Configuration Data

The default configuration of OpenSSO Enterprise creates a branch in a fresh installation of a configuration data store for storing service configuration data and other information pertinent to the server's operation. OpenSSO Enterprise components and plug-ins access the configuration data and use it for various purposes including:

• Accessing policy data for policy evaluation.

• Finding location information for identity data stores and OpenSSO Enterprise services.

• Retrieving authentication configuration information that define how users and groups authenticate.

• Finding which partner servers can send trusted SAML assertions.

OpenSSO Enterprise supports Sun Java System Directory Server and the open source OpenDS as configuration data stores. Flat files (supported in previous versions of the product) are no longer supported but configuration data store failover is — using replication. Figure 2–14 illustrates how configuration data in the configuration data store is accessed.

Figure 2–14 Accessing Configuration Data

Previous releases of Access Manager and Federation Manager stored product configuration data in a property file named AMConfig.properties that was installed local to the product instance directory. This file is deprecated for OpenSSO Enterprise on the server side although still supported for agents on the client side. See the Sun OpenSSO Enterprise 8.0 Installation and Configuration Guide for more information.

Configuration data comprises the attributes and values in the OpenSSO Enterprise configuration services, as well as default OpenSSO Enterprise users like amadmin and anonymous. Following is a partial listing of the XML service files that contribute to the data. They can be found in the path-to-context-root/opensso/WEB-INF/classes directory.

The data in this node branch is private and is mentioned here for information purposes only.

• AgentService.xml

• amAdminConsole.xml

• amAgent70.xml

• amAuth.xml

• amAuth-NT.xml

• amAuthAD.xml

• amAuthAnonymous.xml

• amAuthCert.xml

• amAuthConfig.xml

• amAuthDataStore.xml

• amAuthHTTPBasic.xml

• amAuthJDBC.xml

• amAuthLDAP.xml

• amAuthMSISDN.xml

• amAuthMembership.xml

• amAuthNT.xml

• amAuthRADIUS.xml

• amAuthSafeWord-NT.xml

• amAuthSafeWord.xml

• amAuthSecurID.xml

• amAuthWindowsDesktopSSO.xml

• amClientData.xml

• amClientDetection.xml

• amConsoleConfig.xml

• amDelegation.xml

• amEntrySpecific.xml

• amFilteredRole.xml

• amG11NSettings.xml

• amLogging.xml

• amNaming.xml

• amPasswordReset.xml

• amPlatform.xml

• amPolicy.xml

• amPolicyConfig.xml

• amRealmService.xml

• amSession.xml

• amUser.xml

• amWebAgent.xml

• idRepoEmbeddedOpenDS.xml

• idRepoService.xml

• identityLocaleService.xml

• ums.xml

By default, the OpenSSO Enterprise configuration data is created and maintained in the configuration data store apart from any identity data. Although users can be created in the configuration data store this is only recommended for demonstrations and development environments.

For more information, see Configuration Data Store.