Deployment Example: SAML v2 Using Sun OpenSSO Enterprise 8.0

ProcedureTo Install the J2EE Policy Agent on Protected Resource 1

Before You Begin

Set JAVA_HOME to /usr/local/bea/jdk150_06.

  1. As a root user, log into the host machine.

  2. Stop the WebLogic Server 1 administration server and the WebLogic Server 1 managed instance.

    # cd /usr/local/bea/user_projects/domains/pr1/bin
    # ./ ApplicationServer-1 t3://localhost:7001
    # ./
  3. Create a directory into which you will download the J2EE Policy Agent bits and change into it.

    # mkdir /export/J2EEPA1
    # cd /export/J2EEPA1
  4. Create a text file that contains a password for the Agent Profile created during installation.

    The J2EE Policy Agent installer requires this.

    # cat > agent.pwd
    Hit Control D to terminate the command
  5. Download the J2EE policy agent bits for WebLogic Server from

    # ls -al
    total 18824
    drwxr-xr-x   2 root     root         512 Jul 17 16:02 .
    drwxr-xr-x   8 root     root         512 Jul 17 15:58 ..
    -rw-r--r--   1 root     root          11 Jul 17 15:59 agent.pwd
    -rw-r--r--   1 root     root           9 Jul 17 16:01 agentadm.pwd
    -rw-r--r--   1 root     root     9623704 Jul 17 16:02
  6. Unzip the J2EE policy agent bits.

    # unzip
  7. Run the J2EE policy agent installer.

    # cd /export/J2EEPA1/j2ee_agents/weblogic_v10_agent/bin
    # chmod 755 agentadmin
    # ./agentadmin --custom-install
  8. When prompted, provide the following information.

    The following information is to configure the J2EE Policy Agent against the OpenSSO Enterprise secure port.

    Please read the following License Agreement carefully:

    Press Enter to continue. Continue to press Enter until you reach the end of the License Agreement and the installer's Welcome page is displayed. 

    Enter startup script location.

    Enter /usr/local/bea/user_projects/domains/pr1/bin/

    Enter the WebLogic Server instance 
    name: [AdminServer]

    Enter the name of the WebLogic Server instance secured by the agent ApplicationServer-1

    Enter the WebLogic home directory: 

    Enter /usr/local/bea/weblogic10.

    OpenSSO Enterprise 

    Enter the URL where OpenSSO Enterprise is running (including the URI):

    Is the agent being deployed on a Portal domain [false]

    Accept the default value. 

    Agent URL:

    Enter the URL where the policy agent is running (including the URI):

    Enter the Encryption Key 

    Accept the default value. 

    Enter the Agent Profile Name:


    Enter the path to the password File:

    Enter /export/J2EEPA1/agent.pwd, path to the file that contains the password used for identifying the policy agent.

    Note –

    A warning message is displayed regarding the existence of the agent profile.

    This Agent Profile does not exist in 
    OpenSSO Enterprise. 
    Will it be created by the installer? (Agent 
    Administrator name and password are required) 

    Accept the default value to create the Agent Profile during installation. 

    Startup script location :
    WebLogic Server instance name : 
    WebLogic home directory : 
    OpenSSO Server URL :
    Agent Installed on Portal domain : false
    Agent URL :
    Encryption Key : 
    Agent Profile name : j2eeagent-1
    Agent Profile Password file name :
    Verify your settings and decide from 
    the choices below:
    1. Continue with Installation
    2. Back to the last interaction
    3. Start Over
    4. Exit
    Please make your selection [1]:

    Accept the default value. 

    Agent instance name: Agent_001
    Agent Bootstrap file location:
    Agent Configuration file location
    Agent Audit directory location:
    Agent Debug directory location:
    Install log file location:

    Accept the default value. 

    When the installer is finished, a new file is in the bin directory called

  9. Modify the startup script to reference with the following sub procedure.

    Tip –

    Backup before you modify it.

    1. Change to the bin directory.

      # cd /usr/local/bea/user_projects/domains/pr1/bin
    2. Insert the following line at the end of

      . /usr/local/bea/user_projects/domains/pr1/
    3. Save and close the file.

  10. Change permissions for

    # chmod 755
  11. Start the WebLogic Server administration server and managed instance.

    # ./ &
    # ./ ApplicationSever-1 t3://localhost:7001

    Watch for startup errors.

  12. Verify that the J2EE Policy Agent 1 was successfully created in OpenSSO Enterprise using the following sub procedure.

    1. Access from a web browser.

    2. Log in to the OpenSSO Enterprise console as the administrator.

      User Name:




    3. Under the Access Control tab, click / (Top Level Realm).

    4. Click the Agents tab.

    5. Click the J2EE tab.

      j2eeagent-1 is displayed under the Agent table.

    6. Click j2eeagent-1.

      The j2eeagent-1 properties page is displayed.

    7. Log out of the OpenSSO Enterprise console and close the browser.

  13. Remove the password files.

    # cd /export/J2EEPA1
    # rm agent.pwd
    # rm agentadm.pwd
  14. Log out of the host machine.