNWam/lib/jakarta-log4j-1.2.6.jar:/usr/share/lib/jaxm-api.jar:/usr/share/lib/saaj-api.jar://usr/share/lib/jaxrpc-api.jar://usr/share/lib/jaxrpc-impl.jar:/export/SUNWam/lib/jaxm-runtime.jar:/usr/share/lib/saaj-impl.jar:/export/SUNWam/lib:/export/SUNWam/locale://usr/share/lib/mps/jss3.jar:/export/SUNWam/lib/am_sdk.jar:/export/SUNWam/lib/am_services.jar:/export/SUNWam/lib/am_sso_provider.jar:/export/SUNWam/lib/swec.jar:/export/SUNWam/lib/acmecrypt.jar:/export/SUNWam/lib/iaik_ssl.jar://usr/share/lib/jaxp-api.jar://usr/share/lib/mail.jar://usr/share/lib/activation.jar:/export/SUNWam/lib/servlet.jar:/export/SUNWam/lib/am_logging.jar:/usr/share/lib/commons-logging.jar:/IS_CLASSPATH_END_DELIM:" envclasspathignored="true" debug="false" debugoptions="-Xdebug -Xrunjdwp:transport=dt_socket,server=y,suspend=n" javacoptions="-g" dynamicreloadinterval="2">

  6. Use the SSO samples installed on the remote SDK server for confiugration purposes.
    1. Change to the /remote_SDK_server/SUNWam/samples/sso directory.
    2. Run gmake.
    3. Copy the generated class files from /remote_SDK_server/SUNWam/samples/sso to /remote_SDK_server/SUNWam/lib/.
  7. Copy the encryption value of am.encryption.pwd from the file installed with Identity Server to the file on the remote server to which the SDK was installed.
  8. The value of am.encryption.pwd is used for encrypting and decrypting passwords.

  9. Login into Identity Server as amadmin.
  10. http://identity_server_host:3000/amconsole

  11. Execute the servlet by entering http://remote_SDK_host:58080/servlet/SSOTokenSampleServlet into the browser location field and validating the SSOToken.
  12. SSOTokenSampleServlet is used for validating a session token and adding a listener. Executing the servlet will print out the following message:

    SSOToken host name: SSOToken Principal name: uid=amAdmin,ou=People,dc=red,dc=iplanet,dc=com Authentication type used: LDAP IPAddress of the host: The token id is AQIC5wM2LY4SfcyURnObg7vEgdkb+32T43+RZN30Req/BGE= Property: Company is - Sun Microsystems Property: Country is - USA SSO Token Validation test Succeeded

  13. Set the property in of the remote machine as follows:

  15. Restart the Web Server.
  16. Login into Identity Server as amadmin.
  17. http://identity_server_host:3000/amconsole

  18. Execute the servlet by entering http://remote_SDK_host:58080/servlet/SSOTokenSampleServlet into the browser location field and validating the SSOToken again.
  19. When the machine on which the remote SDK is running receives the notification, it will call the respective listener when the session state is changed.

Previous      Contents      Index      Next     

Copyright 2003 Sun Microsystems, Inc. All rights reserved.