Sun OpenSSO Enterprise 8.0 Integration Guide

Procedure To Provision a Test Role From Identity Manager Into OpenSSO Enterprise

Before You Begin

In the OpenSSO Enterprise console, in the data store configuration page for the realm or sub-realm into which you will be provisioning the role, for the property LDAP Roles Attributes, add cn to the list of values.

The cn attribute is not defined as an attribute for the IdType.ROLE in the Data Store configuration by default. This attribute is set, when the role is provisioned to OpenSSO Enterprise. If the cn attribute is not already defined, Identity Manager shows the following error on the Identity Manager administrator interface:

Error creating object 'idmsrtestrole5'. 
Error setting attributes for 'idmsrtestrole5' 
Illegal arguments: One or more required arguments is null or empty
  1. Log in to the Identity Manager administrator interface using the following credentials:

    User Name:




  2. Navigate to the tab Resources | List Resources.

  3. Expand the branch for the Sun Access Manager Realm entry.

  4. Mark the checkbox in front of the SunAccessManagerRealm entry.

  5. Choose the option Resource Actions | Create Resource Object.

  6. In the New Resource Object page, select Role from the dropdown box, and click New.

    In the next page:

    1. Enter the name of the role as idm_users.

    2. Assign the user idmuser to this role.

  7. Click Save.

  8. In the Create Role Results page, click OK.

    The Resource List page is displayed, and contains a list with the role idm_users created when you expand the SunAccessManagerRealm branch.

  9. Log out from the Identity Manager administrator interface.