8.3 Deploying and Configuring OpenSSO Enterprise 1 and OpenSSO Enterprise 2

An OpenSSO Enterprise WAR will be deployed in the installed Application Server containers on both OpenSSO Enterprise host machines. Additionally, you will configure the deployed applications. Use the following list of procedures as a checklist for completing the tasks.

1. To Generate an OpenSSO Enterprise WAR on the OpenSSO Enterprise 1 Host Machine

2. To Deploy the OpenSSO Enterprise WAR as OpenSSO Enterprise 1

3. To Copy the OpenSSO Enterprise WAR to the OpenSSO Enterprise 2 Host Machine

4. To Deploy the OpenSSO Enterprise WAR File as OpenSSO Enterprise 2

5. To Configure OpenSSO Enterprise 1

6. To Configure OpenSSO Enterprise 2

To Generate an OpenSSO Enterprise WAR on the OpenSSO Enterprise 1 Host Machine

1. As a root user, log in to the osso1.sp-example.com host machine.

2. Create a directory into which the OpenSSO Enterprise ZIP file can be downloaded and change into it.

   # mkdir /export/OSSO_BITS # cd /export/OSSO_BITS

3. Download the OpenSSO Enterprise ZIP file from http://www.sun.com/download/.

4. Unzip the downloaded file.

   # unzip opensso_enterprise_80.zip # cd /export/OSSO_BITS/opensso # ls -al total 68 drwxr-xr-x 14 root root 512 Sep 8 11:13 ./ drwxrwxr-x 3 root root 512 Sep 15 13:06 ../ -rw-r--r-- 1 root root 1349 Sep 8 10:58 README drwxr-xr-x 6 root root 512 Sep 8 11:15 deployable-war/ drwxr-xr-x 2 root root 512 Sep 8 11:13 docs/ drwxr-xr-x 2 root root 512 Sep 8 11:13 fedlet/ drwxr-xr-x 5 root root 512 Sep 8 11:11 integrations/ drwxr-xr-x 2 root root 512 Sep 8 11:13 ldif/ drwxr-xr-x 4 root root 512 Sep 8 11:13 libraries/ -rw-r--r-- 1 root root 17003 Sep 8 10:58 license.txt drwxr-xr-x 2 root root 512 Sep 8 11:13 migration/ drwxr-xr-x 2 root root 512 Sep 8 11:13 patches/ drwxr-xr-x 2 root root 512 Sep 8 11:13 samples/ drwxr-xr-x 2 root root 512 Sep 8 11:14 tools/ drwxr-xr-x 8 root root 512 Sep 8 11:13 upgrade/ drwxr-xr-x 2 root root 2048 Sep 8 11:11 xml/

5. Switch to the non-root user.

   # su osso80adm

6. Create a staging area in the non-root user directory into which the WAR will be exploded.

   # cd /export/osso80adm # mkdir osso-staging

   ---

   Tip –

   In the staging area, after exploding the WAR, you can modify the WAR contents to suit your needs, generate a new WAR, and deploy it on any number of remote host computers. Whenever you need to make changes to the WAR, you maintain the changes in this one staging area, and redeploy the modified WAR as many times as you want, on as many host machines as you need.

   ---

7. Explode the WAR file.

   # cd osso-staging # jar xvf /export/OSSO_BITS/opensso/deployable-war/opensso.war

8. Make the following modifications to the bootstrap.properties file.

   By default, during the WAR deployment, OpenSSO Enterprise creates a bootstrap file in the user's home directory. The bootstrap.properties file points to the directory where all the OpenSSO Enterprise configurations will be created. With these modifications, OpenSSO Enterprise will create the bootstrap file in the directory you specify; in this case, /export/osso80adm/config. bootstrap.properties is located in /export/osso80adm/osso-staging/WEB-INF/classes.

   • Uncomment the line that reads #configuration.dir=.

   • Add the following value to the configuration.dir= property so it reads as follows.

     configuration.dir=/export/osso80adm/config

9. Regenerate the WAR.

   # cd /export/osso80adm/osso-staging # jar cvf ../opensso.war *

   A new WAR file is created, including the modified bootstrap.properties.

10. Verify that the new WAR was created in the proper location and with the appropriate permissions.

    # cd /export/osso80adm/osso-staging # /bin/rm -rf * # jar xvf ../opensso.war # ls -al total 498 drwxr-xr-x 7 osso80adm staff 512 Aug 5 13:44 . drwxr-xr-x 12 root sys 512 Aug 5 11:11 .. -rw------- 1 osso80adm staff 779 Aug 5 14:56 .asadmintruststore drwx------ 2 osso80adm staff 512 Aug 5 14:44 .gconf drwx------ 2 osso80adm staff 512 Aug 5 14:44 .gconfd -rw-r--r-- 1 osso80adm staff 144 Aug 5 17:02 .profile drwx------ 3 osso80adm staff 512 Aug 5 11:20 .sunw drwxr-xr-x 3 osso80adm staff 512 Aug 5 14:55 domains drwxr-xr-x 21 osso80adm staff 1024 Aug 5 13:43 osso-staging -rw-r--r-- 1 osso80adm staff 68884903 Aug 5 13:45 opensso.war -rw-r--r-- 1 osso80adm staff 136 Aug 5 17:02 local.cshrc -rw-r--r-- 1 osso80adm staff 157 Aug 5 17:02 local.login -rw-r--r-- 1 osso80adm staff 174 Aug 5 17:02 local.profile

    ---

    Note –

    The opensso.war file is owned by osso80adm.

    ---

To Deploy the OpenSSO Enterprise WAR as OpenSSO Enterprise 1

Before You Begin

This procedure assumes you have just completed To Generate an OpenSSO Enterprise WAR on the OpenSSO Enterprise 1 Host Machine and are still logged into the osso1.sp-example.com host machine

1. On the osso1.sp-example.com host machine, switch to the non-root user osso80adm.

   # /bin/su osso80adm

2. Start the ossodomain domain.

   # cd /export/osso80adm/domains/ossodomain/bin # ./startserv admin username:domain2adm admin password:domain2pwd master password:domain2master Redirecting output to /export/osso80adm/domains/ossodomain/logs/server.log

3. Run asadmin deploy to deploy the OpenSSO Enterprise WAR.

   # cd /opt/SUNWappserver91/bin # ./asadmin deploy --user domain2adm --host osso1.sp-example.com --port=8989 --contextroot opensso --name opensso --target server /export/osso80adm/opensso.war Please enter the admin password> domain2pwd Command deploy executed successfully.

4. List the contents of the j2ee-modules directory to verify that the WAR file was successfully deployed.

   # cd /export/osso80adm/domains/ossodomain/applications/j2ee-modules # ls -al total 6 drwxr-xr-x 3 osso80adm staff 512 Aug 5 14:01 . drwxr-xr-x 6 osso80adm staff 512 Aug 5 14:55 .. drwxr-xr-x 21 osso80adm staff 1024 Aug 5 14:01 opensso

   opensso exists in the directory and is owned by the non-root user osso80adm.

5. Log out of the osso1.sp-example.com host machine.

To Copy the OpenSSO Enterprise WAR to the OpenSSO Enterprise 2 Host Machine

Before You Begin

This procedure assumes you have completed To Generate an OpenSSO Enterprise WAR on the OpenSSO Enterprise 1 Host Machine.

1. As a root user, log in to the osso2.sp-example.com host machine.

2. Switch to the non-root user osso80adm.

   # /bin/su osso80adm

3. Change into the osso80adm directory.

   # cd /export/osso80adm

4. Copy opensso.war from the osso1.sp-example.com host machine to the osso80adm directory.

5. Verify that the WAR file was copied into the proper location and with the appropriate permissions.

   # ls -al total 130552 drwxr-xr-x 6 osso80adm staff 512 Sep 5 14:14 . drwxr-xr-x 8 root sys 512 Sep 5 10:54 .. -rw-r--r-- 1 osso80adm staff 70 Sep 5 14:13 .asadminpass -rw------- 1 osso80adm staff 778 Sep 5 14:12 .asadmintruststore drwx------ 2 osso80adm staff 512 Sep 5 13:15 .gconf drwx------ 2 osso80adm staff 512 Sep 5 13:26 .gconfd -rw-r--r-- 1 osso80adm staff 144 Sep 5 15:00 .profile drwx------ 3 osso80adm staff 512 Sep 5 15:26 .sunw drwxr-xr-x 3 osso80adm staff 512 Sep 5 14:12 domains -rw-r--r-- 1 osso80adm staff 68884903 Sep 5 14:14 opensso.war -rw-r--r-- 1 osso80adm staff 136 Sep 5 15:00 local.cshrc -rw-r--r-- 1 osso80adm staff 157 Sep 5 15:00 local.login -rw-r--r-- 1 osso80adm staff 174 Sep 5 15:00 local.profile

   opensso.war exists in the directory and is owned by osso80adm.

To Deploy the OpenSSO Enterprise WAR File as OpenSSO Enterprise 2

Before You Begin

This procedure assumes you have just completed To Copy the OpenSSO Enterprise WAR to the OpenSSO Enterprise 2 Host Machine and are still logged into the osso2.sp-example.com host machine

1. On the osso2.sp-example.com host machine, switch to the non-root user osso80adm.

   # /bin/su osso80adm

2. Start the ossodomain domain.

   # cd /export/osso8/domains/ossodomain/bin # ./startserv admin username:domain2adm admin password:domain2pwd master password:domain2master Redirecting output to /export/osso80adm/domains/ossodomain/logs/server.log

3. Run asadmin deploy to deploy the OpenSSO Enterprise WAR file.

   # cd /opt/SUNWappserver91/bin # ./asadmin deploy --user domain2adm --host osso2.sp-example.com --port=8989 --contextroot opensso --name opensso --target server /export/osso80adm/opensso.war Please enter the admin password> domain2pwd Command deploy executed successfully.

4. List the contents of the j2ee-modules directory to verify that the WAR file was successfully deployed.

   # cd /export/osso80adm/domains/ossodomain/applications/j2ee-modules # ls -al total 6 drwxr-xr-x 3 osso80adm staff 512 Sep 5 14:01 . drwxr-xr-x 6 osso80adm staff 512 Sep 5 14:55 .. drwxr-xr-x 21 osso80adm staff 1024 Sep 5 14:01 opensso

   opensso exists in the directory and is owned by the non-root user osso80adm.

5. Log out of the osso2.sp-example.com host machine.

To Configure OpenSSO Enterprise 1

1. Access https://osso1.sp-example.com:1081/opensso from a web browser.

   The OpenSSO Enterprise Configurator page is displayed for first time access.

2. Select Create New Configuration under Custom Configuration on the Configurator page.

   The OpenSSO Enterprise Custom Configuration Wizard is displayed.

3. Provide the following information for the Default User [amAdmin] in Step 1: General and click Next.

   Password

   ossoadmin

   Confirm

   ossoadmin

4. Accept the default values in Step 2: Server Settings and click Next

5. Do the following in Step 3: Configuration Store and click Next

   1. Select First Instance.

   2. Select Embedded DS as the configuration data store.

   3. Accept the default values for the Port, Encryption Key, and Root Suffix fields.

6. Select Remote Directory in Step 4: User Store Settings, provide the following information and click Next

   SSL Enabled

   Check the box.

   Directory Name

   lb2.sp-example.com

   Port

   489

   Root Suffix

   o=spusers.com

   Password

   dsmanager

   Store Type

   Select Generic LDAP.

7. Select No in Step 5: Site Configuration and click Next.

8. Provide the following information for the Default Agent User [amldapuser] in Step 6: Default Agent User and click Next.

   Password

   agentuser

   Confirm

   agentuser

9. Click Create Configuration on the Summary page.

   The Configuration Complete page is displayed after configuration is completed.

10. Click Proceed to Login on the Configuration Complete page.

11. Log in to the OpenSSO Enterprise console as the administrator.

    User Name:

    amadmin

    Password:

    ossoadmin

    If authentication succeeds and the OpenSSO Enterprise console is displayed, OpenSSO Enterprise has successfully accessed the embedded configuration data store.

12. (Optional) To verify that the config directory and the supporting bootstrap directory have been created with the proper permissions, do the following.

    1. As a root user, log in to the osso1.sp-example.com host machine.

    2. Examine the file system.

       # cd /export/osso80adm # ls -al total 130556 drwxr-xr-x 8 osso80adm staff 512 Sep 6 19:32 . drwxr-xr-x 14 root sys 512 Sep 6 09:07 .. -rw-r--r-- 1 osso80adm staff 70 Sep 27 14:01 .asadminpass -rw------- 1 osso80adm staff 1527 Sep 6 18:27 .asadmintruststore -rw-r--r-- 1 osso80adm staff 144 Sep 11 17:02 .profile drwx------ 3 osso80adm staff 512 Sep 24 11:20 .sunw drwxr-xr-x 4 osso80adm staff 512 Sep 6 19:34 config drwxr-xr-x 4 osso80adm staff 512 Sep 6 18:26 domains -rw-r--r-- 1 osso80adm staff 136 Sep 11 17:02 local.cshrc -rw-r--r-- 1 osso80adm staff 157 Sep 11 17:02 local.login -rw-r--r-- 1 osso80adm staff 174 Sep 11 17:02 local.profile

       The config directory was created and is owned by non-root user osso80adm.

    3. Log out of the osso1.sp-example.com host machine.

To Configure OpenSSO Enterprise 2

1. Access https://osso2.sp-example.com:1081/opensso from a web browser.

   The OpenSSO Enterprise Configurator page is displayed for first time access.

2. Select Create New Configuration under Custom Configuration on the Configurator page.

   The OpenSSO Enterprise Custom Configuration Wizard is displayed.

3. Provide the following information for the Default User [amAdmin] in Step 1: General and click Next.

   Password

   ossoadmin

   Confirm

   ossoadmin

4. Accept the default values in Step 2: Server Settings and click Next

5. Do the following in Step 3: Configuration Store and click Next

   1. Select Add to Existing Deployment as the configuration data store.

   2. Server URL: https://osso2.sp-example.com:1081/opensso

6. Select No in Step 5: Site Configuration and click Next.

7. Click Create Configuration on the Summary page.

   The Configuration Complete page is displayed after configuration is completed.

8. Click Proceed to Login on the Configuration Complete page.

9. Log in to the OpenSSO Enterprise console as the administrator.

   User Name:

   amadmin

   Password:

   ossoadmin

   If authentication succeeds and the OpenSSO Enterprise console is displayed, OpenSSO Enterprise has successfully accessed the embedded configuration data store.

10. (Optional) To verify that the config directory and the supporting bootstrap directory have been created with the proper permissions, do the following.

    1. As a root user, log in to the osso2.sp-example.com host machine.

    2. Examine the file system.

       # cd /export/osso80adm # ls -al total 130556 drwxr-xr-x 8 osso80adm staff 512 Aug 6 19:32 . drwxr-xr-x 14 root sys 512 Aug 6 09:07 .. -rw-r--r-- 1 osso80adm staff 70 Mar 27 14:01 .asadminpass -rw------- 1 osso80adm staff 1527 Aug 6 18:27 .asadmintruststore -rw-r--r-- 1 osso80adm staff 144 Mar 11 17:02 .profile drwx------ 3 osso80adm staff 512 Mar 24 11:20 .sunw drwxr-xr-x 4 osso80adm staff 512 Aug 6 19:34 config drwxr-xr-x 4 osso80adm staff 512 Aug 6 18:26 domains -rw-r--r-- 1 osso80adm staff 136 Mar 11 17:02 local.cshrc -rw-r--r-- 1 osso80adm staff 157 Mar 11 17:02 local.login -rw-r--r-- 1 osso80adm staff 174 Mar 11 17:02 local.profile

       The config directory was created and is owned by non-root user osso80adm.

    3. Log out of the osso2.sp-example.com host machine.