To Create an OpenSSO Enterprise Realm Resource Object

1. Access the Identity Manager console.

   In this example, go to http://ApplicationServerHost:Port/idm/login.jsp. The Identity Manager login page is displayed.

2. Log in using the following credentials:

   User Name:

   configurator

   Password:

   configurator

3. Add the OpenSSO Enterprise realm adapter to the resource classpath.

   1. Navigate to Resources | Configure Types.

   2. At the bottom of the page, click “Add Custom Resource.”

   3. Add the following to the Resource Classpath:

      com.waveset.adapter.SunAccessManagerRealmResourceAdapter

      In earlier versions of OpenSSO Enterprise, it was possible to install Access Manager in the legacy mode of operation. In legacy mode, a different Identity Manager resource adapter com.waveset.adapter.SunAccessManagerResourceAdapter, should be configured on Identity Manager. Both types of adapters have the same functionality. But com.waveset.adapter.SunAccessManagerResourceAdapter uses the legacy Access Manager AMSDK API, while the com.waveset.adapter.SunAccessManagerRealmResourceAdapteruses the OpenSSO Enterprise idRepo API.

   4. Click Save.

4. Configure the OpenSSO Enterprise Realm adapter.

   1. Navigate to Resources | List Resources

   2. Choose --Resource Type Actions-- | New Resource

   3. Choose Sun Access Manager Realm from the list of resources. Click New.

   4. In the Create Sun Access Manager Realm Resource Wizard screen, click Next.

   5. In the Resource Parameters screen, provide the following information:

      Host:

      Fully-qualified hostname of the OpenSSO Enterprise server. Example: host1.example.com

      TCP Port:

      Port number of the OpenSSO Enterprise server. In this example, 48080.

      User:

      sradmin

      You must use an OpenSSO Enterprise realm administrator, and not a non-administrator user, because it requires special permissions. If you use a non-administator user, this test will fail. Use the realm administrator configured in the previous section.

      Password:

      password

      This is the plain-text password of the user realm administrator.

      Protocol:

      Protocol of the OpenSSO Enterprise server realm or Identity Manager. In this example, enter http.

      Realm:

      This is the realm name of the OpenSSO Enterprise server. In this example, enter /idm. If the user entered above were in the top-level realm, you would enter just a slash (/).

      Encryption Key:

      This is the value of the am.encryption.pwd property in the AMConfig.properties file.

      You can obtain the value of am.encryption.pwd from the OpenSSO console. Navigate to Configuration > Servers and Sites > server-entry > Security .

      JCE Encryptor Class :

      This is the value of the com.iplanet.security.encryptor property in the AMConfig.properties file.

      In this example, enter: com.iplanet.services.util.JCEEncryption.

      Naming Service URL:

      This is the value of the com.iplanet.am.naming.url property in the AMConfig.properties file.

      In this example, enter :http://host1.example.com:48080/opensso/namingservice.

      Error Log Level:

      message

      Error Log Directory:

      Directory into which the Identity Manager Access Manager Resource will write debug logs. This directory must already exist.

      In this example, enter:/opt/SUNWappserver91/domains/domain1/logs/opensso_debug.

5. Click Test Configuration.

   The following message will be displayed: “Test connection succeeded for resource(s): SunAccessManagerRealm.” If you don't see this message, then you must troubleshoot by looking at the following logs:

   • Application Server server.log

     /opt/SUNWappserver91/domains/domain1/logs/server.log

   • Access Manager client logs at /opt/SUNWappserver91/domains/domain1/logs/opensso_debug (specified in the form above)

   Click Next.

6. In the Account Attributes page, set the following mapping:

   Identity System Attribute:

   fullname

   Resource User Attribute:

   cn

   Attribute Type:

   string

   Required:

   yes

   Click Next.

7. In the Identity Template page, make sure you have this entry:

   $accountId$

   Click Next.

8. In the Identity System Parameters page, select uid for the Display Name Attribute parameter.

   Click Save to save the value.

   The Resource List page is displayed. You should see a resource of the type Sun Access Manager Realm. To expand this branch, click the arrow next to it.

   1. Expand the Sun Access Manager Realm type by clicking the arrow next to it.

      You should see an entry SunAccessManagerRealm.

   2. Expand the SunAccessManagerRealm branch by clicking the arrow next to it.

      You should see a listing of all OpenSSO Enterprise roles and groups under this branch that exist in the OpenSSO Enterprise sub-realm that the Identity Manager Resource was configured with in step 4e above.