Deployment Example: Single Sign-On, Load Balancing and Failover Using Sun OpenSSO Enterprise 8.0

Previous: Part II Building the Environment

Part III Reference: Summaries of Server and Component Configurations

This final section of Deployment Example: Single Sign-On, Load Balancing and Failover Using Sun OpenSSO Enterprise 8.0 contains component descriptions and configurations for the software and hardware used.

Note –

The BIG-IP load balancer login page and configuration console for all load balancers in this deployment example is accessed from the URL, is-f5.example.com.

Login: username
Password: password

Appendix A Directory Server Host Machines, Test Users and Load Balancer

This appendix collects the information regarding the Directory Server instances. It contains the following tables:

Table A–1 Sun Java System Directory Server 1 Host Machine


Components	Description
Host Name	ds–1.example.com
Installation Directory	/var/opt/mps/serverroot/
Administrator User	cn=Directory Manager
Administrator Password	dsmanager
User Data Instance	Instance Name	am-users
	Instance Directory	/var/opt/mps/am-users
	Port Number	1489 (LDAP) 1736 (LDAPS)
	Base Suffix	dc=company,dc=com
	Users Suffix	ou=users,dc=company,dc=com
	Administrative User	cn=Directory Manager
	Administrative User Password	dsmanager
	Replication Manager	cn=replication manager,cn=replication,cn=config
	Replication Manager Password	replmanager

Table A–2 Sun Java System Directory Server 2 Host Machine


Component	Description
Host Name	ds–2.example.com
Installation Directory	/var/opt/mps/serverroot/
Administrator User	cn=Directory Manager
Administrator Password	dsmanager
User Data Instance	Instance Name	am-users
	Instance Directory	/var/opt/mps/am-users
	Port Number	1489 (LDAP) 1736 (LDAPS)
	Base Suffix	dc=company,dc=com
	Users Suffix	ou=users,dc=company,dc=com
	Administrative User	cn=Directory Manager
	Administrative User Password	dsmanager
	Replication Manager	cn=replication manager,cn=replication,cn=config
	Replication Manager Password	replmanager

Table A–3 Load Balancer for Directory Server Host Machines


Component	Description
URL	lb-1.example.com
Method	Round Robin
Protected Servers	ds-1.example.com:1736 ds-2.example.com:1736
Virtual Servers	lb-1.example.com:489
Monitors	ds-1.example.com:1736 ds-2.example.com:1736

Table A–4 User Test Entries


UserID	Description
testuser1	Password	password
	DN	uid=testuser1,ou=users,dc=company,dc=com
testuser2	Password	password
	DN	uid=testuser2,ou=users,dc=company,dc=com

Appendix B OpenSSO Enterprise Host Machines and Load Balancer

This appendix collects the information regarding the OpenSSO Enterprise host machines. It contains the following tables:

Table B–1 OpenSSO Enterprise 1 Host Machine


Component	Description
Host Name	osso-1.example.com
Non-Root User	osso80adm
Non-Root User Password	nonroot1pwd
Sun Java System Application Server Administrative Server	Installation Directory	/opt/SUNWappserver91
	Administrative User	admin
	Administrative User Password	domain1pwd
	Ports	4848 (administration) 8080 (HTTP) 8181 (HTTPS)
	Default Domain Name	domain1
	Administrative Console URL	http://osso–1.example.com:4848
Sun Java System Application Server Non-Root User Domain	Name	ossodomain
	Directory	/export/osso80adm/domains/
	Administrative User	domain2adm
	Administrative User Password	domain2pwd
	Master Password	domain2master
	Ports	8989 (administration) 1080 (HTTP) 1081 (HTTPS)
	Administrative Console URL	http://osso–1.example.com:8989
OpenSSO Enterprise	Administrative User	amadmin
	Administrative User Password	ossoadmin
	Configuration Data Store	Embedded
	User Data Store	lb-1.example.com:489
	Agent User	agentuser
	Agent User Password	agentuser
	Administrative Console URL	https://osso–1.example.com:1081/opensso/console

Table B–2 OpenSSO Enterprise 2 Host Machine


Component	Description
Host Name	osso-2.example.com
Non-Root User	osso80adm
Non-Root User Password	nonroot2pwd
Sun Java System Application Server Administrative Server	Installation Directory	/opt/SUNWappserver91
	Administrative User	admin
	Administrative User Password	domain1pwd
	Ports	4848 (administration) 8080 (HTTP) 8181 (HTTPS)
	Default Domain Name	domain1
	Administrative Console URL	http://osso–2.example.com:4848
Sun Java System Application Server Non-Root User Domain	Name	ossodomain
	Directory	/export/osso80adm/domains/
	Administrative User	domain2adm
	Administrative User Password	domain2pwd
	Master Password	domain2master
	Ports	8989 (administration) 1080 (HTTP) 1081 (HTTPS)
	Administrative Console URL	http://osso–2.example.com:8989
OpenSSO Enterprise	Administrative User	amadmin
	Administrative User Password	ossoadmin
	Configuration Data Store	Embedded
	User Data Store	lb-1.example.com:489
	Agent User	agentuser
	Agent User Password	agentuser
	Administrative Console URL	https://osso–2.example.com:1081/opensso/console

Table B–3 Load Balancer for OpenSSO Enterprise Host Machines


Component	Description
URL	lb-2.example.com
Method	Round Robin
Protected Servers	osso-1.example.com:1081 osso-2.example.com:1081
Virtual Servers	lb-2.example.com:489
Monitors	osso-1.example.com:1081 osso-2.example.com:1081
Cookie Name	amlbcookie

Appendix C OpenSSO Enterprise Distributed Authentication User Interface Host Machines and Load Balancer

This appendix collects the information regarding the instances of the OpenSSO Enterprise Distributed Authentication User Interface. It contains the following tables:

Table C–1 Distributed Authentication User Interface Host Machine 1


Component	Description
Host Name	da-1.example.com
Non-Root User	da80adm
Non-Root User Password	da80a6m
Sun Java System Web Server Administration Server	Installation Directory	/opt/SUNWwbsvr/
	Default Administration Directory	/opt/SUNWwbsvr/admin-server
	Default Administrator	admin
	Default Administrator Password	web4dmin
	Runtime User ID	da80adm
	Ports	8989 (SSL) 1080 (HTTP)
Sun Java System Web Server Instance	Instance Name	da-1.example.com
	Instance Directory	/opt/SUNWwbsvr/https-da-1.example.com
	Port	1080 (HTTP) 1443 (SSL)
	Service URL	http://da-1.example.com:1080 https://da-1.example.com:1443
Distributed Authentication User Interface	Server Protocol	https
	Server Host	lb-2.example.com
	Server Port	1081
	Server Deployment URI	opensso
	distAuth Protocol	http https
	distAuth Host	da–1.example.com
	distAuth Port	1080 (HTTP) 1443 (SSL)
	distAuth Deployment URI	distAuth
	distAuth Cookie Name	AMDistAuthCookie
	Application User Name	authuiadmin
	Application User Password	authuiadmin

Table C–2 Distributed Authentication User Interface Host Machine 2


Component	Description
Host Name	da-2.example.com
Non-Root User	da80adm
Non-Root User Password	da80a6m
Sun Java System Web Server Administration Server	Installation Directory	/opt/SUNWwbsvr/
	Default Administration Directory	/opt/SUNWwbsvr/admin-server
	Default Administrator	admin
	Default Administrator Password	web4dmin
	Runtime User ID	da80adm
	Ports	8989 (SSL) 1080 (HTTP)
Sun Java System Web Server Instance	Instance Name	da-2.example.com
	Instance Directory	/opt/SUNWwbsvr/https-da-2.example.com
	Port	1080 (HTTP) 1443 (SSL)
	Service URL	http://da-2.example.com:1080 https://da-2.example.com:1443
Distributed Authentication User Interface	Server Protocol	https
	Server Host	lb-2.example.com
	Server Port	1081
	Server Deployment URI	opensso
	distAuth Protocol	http https
	distAuth Host	da–2.example.com
	distAuth Port	1080 (HTTP) 1443 (SSL)
	distAuth Deployment URI	distAuth
	distAuth Cookie Name	AMDistAuthCookie
	Application User Name	authuiadmin
	Application User Password	authuiadmin

Table C–3 Load Balancer for the Distributed Authentication User Interface Host Machines


Component	Description
URL	lb-3.example.com
Method	Round Robin
Protected Servers	da-1.example.com:1443 da-2.example.com:1443
Virtual Servers	lb-3.example.com:1443
Monitors	da-1.example.com:1443 da-2.example.com:1443
Cookie Name	DistAuthLBCookie
OpenSSO Enterprise Agent Profile	authuiadmin
OpenSSO Enterprise Agent Profile Password	authuiadmin

Appendix D Protected Resource Host Machine Web Containers, Policy Agents and Load Balancers

This appendix collects the information regarding the web containers and policy agents installed on the Protected Resource host machines. It contains the following tables:

Table D–1 Protected Resource 1 Host Machine


Component	Description
Host Name	pr-1.example.com
BEA WebLogic Server Administration Server	Home Directory	/usr/local/bea
	Installation Directory	/usr/local/bea/weblogic10
	Domain Directory	/usr/local/bea/user_projects/domains/pr-1
	Administration Server Directory	/usr/local/bea/user_projects/domains/pr-1/servers/AdminServer
	Administrator	weblogic
	Administrator Password	bea10admin
	Port	7001
	Administration Console URL	http://pr-1.example.com:7001/console
BEA WebLogic Server Managed Server	Managed Server Directory	/usr/local/bea/user_projects/domains/pr-1/servers/ApplicationServer-1
	Port	1081
	OpenSSO Enterprise URL	https://lb-2.example.com:1081/opensso
	Distributed Authentication User Interface URL	https://lb-3.example.com:1443/distAuth/UI/Login
J2EE Policy Agent for BEA WebLogic Server	J2EE Agent Profile Name	j2eeagent–1
	J2EE Agent Profile Password	j2eeagent1
	J2EE Agent URL	http://pr-1.example.com:1081/agentapp
Sun Java System Web Server Administration Server	Installation Directory	/opt/SUNWwbsvr/
	Default Administration Directory	/opt/SUNWwbsvr/admin-server
	Default Administrator	admin
	Default Administrator Password	web4dmin
	Runtime User ID	root
	Ports	8989 (SSL) 1080 (HTTP)
Sun Java System Web Server Instance	Instance Name	pr-1.example.com
	Instance Directory	/opt/SUNWwbsvr/https-pr-1.example.com
	Port	1080
	Service URL	http://pr-1.example.com:1080
Web Policy Agent for Sun Java System Web Server	Web Agent Profile Name	webagent-1
	Web Agent Profile Password	webagent1

Table D–2 Protected Resource 2 Host Machine


Component	Description
Host Name	pr-2.example.com
BEA WebLogic Server Administration Server	Home Directory	/usr/local/bea
	Installation Directory	/usr/local/bea/weblogic10
	Domain Directory	/usr/local/bea/user_projects/domains/pr-2
	Administration Server Directory	/usr/local/bea/user_projects/domains/pr-2/servers/AdminServer
	Administrator	weblogic
	Administrator Password	bea10admin
	Port	7001
	Administration Console URL	http://pr-2.example.com:7001/console
BEA WebLogic Server Managed Server	Managed Server Directory	/usr/local/bea/user_projects/domains/pr-2/servers/ApplicationServer-2
	Port	1081
	OpenSSO Enterprise URL	https://lb-2.example.com:1081/opensso
	Distributed Authentication User Interface URL	https://lb-3.example.com:1443/distAuth/UI/Login
J2EE Policy Agent for BEA WebLogic Server	J2EE Agent Profile Name	j2eeagent–2
	J2EE Agent Profile Password	j2eeagent2
	J2EE Agent URL	http://pr-2.example.com:1081/agentapp
Sun Java System Web Server Administration Server	Installation Directory	/opt/SUNWwbsvr/
	Default Administration Directory	/opt/SUNWwbsvr/admin-server
	Default Administrator	admin
	Default Administrator Password	web4dmin
	Runtime User ID	root
	Ports	8989 (SSL) 1080 (HTTP)
Sun Java System Web Server Instance	Instance Name	pr-2.example.com
	Instance Directory	/opt/SUNWwbsvr/https-pr-2.example.com
	Port	1080
	Service URL	http://pr-2.example.com:1080
Web Policy Agent for Sun Java System Web Server	Web Agent Profile Name	webagent-2
	Web Agent Profile Password	webagent2

Table D–3 Load Balancer for the Web Policy Agents


Component	Description
URL	lb-4.example.com
Method	Round Robin
Protected Servers	pr-1.example.com:1080 pr-2.example.com:1080
Virtual Servers	lb-4.example.com:90
Monitors	pr-1.example.com:1080 pr-2.example.com:1080

Table D–4 Load Balancer for the J2EE Policy Agents


Component	Description
URL	lb-5.example.com
Method	Round Robin
Protected Servers	pr-1.example.com:1081 pr-2.example.com:1081
Virtual Servers	lb-5.example.com:91
Monitors	pr-1.example.com:1081 pr-2.example.com:1081

Appendix E Message Queue Servers

This appendix collects the information regarding the Message Queue host machines. It contains the following tables:

Table E–1 Message Queue 1 Host Machine


Component	Description
Host Name	mq-1.example.com
Sun Java System Message Queue	Session Tools Scripts Directory	/export/SFO/ssoSessionTools/opensso
	Message Queue Directory	/export/SFO/ssoSessionTools/jmq
	Berkeley Database Directory	/tmp/amsession/sessiondb
Message Queue Broker Instance	Name	msgqbroker
	Port	7777
	Instance User	msgquser
	Instance User Password	m5gqu5er
	Database URL	http://mq-1.example.com:7777

Table E–2 Message Queue 2 Host Machine


Component	Description
Host Name	mq-2.example.com
Sun Java System Message Queue	Session Tools Scripts Directory	/export/SFO/ssoSessionTools/opensso
	Message Queue Directory	/export/SFO/ssoSessionTools/jmq
	Berkeley Database Directory	/tmp/amsession/sessiondb
Message Queue Broker Instance	Name	msgqbroker
	Port	7777
	Instance User	msgquser
	Instance User Password	m5gqu5er
	Database URL	http://mq-2.example.com:7777

Appendix F Known Issues and Limitations

The issues in this appendix will be updated as more information becomes available.

Table F–1 Known Issues and Limitations


Reference Number	Description
4510	Creating a non-root domain Shows a FileNotFoundException For more information, see Issue 4510 on `https://glassfish.dev.java.net/`.

Previous: Part II Building the Environment