test

Sun OpenSSO Enterprise 8.0 Upgrade Guide

Configuring Open SSO Enterprise 8.0 Against the Existing Access Manager or Federation Manager Schema

After you deploy the OpenSSO Enterprise WAR, configure the new OpenSSO Enterprise instance against the existing Access Manager or Federation Manager schema using the Configurator.

Note –

You can also use command-line configuration as described in Chapter 5, Configuring OpenSSO Enterprise Using the Command-Line Configurator, in Sun OpenSSO Enterprise 8.0 Installation and Configuration Guide.

ProcedureTo Configure OpenSSO Enterprise Against the Existing Access Manager or Federation Manager Schema

Before You Begin

This procedure assumes you have deployed the OpenSSO Enterprise WAR.

  1. Launch the GUI Configurator by entering the OpenSSO Enterprise URL in your browser.

    Use the format protocol://server-host:server-port/deployuri. For example: http://abc.example.com:8080/amserver.

  2. On the Configuration Options page, click Create New Configuration.

  3. On the Default User Password page, enter and confirm the amAdmin password.

    Use the same password as the one defined for the Access Manager or Federation Manager instance you are upgrading.

  4. Click Next to continue.

  5. On the Server Settings page, enter values for the following:

    • Server URL: Use the same value as the one defined for the Access Manager or Federation Manager instance you are upgrading

    • Cookie Domain: Use the same value as the one defined for the Access Manager or Federation Manager instance you are upgrading

    • Platform Locale: Use the same value as the one defined for the Access Manager or Federation Manager instance you are upgrading

    • Configuration Directory: Use the default value (/opensso) or specify another value.

  6. Click Next to continue.

  7. On the Configuration Data Store Settings, do the following:

    1. Check First Instance.

    2. For Configuration Data Store, check Sun Java System Directory Server.

    3. Specify the following Directory Server values from the existing Access Manager or Federation Manager instance:

      • SSL Enabled: Disable for the upgrade process.

      • Host Name

      • Port

      • Encryption Key

      • Root Suffix: Enter the root suffix defined by the installation of the older version being replaced.

      • Login ID: Directory Server Administrator DN

      • Password: Directory Server Administrator password

  8. Click Next to continue.

  9. On the User Data Store Settings page, do the following:

    Click Use Other User Data Store to specify Sun Java System Directory Server and specify the Directory Server values from the existing Access Manager or Federation Manager instance:

    • SSL Enabled: Disable for the upgrade process.

    • Directory Name: In this example, it is the same as the Host Name without the domain qualifiers.

    • Port:

    • Root Suffix: Use a different root from the one defined for the Configuration Data Store.

    • Login ID: Directory Server Administrator DN

    • Password: Directory Server Administrator password

    • User Data Store Type: Check LDAP with OpenSSO Schema

  10. Click Next to continue.

  11. On the Site Configuration page, check No and click Next to continue.

  12. On the Default Policy Agent User page, enter and confirm the password for the Policy Agent user.

    The default Policy Agent user is UrlAccessAgent. The password is usually the same as the password of amldapuser.

  13. Click Next to continue.

  14. Verify that the Configuration Summary Details are correct and click Create Configuration.

    When the configuration is complete, the Configurator displays a link to redirect you to the OpenSSO Enterprise administration console.

  15. Log in to the OpenSSO Enterprise Administration Console as amadmin using the Data Store authentication module and the password specified during configuration.

    The URL to access the Data Store authentication module is formatted as http://host:port/deployURI/UI/Login?module=DataStore. At this point, OpenSSO Enterprise is running against the existing Access Manager or Federation Manager schema (or DIT), which is known as coexistence mode.

    Tip –

    If upgrading from Legacy mode to Realm mode, a login at this point will fail. You should skip this step and login after completing Upgrading the Existing Access Manager or Federation Manager Schema.