Enabling The Notification Service

Following are the steps to configure the remote SSO SDK to receive session notifications.

To Receive Session Notifications

Install Access Manager on Machine 1.

Install Sun Java System Web Server on Machine 2.

Install the SUNWamsdk on the same machine as the Web Server.

For instructions on installing the Access Manager SDK remotely, see the Sun Java Enterprise System 5 Installation Guide.

Ensure that the following are true concerning the machine where the SDK is installed.

Ensure that the right access permissions are set for the / remote_SDK_server/ SUNWam/lib and / remote_SDK_server / SUNWam/locale directories on the server where the SDK is installed.

These directories contains the files and jars on the remote server.

Ensure that the following permissions are set in the Grant section of the server.policy file of the Web Server.

server.policy is in the config directory of the Web Server installation. These permissions can be copied and pasted, if necessary:

permission java.security.SecurityPermission "putProviderProperty.Mozilla-JSS"

permission java.security.SecurityPermission "insertProvider.Mozilla-JSS";

Ensure that the correct classpath is set in server.xml.

server.xml is also in the config directory of the Web Server installation. A typical classpath would be:

<JAVA javahome="/export/home/ws61/bin/https/jdk" 
serverclasspath="/export/home/ws61/bin/https/jar/webserv-rt.jar:
${java.home}/lib/tools.jar:/export/home/ws61/bin/https/jar/webserv-ext.jar:
/export/home/ws61/bin/https/jar/webserv-jstl.jar:/export/home/ws61/
	bin/https/jar/nova.jar"
classpathsuffix="::/IS_CLASSPATH_BEGIN_DELIM:
				//usr/share/lib/xalan.jar:
				//export/SUNWam/lib/xmlsec.jar:
				//usr/share/lib/xercesImpl.jar:
				//usr/share/lib/sax.jar:
				//usr/share/lib/dom.jar:
				//export/SUNWam/lib/dom4j.jar:
				//export/SUNWam/lib/jakarta-log4j-1.2.6.jar:
				//usr/share/lib/jaxm-api.jar:
				//usr/share/lib/saaj-api.jar:
				//usr/share/lib/jaxrpc-api.jar:
				//usr/share/lib/jaxrpc-impl.jar:
				//export/SUNWam/lib/jaxm-runtime.jar:
				//usr/share/lib/saaj-impl.jar:/export/SUNWam
				//lib:/export/SUNWam/locale:
				//usr/share/lib/mps/jss3.jar:
				//export/SUNWam/lib/	am_sdk.jar:
				//export/SUNWam/lib/am_services.jar:
				//export/SUNWam/lib/am_sso_provider.jar:
				//export/SUNWam/lib/swec.jar:
				//export/SUNWam/lib/acmecrypt.jar:
				//export/SUNWam/lib/iaik_ssl.jar:
				//usr/share/lib/jaxp-api.jar:
				//usr/share/lib/mail.jar:
				//usr/share/lib/activation.jar:
				//export/SUNWam/lib/servlet.jar:
				//export/SUNWam/lib/am_logging.jar:
				//usr/share/lib/commons-logging.jar:
				//IS_CLASSPATH_END_DELIM:" 
envclasspathignored="true" debug="false"
debugoptions="-Xdebug -Xrunjdwp:
transport=dt_socket,
server=y,suspend=n" 
javacoptions="-g" 
dynamicreloadinterval="2">

Use the SSO samples installed on the remote SDK server for configuration purposes.
1. Change to the / remote_SDK_server /SUNWam/samples/sso directory.
2. Run gmake.
3. Copy the generated class files from / remote_SDK_server /SUNWam/samples/sso to / remote_SDK_server /SUNWam/lib/.

Copy the encryption value of am.encryption.pwd from the AMConfig.properties file installed with Access Manager to the AMConfig.properties file on the remote server to which the SDK was installed.

The value of am.encryption.pwd is used for encrypting and decrypting passwords.

Execute the servlet by entering http:// remote_SDK_host:58080/servlet/SSOTokenSampleServlet into the browser location field and validating the SSOToken.

SSOTokenSampleServlet is used for validating a session token and adding a listener. Executing the servlet will print out the following message:

SSOToken host name: 192.18.149.33 SSOToken Principal name: uid=amAdmin,ou=People,dc=red,dc=iplanet,dc=com Authentication type used: LDAP IPAddress of the host: 192.18.149.33 The token id is AQIC5wM2LY4SfcyURnObg7vEgdkb+32T43+RZN30Req/BGE= Property: Company is - Sun Microsystems Property: Country is - USA SSO Token Validation test Succeeded

Set the property com.iplanet.am.notification.url= in AMConfig.properties of the machine where the Client SDK is installed:

com.iplanet.am.notification.url=http://clientSDK_host.domain:port
/servlet
    com.iplanet.services.comm.client.PLLNotificationServlet

Restart the Web Server.

Execute the servlet by entering http:// remote_SDK_host:58080/servlet/SSOTokenSampleServlet into the browser location field and validating the SSOToken again.

When the machine on which the remote SDK is running receives the notification, it will call the respective listener when the session state is changed. Note that the notifications can be received only if the remote SDK is installed on a web container.

To Enable the Notification Service with a Portal-only Installation

This section describes the steps to enable notification with WebLogic 8.1 in a Portal-only installation, which by default runs in polling mode. For Portal instances that also contain the amserver component, these procedures are not needed. amserver components are automatically configured to perform notification.

Register the PLLNotificationServlet in WebLogic.

WebLogic 8.1 requires that a web application be deployed. Also, the servlet URL must be valid so that when accessed from a browser, the following message is returned:
Webtop 2.5 Platform Low Level notification servlet

Enter the registered URL into AMConfig.properties as follows:

com.iplanet.am.notifaction.url=http://weblogic_instance-host.domain:port/notification/PLLNotificationServlet

Disable polling in AMConfig.properties. This automatically enables notification:

com.iplanet.am.session.client.polling.enable=false

Restart WebLogic and test the configuration.

If you have set the debug mode to message, you should see session notification arriving at the portal when triggered. For example, a action such as the termination of a user from the Access Manager console will cause a notification event.

Previous: Overview