Deployment Example: Single Sign-On, Load Balancing and Failover Using Sun OpenSSO Enterprise 8.0

8.2.3 Configuring the Web Policy Agents to Access the Distributed Authentication User Interface

Configure the web policy agents to point to the secure port of the Distributed Authentication User Interface Load Balancer 3. Use the following list of procedures as a checklist to complete the task.

  1. To Configure the Web Policy Agent 1 to Access the Distributed Authentication User Interface

  2. To Configure the Web Policy Agent 2 to Access the Distributed Authentication User Interface

ProcedureTo Configure the Web Policy Agent 1 to Access the Distributed Authentication User Interface

  1. Access https://osso-1.example.com:1081/opensso/console from a web browser.

  2. Log in to the OpenSSO Enterprise console as the administrator.

    Username

    amadmin

    Password

    ossoadmin

  3. Under the Access Control tab, click / (Top Level Realm).

  4. Click the Agents tab.

  5. Click the Web tab.

    webagent-1 is displayed under the Agent table.

  6. Click webagent-1.

    The webagent-1 properties page is displayed.

  7. Click the OpenSSO Services tab.

    The Services properties page is displayed.

  8. Make the following changes to the OpenSSO Login URL value and click Save.

    • Select https://lb-2.example.com:1081/opensso/UI/Login and click Remove.

    • Enter https://lb-3.example.com:1443/distAuth/UI/Login and click Add.

  9. Log out of the OpenSSO Enterprise console.

  10. Verify that the agent is configured properly using the following sub procedure.

    1. Access http://pr-1.example.com:1080/index.html from a web browser.

      You are redirected to the Distributed Authentication User Interface at https://lb-3.example.com:1443/distAuth/UI/Login.

    2. (Optional) Double-click the gold lock in the lower left corner of the browser.

      In the Properties page, you see the certificate for lb-3.example.com.

    3. Log in to OpenSSO Enterprise as testuser1.

      Username

      testuser1

      Password

      password

      The default index page for Web Server 1 is displayed as testuser1 is defined in the test policy as having permission to access Protected Resource 1.

    4. Close the browser.

ProcedureTo Configure the Web Policy Agent 2 to Access the Distributed Authentication User Interface

  1. Access https://osso-1.example.com:1081/opensso/console from a web browser.

  2. Log in to the OpenSSO Enterprise console as the administrator.

    Username

    amadmin

    Password

    ossoadmin

  3. Under the Access Control tab, click / (Top Level Realm).

  4. Click the Agents tab.

  5. Click the Web tab.

    webagent-2 is displayed under the Agent table.

  6. Click webagent-2.

    The webagent-2 properties page is displayed.

  7. Click the OpenSSO Services tab.

    The Services properties page is displayed.

  8. Make the following changes to the OpenSSO Login URL value and click Save.

    • Select [0]=https://lb-2.example.com:1081/opensso/UI/Login and click Remove.

    • Enter [0]=https://lb-3.example.com:1443/distAuth/UI/Login and click Add.

  9. Log out of the OpenSSO Enterprise console.

  10. Verify that the agent is configured properly using the following sub procedure.

    1. Access http://pr-2.example.com:1080/index.html from a web browser.

      You are redirected to the Distributed Authentication User Interface at https://lb-3.example.com:1443/distAuth/UI/Login.

    2. (Optional) Double-click the gold lock in the lower left corner of the browser.

      In the Properties page, you see the certificate for lb-3.example.com.

    3. Log in to OpenSSO Enterprise as testuser1.

      Username

      testuser1

      Password

      password

      The default index page for Web Server 2 is displayed as testuser1 is defined in the test policy as having permission to access Protected Resource 2.

    4. Close the browser.