In the following steps, you configure the AMConfig.properties you generate in the first step. Use the credentials of the amadmin user to connect with the OpenSSO Enterprise server. You could use a user other than amadmin as long as the user has privileges to read the OpenSSO Enterprise configuration data. This should not be a security concern because the AMConfig.properties file is required only to perform the initial configuration and to test the Access Manager Realm Resource adapter instance. The AMConfig.properties file is not needed after the Policy Agent has been installed on the Identity Manager server, and the file can be deleted afterward.
Generate the OpenSSO Enterprise client configuration file.
Go to the directory, where you extracted the OpenSSO Enterprise zip distribution, and unzip the opensso/samples/opensso-client.zip archive in a temporary directory. Then run the following commands:
# cd opensso/samples/tmp/sdk # chmod +x scripts/compile-samples.sh # scripts/compile-samples.sh # chmod +x scripts/setup.sh # scripts/setup.sh Debug directory (make sure this directory exists): /opt/SUNWappserver91/domains/idm/logs/opensso_debug Application user (e.g. URLAccessAgent)passord: password Protocol of the server: http Host name of the server: host1.example.com Port of the server: 8280 Server's deployment URI: /opensso Naming URL (hit enter to accept default value, http://host1.example.com:8280//opensso/namingservice): http://host1.example.com8280/opensso/namingservice # |
You should now see a AMConfig.properties file created in the sdk/resources directory.
Install the OpenSSO Enterprise command-line tools.
They are present in the OpenSSO Enterprise zip distribution, in the opensso/tools/ssoAdminTools.zip archive.
# mkdir /opt/opensso-tools # cd /opt/opensso-tools # unzip /export/software/ FAM_80_B3_QA_Test/opensso_zip/opensso/tools/ssoAdminTools.zip # export JAVA-HOME=/usr/java # ./setup Path to config files of OpenSSO server (example: /openSSO): /opt/fam80-qatest-server1 Debug Directory: /opt/opensso-tools/debug Log Directory: /opt/opensso-tools/log The scripts are properly setup under directory: /opt/opensso-tools/opensso Debug directory is /opt/opensso-tools/debug. Log directory is /opt/opensso-tools/logs. The version of this tools.zip is: Express build 5b(2008-September-22 07:55) The version of your server instance is: Express build 5b(2008-September-22 07:55) # |
You will now see an opensso directory (or a directory with the name of the context-root of your OpenSSO Enterprise deployment), in the /opt/opensso-tools directory.
Encrypt the password for the amadmin user using the ampassword utility.
First, you need to create a text file containing the password of the amadmin user in plain text. In the following example, the password file /export/software/amadmin_pwd is created:
# cd /opt/opensso-tools/opensso/bin # ./ampassword --encrypt /export/software/amadmin_pwd AQICSw+UrU2DJyY1KBeoC0iuzv3gQTGkbI39 # |
Customize the AMConfig.properties file that was created in step 1.
In the OpenSSO Enterprise console, navigate to Configuration > Servers and Sites > server-entry > Security.
Copy the value from the property Password Encryption Key, and use the value to modify the following property:
am.encryption.pwd=AQICrPmBjI5aThg1H6kKcJr0/Lu4D9LdTlqe
Modify the following property as shown:
com.sun.identity.agents.app.username=amadmin
For security purposes, either comment out the following line, or leave the value empty:
#com.iplanet.am.service.password= |
Modify the following property using the value from the encrypted password generated in step 3 above:
com.iplanet.am.service.secret=AQICSw+UrU2DJyY1KBeoC0iuzv3gQTGkbI39
Copy the OpenSSO Enterprise Client files to the Identity Manager application directory. You will need the following files:
The openssoclientsdk.jar library that is present in the /sdk/lib directory from the fam-client.zip archive in the OpenSSO Enterprise zip distribution.
# cp /export/software/ FAM_80_IDM_80_Integration/fam_zip/opensso/samples/ tmp/sdk/lib/openssoclientsdk.jar /opt/SUNWappserver91/domains/domain1/ applications/j2ee-modules/idm/WEB-INF/lib/ |
The AMConfig.properties generated above.
# mkdir /opt/SUNWappserver91/domains/domain1/applications/j2ee-modules/ idm/WEB-INF/classes # cp /export/software/FAM_80_IDM_80_Integration/fam_zip/opensso/samples/ tmp/sdk/resources/AMConfig.properties /opt/SUNWappserver91/domains/domain1/ applications/j2ee-modules/ idm/WEB-INF/classes |
Update the Application Server classpath.
Login to the Application Server Console.
Navigate to Application Server | JVM Settings | Path Settings
Update the Classpath Suffix to contain the following entries:
/opt/SUNWappserver91/domains/domain1/applications/j2ee-modules/idm/ WEB-INF/lib/openssoclientsdk.jar /opt/SUNWappserver91/domains/domain1/applications/j2ee-modules/idm/WEB-INF/classes |
Click Save to save your changes.
Log out from the Application Server Console.
Restart the Application Server.
# /opt/SUNWappserver91/bin/asadmin stop-domain domain1 # /opt/SUNWappserver91/bin/asadmin start-domain domain1 |
Watch for any errors in the Application Server server.log log file.