Sun OpenSSO Enterprise 8.0 Developer's Guide

Customizing the Distributed Authentication User Server Interface

A Sun OpenSSO Enterprise Distributed Authentication UI server provides for secure, distributed authentication across two firewalls in an OpenSSO Enterprise deployment. You install the Distributed Authentication UI server subcomponent on a web container on one or more servers within the DMZ layer of the OpenSSO Enterprise deployment. This subcomponent acts as an authentication interface between end users and the OpenSSO Enterprise instances behind the second firewall, thus eliminating the exposure of the OpenSSO Enterprise service URLs to the end users.

The remote Distributed Authentication UI server subcomponent uses authentication client APIs and utility classes to authenticate users. The subcomponent uses a customizable JATO presentation framework.

You can modify the JSP templates and module configuration properties files to reflect branding and specific functionality for the following:


Organization or sub-organization of the request.


Locale of the request.

Client Path

Client type information of the request.

Service Name (serviceName)

Service name for service-based authentication.

For background information about a Distributed Authentication UI server, see the Sun OpenSSO Enterprise 8.0 Installation and Configuration Guide.

ProcedureTo Customize the Distributed Authentication Server User Interface

In this procedure, you will create a Distributed Authentication Server UI WAR file from opensso.war and then customize the new WAR file.

  1. Make sure that your JAVA_HOME environment variable points to a JDK of version 1.5 or later.

  2. If necessary, download and unzip the file.

    The opensso.war file is then in the zip-root/opensso/deployable-war directory, where zip-root is where you unzipped the file.

  3. Create a new staging directory to extract the files from opensso.war. For example:

    # mkdir opensso-staging
  4. In the staging directory, extract the files from opensso.war. For example:

    # cd opensso-staging
    # jar xvf zip-root/opensso/deployable-war/opensso.war
  5. Create the Distributed Authentication UI server WAR using the files in fam-distauth.list:

    # cd opensso-staging
    # jar cvf zip-root/opensso/deployable-war/distauth.war \

    where distauth.war is the name of the new Distributed Authentication UI server WAR file.

    Note: Some web containers require the Distributed Authentication WAR file name to use the same name as the deployment URI.

  6. Update the WAR file created in previous step with the additional files required for the Distributed Authentication UI server. For example:

    # cd zip-root/opensso/deployable-war/distauth
    # jar uvf zip-root/opensso/deployable-war/distauth.war *

    You are now ready to customize the new distauth.war.

  7. Create a new directory to explode your new distauth.war. For example:

    # mkdir distauth-staging

  8. Explode the new Distributed Authentication User Interface WAR in the staging directory you created in the previous step. For example:

    # cd distauth-staging
    # jar xvf zip-root/opensso/deployable-war/distauth.war
  9. Create a new directory for your customized files. For example:

    # cd distauth-staging/config/auth
    # mkdir custdaui

    Use the following form:



    orgPath = subOrg1/subOrg2
            filePath = clientPath + serviceName
            clientPath = clientType/sub-clientType

    The following items are optional: Sub-org, Locale , Client Path , and Service Name . In the following example, orgPath and filePath are optional.

    For example, given the following:

    org = iplanet
    locale = en
    subOrg = solaris
    clientPath = html/company/
    serviceName = paycheck

    The appropriate directory paths for the above are:

  10. Change to the directory where the JSP and XML files are stored, and copy the JSP and authentication module configuration (XML) files from the default directory to the new directory.

    #cd distauth-staging/config/auth/default
    cp *.jsp distauth-staging/config/auth/custdaui
    cp *.xml distauth-staging/config/auth/custdaui
  11. Customize the following files in the custdaui directory, as required for your deployment:

  12. Update the WAR file with the customized files:

    # cd distauth-staging/config/auth/custdaui
    # jar uvf zip-root/opensso/deployable-war/distauth.war *

    You are now ready to deploy the customized distauth.war file.

Next Steps

To deploy and configure the customized Distributed Authentication User Interface server WAR file, see Chapter 8, Deploying a Distributed Authentication UI Server, in Sun OpenSSO Enterprise 8.0 Installation and Configuration Guide.