To deploy the SAML v2 Plug-in for Federation Services in Application Server, type:
# ApplicationServer-base/bin/asadmin deploy --user AS-administrator --passwordfile filename --port port-number --contextroot deployment-URI --name deployment-URI --target instance-name war-file-location |
For example, when deploying the SAML v2 Plug-in for Federation Services in an instance of Federation Manager deployed in Application Server, you might use:
# /opt/SUNWappserver/appserver/bin/asadmin deploy --user admin --passwordfile /tmp/pwdfile --port 4849 --contextroot fm --name fm --target server1 /var/opt/SUNWam/fm/war_staging/federation.war |
Following the deployment, you must modify the Application Server server.policy file. By default, it is located in the /var/opt/SUNWappserver/domains/domain-name/ directory. In the sample below, the capitalized contents (all but WEB-INF) must be replaced with information applicable to your deployment.
// Federation Manager RELATED ADDITIONS grant { permission java.util.PropertyPermission "user.language", "write"; }; grant codeBase "file:${BASEDIR}/${PROD_DIR}/fm/web-src/WEB-INF/lib/am_sdk.jar" { permission java.net.SocketPermission "*", "connect,accept,resolve"; }; grant codeBase "file:${BASEDIR}/${PROD_DIR}/fm/web-src/WEB-INF/lib/am_services.jar" { permission java.net.SocketPermission "*", "connect,accept,resolve"; }; grant codeBase "file:$AS81_VARDIR/domains/$AS81_DOMAIN/applications/ j2ee-modules/${DEPLOY_WARPREFIX}/-" { permission java.net.SocketPermission "*", "connect,accept,resolve"; }; grant { permission java.lang.RuntimePermission "modifyThreadGroup"; permission java.lang.RuntimePermission "setFactory"; permission java.lang.RuntimePermission "accessClassInPackage.*"; permission java.util.logging.LoggingPermission "control"; permission java.lang.RuntimePermission "shutdownHooks"; permission javax.security.auth.AuthPermission "insertProvider.Mozilla-JSS"; permission java.security.SecurityPermission "putProviderProperty.Mozilla-JSS"; permission javax.security.auth.AuthPermission "getLoginConfiguration"; permission javax.security.auth.AuthPermission "setLoginConfiguration"; permission javax.security.auth.AuthPermission "modifyPrincipals"; permission javax.security.auth.AuthPermission "createLoginContext.*"; permission java.security.SecurityPermission "insertProvider.Mozilla-JSS"; permission javax.security.auth.AuthPermission "putProviderProperty.Mozilla-JSS"; permission java.io.FilePermission "ALL FILES", "execute,delete"; permission java.io.FilePermission "$VAR_SUBDIR/logs/*", "delete,write"; permission java.util.PropertyPermission "java.util.logging.config.class", "write"; permission java.security.SecurityPermission "removeProvider.SUN"; permission java.security.SecurityPermission "insertProvider.SUN"; permission java.security.SecurityPermission "removeProvider.Mozilla-JSS"; permission javax.security.auth.AuthPermission "doAs"; permission java.util.PropertyPermission "java.security.krb5.realm", "write"; permission java.util.PropertyPermission "java.security.krb5.kdc", "write"; permission java.util.PropertyPermission "java.security.auth.login.config", "write"; permission javax.security.auth.kerberos.ServicePermission "*", "accept"; permission javax.net.ssl.SSLPermission "setHostnameVerifier"; };
Modifications to server.policy are made as follows:
Table A–1 server.policy Modifications After Installation
Replaceable Content |
Default Value |
---|---|
$BASEDIR |
/opt |
$PROD_DIR |
SUNWam |
$AS81_VARDIR |
/var/opt/SUNWappserver |
$AS81_DOMAIN |
domain1 |
$VAR_SUBDIR |
/var/opt/SUNWam |
$DEPLOY_WARPREFIX |
federation |