Setting Up and Configuring the Integrated Environment
Before you can integrate other applications with OpenSSO Enterprise, you must resolve the following issues:
Deployment Planning
The following steps form a very general and high-level guide to determine what approach is best for you.
-
Determine if an OpenSSO Enterprise Policy Agent is available for the container or application you want to use.
-
Determine if the proxy OpenSSO Enterprise Policy Agent is usable in front of the application.
-
Determine if the application or container plug-ins that externalizes security (independent of the application business logic) are available and pluggable. Consider using the Client SDK to implement these plug-ins. This is how an OpenSSO Enterprise policy agent typically starts out.
-
Determine if a signed and encrypted query, post, or XML API is applicable.
-
Determine if you need to embed the Client SDK in your application or container. The obvious example is when “no” is the answer in the all of the four previous steps. You may still need to use this approach if certain functionality is not supplied by an available policy agent. An example is when you must use fine-grained, application-specific policies.
-
Consider using Server SPIs to customize the OpenSSO Enterprise server behavior to your needs.
Required Hardware and Software
The following software components are required to integrate OpenSSO Enterprise with other applications:
-
Sun OpenSSO Enterprise 8.0
-
Sun OpenSSO Enterprise 8.0 Client SDK
-
Sun OpenSSO Enterprise Policy Agent 3.0
Some programming effort using the OpenSSO Enterprise Client SDK is required to implement the following business use cases:
Installing and configuring an OpenSSO Enterprise Policy Agent is required to implement the following business use cases:
In OpenSSO Enterprise Policy Agent 3.0 the Centralized Agent Configuration feature enables centralized Policy Agent management. In earlier versions, the Policy Agent configuration is local to the server being protected.
Downloading the Client SDK
Download the OpenSSO Enterprise Client SDK from the following URL:
https://opensso.dev.java.net/public/use/index.html
The OpenSSO Enterprise Client SDK is part of the opensso_enterprise_80.zip distribution, and is present in the samples/opensso-client.zip file within that distribution. See the README files inside the opensso-client.zip file for instructions on installing the OpenSSO Enterprise SDK. The OpenSSO Enterprise API Javadoc is available in the docs/opensso-public-javadocs.jar file.
Downloading the OpenSSO Enterprise Policy Agent 3.0
For download and installation information, go to the OpenSSO Enterprise Policy Agent 3.0 website at the following URL: .
You will also find other useful articles about Policy Agent troubleshooting.
The OpenSSO Enterprise command-line interface tool ssoadmin supports the following Policy Agent operations through it sub-commands:
-
Create a Policy Agent configuration
-
Delete a Policy Agent configuration
-
Update a Policy Agent configuration
-
List Policy Agent configurations
-
Display a Policy Agent configuration
-
Create a Policy Agent group
-
Delete a Policy Agent group
-
List agent groups
-
List Policy Agent group members
-
Add a Policy Agent to a group
-
Remove a Policy Agent from a group
The OpenSSO Enterprise administration console supports all of the above operations. The table below summarizes the compatibility between the various versions of OpenSSO Enterprise and the OpenSSO Enterprise Policy Agent.
Table 4–1 OpenSSO Enterprise Server Compatibility with OpenSSO Enterprise Policy Agents|
OpenSSO Enterprise |
Policy Agent |
|---|---|
|
OpenSSO Enterprise 8.0 (OpenSSO v1) |
Policy Agent 3.0, 2.2 |
|
Access Manager 7.0, 7.1 |
Policy Agent 3.0, 2.2 |
|
Access Manager 6.3 |
Policy Agent 2.2 |
- © 2010, Oracle Corporation and/or its affiliates