Sun OpenSSO Enterprise 8.0 Installation and Configuration Guide

Chapter 3 Installing OpenSSO Enterprise

Installing Sun OpenSSO Enterprise from a web archive (WAR) file involves these steps:

Before you begin, check the OpenSSO Enterprise 8.0 Requirements.

Downloading OpenSSO Enterprise

OpenSSO Enterprise is available in the opensso_enterprise_80.zip file, which you can download from the following site:

http://www.oracle.com/technetwork/indexes/downloads/index.html

The following table describes the layout after you unzip the opensso_enterprise_80.zip file. The directory where you unzip the file is represented by zip-root.

Table 3–1 OpenSSO Enterprise opensso_enterprise_80.zip File Layout


`zip-root/opensso/` Directory	Description
`deployable-war`	OpenSSO Enterprise WAR and related files: `opensso.war` contains all OpenSSO Enterprise components. Use this file you to deploy OpenSSO Enterprise server or to generate specialized WAR files. See Deploying the OpenSSO Enterprise WAR File. `console` contains the additional files for deploying only the OpenSSO Enterprise Console. See Chapter 11, Installing the OpenSSO Enterprise Console Only. `distauth` contains the additional files for deploying a Distributed Authentication UI server. See Chapter 9, Deploying a Distributed Authentication UI Server. `idpdiscovery` contains the additional files for deploying OpenSSO Enterprise as an identity provider (IDP) using the Discovery Service. See Chapter 10, Deploying the Identity Provider (IDP) Discovery Service. `noconsole` contains the additional files for deploying OpenSSO Enterprise server without the Console. See Chapter 12, Installing OpenSSO Enterprise Server Only. `fam-distauth.list`, `fam-console.list`, `fam-noconsole.list`, `fam-idpdiscovery.list`, and `fam-nosample.list` lists the files that allow you to create specialized WAR files. See Creating and Deploying Specialized OpenSSO Enterprise WAR Files.
`docs`	Java API reference documentation (`opensso-public-javadocs.jar`).
`integrations`	`cleartrust` contains the files to install and configure a custom authentication module that enables the SSO integration between OpenSSO Enterprise and RSA Access Manager (formerly RSA ClearTrust). `oracle` contains the files for integrating OpenSSO Enterprise with Oracle Access Manager (formerly Oblix). `siteminder` contains the files for integrating OpenSSO Enterprise with Computer Associates SiteMinder.
`fedlet`	`Fedlet-unconfigured.zip file`. After you unzip this file, `fedlet.war` allows you to deploy the Fedlet, a light-weight SAMLv2 service provider (SP). Follow the instructions in the Readme to configure the Fedlet metadata and COT and to deploy `fedlet.war`.
`ldif`	LDIF files for Sun Java System Directory Server, Microsoft Active Directory, and other LDAPv3 compliant directory servers.
`libraries`	DLL and JAR files for components such as OpenSSO Enterprise client SDK, the C SDK library for web policy agents, and the Secure Attribute Exchange (SAE) also known as Virtual Federation Proxy.
`patches`	Reserved for future use.
`samples`	Client SDK and samples (`opensso-client.zip`). See Chapter 13, Installing the OpenSSO Enterprise Client SDK.
`tools`	OpenSSO Enterprise tools and utilities: `ssoAdminTools.zip` contains files to setup and run the OpenSSO Enterprise command-line (CLI) utilities and scripts such as `ssoadm` and `ampassword`. `ssoSessionTools.zip` contains the files to setup and configure OpenSSO Enterprise session failover. `helpers` contains files for the UNIX authentication helper (`amunixd`). See Chapter 6, Installing the OpenSSO Enterprise Utilities and Scripts.
`upgrade`	Upgrade scripts and related files to upgrade Access Manager or Federation Manager. See the Sun OpenSSO Enterprise 8.0 Upgrade Guide.
`xml`	OpenSSO Enterprise XML files, such as `amAdminConsole.xml`, `amAuth.xml`, `amSession.xml`, and `amUser.xml`.

Deploying the OpenSSO Enterprise WAR File

Before you deploy the opensso.war, a supported web container must be deployed and configured, as described in Chapter 2, Deploying the OpenSSO Enterprise Web Container.

Then you deploy the OpenSSO Enterprise WAR (opensso.war) file using the web container administration console or deploy command.

Caution –

If you plan to use the OpenSSO configuration data store, you must deploy OpenSSO Enterprise on a local file system and not on an NFS-mounted file system. The OpenSSO configuration data store, which is deployed with OpenSSO Enterprise, is not supported on an NFS-mounted file system.

To Deploy the OpenSSO Enterprise WAR (`opensso.war`) File

Login as a user who has the following privileges:
- Access to the OpenSSO Enterprise web container administration console, if you plan to deploy opensso.war using the console.
  
  or
- The capability to execute the web container's deploy command-line utility, if you plan to deploy opensso.war using the CLI.

If necessary, copy opensso.war to the server where you want to deploy OpenSSO Enterprise.

Deploy opensso.war using either the web container administration console or deploy command.

If the OpenSSO Enterprise web container administration console includes the option to deploy a WAR file, this method is usually the simplest one to use.

Otherwise, use the web container deploy command. For example, the following command deploys opensso.war on the Application Server 9.1 web container on Solaris systems:
```
# cd /opt/SUNWappserver/appserver/bin
# ./asadmin deploy --user admin --passwordfile /tmp/pwdfile
--port 4848 zip-root/opensso/deployable-war/opensso.war
```
where:
- zip-root is where you unzipped the opensso_enterprise_80.zip file. Or, if you copied opensso.war to a different location, use that location in the command.
- /tmp/pwdfile is the Application Server 9.1 password file. This ASCII text file contains the AS_ADMIN_PASSWORD variable set to the administrator password.

Next Steps

Continue with the initial OpenSSO Enterprise server configuration using the Configurator:

Chapter 4, Configuring OpenSSO Enterprise Using the GUI Configurator

Chapter 5, Configuring OpenSSO Enterprise Using the Command-Line Configurator

Creating and Deploying Specialized OpenSSO Enterprise WAR Files

In addition to an OpenSSO Enterprise full server deployment, you can also create and deploy the following specialized WAR files:

Distributed Authentication UI Server: Chapter 9, Deploying a Distributed Authentication UI Server
IDP Discovery Service: Chapter 10, Deploying the Identity Provider (IDP) Discovery Service
OpenSSO Enterprise Administration Console only: Chapter 11, Installing the OpenSSO Enterprise Console Only
OpenSSO Enterprise server without the Administration Console: Chapter 12, Installing OpenSSO Enterprise Server Only
OpenSSO Enterprise client SDK: Chapter 13, Installing the OpenSSO Enterprise Client SDK

Examples: Deploying OpenSSO Enterprise on JBoss Application Server

This section describes two additional methods to deploy OpenSSO Enterprise. Each method uses JBoss Application Server as the web container, but you can also use these methods on other web containers, if the container support the method.

Method 1: Deploying OpenSSO Enterprise Server on JBoss Application Server Using the Exploded Archive Method

To Deploy OpenSSO Enterprise Server on JBoss Application Server Using the Exploded Archive Method

Create a subdirectory under JBOSS_HOME/server/instance/deploy/name_of_war_file. For example:

# mkdir /opt/jboss-4.2.2.GA/server/opensso/deploy/opensso.war

Explode the opensso.war file in this new directory. For example:
```
# cd /opt/jboss-4.2.2.GA/server/opensso/deploy/opensso.war
# jar xvf /tmp/opensso.war
```
Your don't need to restart the container, because JBoss Application Server will automatically hot-deploy it.

Point your browser to http://host.domain:port/opensso or http://host:port/openssoand start configuring OpenSSO Enterpriseserver.

The OpenSSO Enterprise Configurator will write a bootstrap file in your home directory. For example:

/.openssocfg/AMConfig_opt_jboss-4.2.2.GA_server_opensso_._deploy_opensso.war_

Method 2: Deploing OpenSSO Enterprise Server on JBoss Application Server Using the Traditional Single Archive Method

To Deploy OpenSSO Enterprise Server on JBoss Application Server Using the Traditional Single Archive Method

Explode the opensso.war file in a temporary directory. For example:
```
# cd /tmp/sun
# jar xvf zip-root/opensso/deployable-war/opensso.war
```
where zip-root is where you unzipped the opensso_enterprise_80.zip file.

In the WEB-INF/classes/bootstrap.properties file, uncomment the configuration.dir property and set the property to the configuration directory that you plan to use for the OpenSSO Enterprise installation. For example:
```
configuration.dir=/opt/opensso-server1
```

Create a new opensso.war with the extracted contents. For example:
```
# cd /tmp/sun
# jar cvf /tmp/opensso.war *
```

Hot-deploy this new WAR file on the JBoss Application Server container instance by copying the opensso.war from Step 3 to the JBoss deploy directory. For example:
```
# cp /tmp/opensso.war /opt/jboss-4.2.2.GA/server/opensso/deploy
```

Start configuring OpenSSO Enterprise by pointing your browser to http://host.domain:port/opensso or http://host:port/opensso.

Note: Because you pre-configured the OpenSSO Enterprise configuration directory in the opensso.war file in Step 4, you won't be able to change it during the configuration process.