Documentation Home
> Sun OpenSSO Enterprise 8.0 Update 1 Release Notes
Sun OpenSSO Enterprise 8.0 Update 1 Release Notes
Book Information
Chapter 1 About OpenSSO Enterprise 8.0 Update 1
What's New in OpenSSO Enterprise 8.0 Update 1
OpenDS as a User Data Store
Simplified OpenSSO WAR File Creation
Centralized SAMLv2 Error Conditions Page
Secure Attribute Exchange (SAE) Data Encryption
FIPS Compliance Mode
Support for New Web Containers
OpenDS as a User Data Store
ASP.NET Fedlet
Other Enhancements in OpenSSO Enterprise 8.0 Update 1
CR 6244578: New Property Warns Users if Browser Cookie Support is Disabled or Not Available
CR 6770231: OpenSSO Enterprise 8.0 Update 1 Validates goto URLs
CR 6696910: New Property makes Event Notification Cache Configurable
CR 6740071: New Property Controls Session Cookie for Zero Page Authentication
CR 6691106: New Properties Prevent Multiple Site Monitor Threads
CR 6797423: New property configures OpenSSO Enterprise server policy decision cache
CR 6785321: CRL and OSCP checking support JSS-based logic
CR 6657112: Redirect callback support is added for Distributed Authentication Server UI
CR 6657367: CDCServlet removes the JavaScript enabled dependency for user's browser
CR 6496155: Policy agents send token other than the IP address in cookie hijacking mode
CR 6697260: New property allows policy agent sessions to time out
CR 6811036: After upgrading from JES4, in co-existence mode, amadmin authenticates to configuration data store
CR 6827616: SMS cache is disabled by default for the Client SDK
Hardware and Software Requirements For OpenSSO Enterprise 8.0 Update 1
Policy Agent Support in OpenSSO Enterprise 8.0 Update 1
OpenSSO Enterprise 8.0 Update 1 Issues and Workarounds
CR 6830298: OpenSSO Enterprise Admin Tools Must be Re-installed
CR 6823779: ssoadm cannot be used with Secure WebSphere Application Server 7.0
CR 6824420: Configuration fails for WebSphere Application Server 7.0 with Java 2 security enabled
CR 6836470: Hotfix Required to Use KDCs Hosted on Windows Server 2008
CR 6825011: Windows Desktop SSO Authentication fails with Login Exception on WebSphere Application Server 7.0
CR 6831600: Configurator buttons are not visible using Safari on a Mac
CR 6819848: Berkeley DB client does not failover to secondary Message Queue broker
CR 6834714: Permissions need updating for WebSphere Application Server 6.1
CR 6835816: After you enable FIPS mode, bootstrap file cannot be decrypted
CR 6831687: SAML2 post profile fails on the Service Provider (SP)
CR 6828741: Configuring OpenSSO Enterprise 8.0 Update 1 as site throws exception in debug logs
CR 6833362: SAMLv2 returns error on WebLogic Server 10 with SOAP binding
OpenSSO Enterprise 8.0 Update 1 Documentation
OpenSSO Enterprise 8.0 Update 1 Patch Releases
OpenSSO Enterprise 8.0 Update 1 Patch IDs
OpenSSO Enterprise 8.0 Update 1 Patch 3 (Patch ID 141655-04)
New Features in OpenSSO Enterprise 8.0 Update 1 Patch 3
Message Queue is upgraded from 4.3 to 4.4 (CR 6900482)
OpenSSO Enterprise session cookies can be marked as HTTPOnly (CR 6843487)
Support is added for module-based, realm-based, and service-based authentication (CR 6893507)
AMLoginModule class includes new method to determine user?s current session quota level (CR 6667760)
OpenSSO provides new property to specify client configuration folder (CR 6903279)
OpenSSO Console checks for minimum password length of 8 characters (CR 6888785)
OpenSSO Diagnostic Tool is available (CR 6900820)
Known Issues and Limitations in OpenSSO Enterprise 8.0 Update 1 Patch 3
OpenSSO ssoadm utility is not producing audit logs (CR 6928588)
STS client samples deployed on WebLogic Server and Jetty are not working for the valid keystore (CR 6928433)
Distributed Authentication UI deployments are not receiving session notifications (CR 6919698)
updateschema.sh script does not modify idRepoService to include minimum password length validation (CR 6919321)
Fedlet SSO HTTP POST link returns a blank page (CR 6927350)
Documentation Updates for OpenSSO Enterprise 8.0 Update 1 Patch 3
Upgrading to OpenSSO Enterprise 8.0 Update 1 Patch 3 (CR 6887525)
Changing Information in the Directory Server bootstrap File (CR 6849622)
OpenSSO Enterprise 8.0 Update 1 Patch 2 (141655-03)
Additional Web Container and Platform Support in OpenSSO Enterprise 8.0 Update 1 Patch 2
Known Issues and Limitations in OpenSSO Enterprise 8.0 Update 1 Patch 2
OpenSSO Enterprise cannot create URLStreamHandler for WebLogic Server (CR 6867442)
Deploying the console.war file in patch 141655-03 generates a malformed goto URL (CR 6881715)
Additional Information and Resources
Deprecation Notifications and Announcements
How to Report Problems and Provide Feedback
Accessibility Features for People With Disabilities
Related Third-Party Web Sites
Revision History
Chapter 2 Installing OpenSSO Enterprise 8.0 Update 1
OpenSSO Enterprise 8.0 Update 1 Installation Overview
OpenSSO Enterprise 8.0 Update 1 Patches
Planning Your Patch Operation
To Plan Your Patch Operation for OpenSSO Enterprise 8.0
Overview of the ssopatch Utility
Installing the ssopatch Utility
To Install the ssopatch Utility
Backing Up an OpenSSO Enterprise WAR File
Running the ssopatch Utility
To run the ssopatch utility, follow this usage:
Comparing an OpenSSO Enterprise WAR File to Its Internal Manifest
To Compare an OpenSSO Enterprise WAR File to Its Internal Manifest
Comparing Two OpenSSO Enterprise WAR Files
To Compare Two OpenSSO Enterprise WAR Files
Patching an OpenSSO Enterprise WAR File
To Create a Staging Area to Patch an OpenSSO Enterprise WAR File
Creating an OpenSSO Enterprise WAR Manifest File
To Create an OpenSSO Enterprise WAR Manifest File
Patching a Specialized OpenSSO Enterprise WAR
To Patch a Specialized OpenSSO Enterprise WAR
Running the updateschema Script
Before You Begin
To Run the updateschema Script
Backing Out a Patch Installation
Chapter 3 Installing the OpenSSO Enterprise 8.0 Update 1 Admin Tools
ssoAdminTools.zip Files
To Install the OpenSSO Enterprise Tools and Scripts
Using ssoadm With OpenSSO Enterprise Configured as a Site
To Use ssoadm With OpenSSO Enterprise Configured as a Site
Chapter 4 Creating a Specialized OpenSSO Enterprise 8.0 Update 1 WAR File
Overview of the createwar Script
Running the createwar Script
Before You Begin Creating a Specialized WAR
Examples of Creating Specialized OpenSSO War Files
Creating a Console Only WAR File
To Create a Console Only WAR File
Creating a Distributed Authentication UI Server WAR File
To Create a Distributed Authentication UI Server WAR File
Creating a Server Only (No Admin Console) WAR File
To Create a Server Only (No Admin Console) WAR File
Creating an IDP Discovery Service WAR File
To Create an IDP Discovery Service WAR File
After You Finish Creating a Specialized WAR
Creating a Distributed Authentication UI Server User
To Create a Distributed Authentication UI Server User
Related Information
Chapter 5 Deploying IBM WebSphere Application Server 7.0 as the OpenSSO Enterprise 8.0 Update 1 Web Container
Before Deploying OpenSSO on WebSphere Application Server 7.0
Add GenericJvmArguments and Security Permissions
Using the ssoadm and ampassword Utilities with the IBM JDK
Chapter 6 Centralizing SAML Error Display in OpenSSO Enterprise 8.0 Update 1
How Does it Work?
Which Parameters are Sent?
Configuring the Error Processing URL Attribute
To Configure the Error Processing URL Attribute
SAML Error Messages
SAMLv2 Error Codes
SAMLv1.x Error Codes
Chapter 7 Encrypting Data in a Secure Attribute Exchange in OpenSSO Enterprise 8.0 Update 1
How Secure Attribute Exchange Data Encryption Works
Planning the Encryption Specifics
To Use the com.sun.identity.sae.api
To Set Up the Identity Provider
To Set Up the Service Provider
To Test the Configurations
Chapter 8 Configuring OpenSSO Enterprise 8.0 Update 1 in FIPS Mode
Before You Begin
Configuring the NSS Database in FIPS Mode
To Enable the FIPS-140 Standard for Web Server 7.0
Enabling the FIPS-140 Standard for Sun Java System Web Server 7.0
To Enable the FIPS-140 Standard for Web Server 7.0
To Set the Password Using the Web Server 7.0 Admin Console
To Set the Password Using Web Server 7.0 CLI
To Enable FIPS mode for Web Server 7.0 With modutil
To Pull the Changes into the Admin Server
To Test the FIPS Mode Change
Configuring an OpenSSO Enterprise 8.0 Instance Using the Console
To Configure an OpenSSO Enterprise 8.0 Instance Using the Console
Chapter 9 Using OpenDS as a User Data Store for OpenSSO Enterprise 8.0 Update 1
Before You Begin
To Download and Install OpenDS
To Add the OpenSSO Schema and Supporting OpenDS User Management Data to OpenDS
Configuring OpenSSO to Use OpenDS as the User Data Store
To Create a New LDAPv3-Compliant User Data Store at the Command Line
To Create a New LDAPv3-compliant User Data Store Using the OpenSSO Administration Console
To Remove the OpenSSO schema from OpenDS
Troubleshooting
About the OpenSSO User Data Store
Supported Features for Various Directory Servers
Data Stores and Supported Operations
Additional Information About Using IBM Tivoli Directory Server Configured as the IDRepo Data Store
Additional Information for Determining Which User Data Store to Use
Chapter 10 Using the ASP.NET Fedlet with OpenSSO Enterprise 8.0 Update 1
To Configure the Identity Provider
To Configure the Service Provider and the ASP.NET Fedlet
To Configure the Sample Application and Test the ASP.NET Fedlet
To Integrate the ASP.NET Fedlet with an Existing Application
© 2010, Oracle Corporation and/or its affiliates