7.4 Creating an Agent Profile with Custom User for the Distributed Authentication User Interface

Before installing and configuring the Distributed Authentication User Interface, create an agent profile with the OpenSSO Enterprise console. This agent profile allows OpenSSO Enterprise to store authentication and configuration information regarding the Distributed Authentication User Interface. The agent profile will be stored in the configuration data store.

Although the Distributed Authentication User Interface is not an agent, it acts on behalf of OpenSSO Enterprise and therefore must have its own agent profile. This agent profile will be used by the Distributed Authentication User Interface to authenticate itself to OpenSSO Enterprise.

Use the following list of procedures as a checklist for completing this task.

• To Create an Agent Profile with Custom User for the Distributed Authentication User Interface

• To Verify that authuiadmin Was Created in Directory Server

To Create an Agent Profile with Custom User for the Distributed Authentication User Interface

The creation of the agent profile also creates a custom user that allows the Distributed Authentication User Interface to log into the OpenSSO Enterprise server. authuiadmin is the custom user created.

1. Access https://osso-1.example.com:1081/opensso/console from a web browser.

2. Log in to the OpenSSO Enterprise console as the administrator.

   User Name:

   amadmin

   Password:

   ossoadmin

3. Under the Access Control tab, click / (Top Level Realm).

4. Click the Agents tab.

5. Click the 2.2 Agent tab.

6. Click New to create a new agent profile.

   The New Agent properties page is displayed.

7. Type the following values and click Create.

   Name

   authuiadmin

   Password

   authuiadmin

   Password (confirm)

   authuiadmin

   authuiadmin is displayed in the list of Agent names.

8. Log out of the console.

To Verify that authuiadmin Was Created in Directory Server

This is an optional, verification step.

1. Log in to either of the OpenSSO Enterprise host machines.

2. Run ldapsearch to verify that the authuiadmin entry was successfully created.

   # cd /var/opt/mps/serverroot/dsrk6/bin # ./ldapsearch -b "dc=opensso,dc=java,dc=net" -h osso-1.example.com -p 50389 -D "cn=Directory Manager" -w dsmanager "ou=authuiadmin" version: 1 dn: ou=authuiadmin,ou=default,ou=OrganizationConfig, ou=1.0,ou=AgentService,ou=services,dc=opensso,dc=java,dc=net objectClass: top objectClass: sunServiceComponent sunserviceID: 2.2_Agent ou: authuiadmin sunKeyValue: userpassword=AQICrLO+CuXkZFllnTO/ISfA5UjKea1 yVhgLpDj5QtqeiR/gWRF6w45Blh+hBjQfly7u sunKeyValue: sunIdentityServerDeviceStatus=Active sunKeyValue: sunIdentityServerDeviceKeyValue= sunKeyValue: description= sunsmspriority: 0

3. Log out of the OpenSSO Enterprise host machine.

4. Access https://osso-1.example.com:1081/opensso/UI/Login from a web browser.

5. Log in to the OpenSSO Enterprise console as the agent user.

   User Name:

   authuiadmin

   Password:

   authuiadmin

   A successful login indicates that the Distributed Authentication User Interface will be successful in authentication during the configuration process.

6. Log out of the OpenSSO Enterprise console.