The Client SDK includes the Java packages, classes, and configuration properties that you can use to enhance remote, standalone or web applications with the ability to access OpenSSO Enterprise. The Client SDK allows an application to use services such as authentication, SSO, authorization, auditing, logging, and the Security Assertion Markup Language (SAML). It also includes samples that you can run to help understand and develop code.
The Client SDK is not for use by applications that perform policy management or identity management (which includes the creation and deletion of entries).
From a deployment point of view, the Client SDK offers the following:
The Client SDK communicates directly with OpenSSO Enterprise server using XML (SOAP) over HTTP or HTTPS. In turn, OpenSSO Enterprise server communicates directly with the data stores.
The Client SDK does not require administrator credentials.
An application using the Client SDK can be deployed in a demilitarized zone (DMZ), with a firewall between the application and OpenSSO Enterprise server.
The Client SDK includes samples to show how it can be used.
The Client SDK includes these packages:
com.iplanet.am.sdk
com.iplanet.am.util
com.iplanet.sso
com.sun.identity.authentication
com.sun.identity.federation
com.sun.identity.idm
com.sun.identity.liberty.ws
com.sun.identity.log
com.sun.identity.policy
com.sun.identity.policy.client
com.sun.identity.saml
com.sun.identity.saml2
com.sun.identity.smt
com.sun.identity.xacml
com.sun.identity.wss
For a description of these packages, see the Sun OpenSSO Enterprise 8.0 Java API Reference. A complete listing of the classes that comprise the Client SDK can be found in the ClientSDKClasses file available on the OpenSSO web site. Samples and source code are also included to help developers understand how the Client SDK can best be implemented.
It is recommended that you do not use the com.iplanet.am.sdk, com.iplanet.am.util, com.sun.identity.policy, and com.sun.identity.sm packages directly.
The requirements to use the Client SDK include:
Access to OpenSSO Enterprise running on a remote server. You will need the following information about this remote installation:
Protocol (http or https) used by web container instance on which the OpenSSO Enterprise server is deployed.
Fully qualified domain name (FQDN) of the host where the OpenSSO Enterprise server is deployed.
Port on which the OpenSSO Enterprise server is running.
Deployment URI for the OpenSSO Enterprise server (default is opensso)
Default Agent user (UrlAccessAgent) password that you entered when you ran the OpenSSO Enterprise Configurator.
If you are writing a web application, you will need a web container supported by OpenSSO Enterprise. For the list of supported web containers, see the Chapter 2, Deploying the OpenSSO Enterprise Web Container, in Sun OpenSSO Enterprise 8.0 Installation and Configuration Guide.
You can use the Client SDK to:
Build a proprietary application framework in which the Client SDK is a part. The Client SDK features can allow independence from policy agents.
Access profile data, for purposes of authentication and authorization, beyond the default OpenSSO Enterprise capability.
Allow authenticated and non-authenticated users access to a login process with a registration option that, if accepted, would create a user account.