Documentation Home
> Sun OpenSSO Enterprise 8.0 Integration Guide
Sun OpenSSO Enterprise 8.0 Integration Guide
Book Information
Preface
ChapterĀ 1 Integrating Sun Identity Manager
About the Deployment
About Sun Identity Manager
About Sun Directory Server Enterprise Edition
About Sun MySQL
Software Versions Used in the Deployment
Installing and Configuring MySQL
To Install MySQL
To Configure MySQL
Installing Identity Manager on Application Server
To Install the Application Server
To Install Identity Manager on the Application Server
To Create Identity Manager Tables in MySQL
To Configure the Application Server Data Source to Work with Identity Manager
To Configure Identity Manager to Work with Application Server
To Configure Application Server to Work with Identity Manager
Creating an OpenSSO Enterprise Realm Administrator
To Create an OpenSSO Enterprise Realm Resource Object
Provisioning Identities from Identity Manager to OpenSSO Enterprise
To View OpenSSO Enterprise Roles and Groups in Identity Manager
To View OpenSSO Enterprise User Accounts in Identity Manager
To Provision a Test User From Identity Manager Into OpenSSO Enterprise
To Verify that Identities Were Successfully Provisioned
To Provision a Test Role From Identity Manager Into OpenSSO Enterprise
To Verify the Test User Role Was Successfully Provisioned from Identity Manager Into OpenSSO Enterprise
To Provision an Admin-User From Identity Manager Into OpenSSO Enterprise
To Verify the Admin-User Was Successfully Provisioned from Identity Manager into OpenSSO Enterprise
To Provision an Admin-Role From Identity Manager Into OpenSSO Enterprise
To Verify the Test Admin Role Was Successfully Provisioned from Identity Manager Into OpenSSO Enterprise
Installing And Configuring the OpenSSO Enterprise Policy Agent on Identity Manager
To Create the OpenSSO Enterprise Agent Profile On The OpenSSO Enterprise Server
To Install the OpenSSO Enterprise Policy Agent on the Identity Manager Server
To Configure the OpenSSO Enterprise Policy Agent on OpenSSO Enterprise
To Create Policies on OpenSSO Enterprise
To Disable Protection of Identity Manager Server by the OpenSSO Enterprise Policy Agent
To Configure the OpenSSO Enterprise Policy Agent On Identity Manager Server
Configuring Identity Manager for Single Sign-On
To Configure Identity Manager Login Module Groups
To Configure the Identity Manager User Login Interface
To Configure the Identity Manager Administrator Login Interface
Testing Single Sign-On from OpenSSO Enterprise to Identity Manager
To Re-Enable Identity Manager Protection by the OpenSSO Enterprise Policy Agent
To Test End-User Single Sign-On Between OpenSSO Enterprise and Identity Manager
To Test Admin-User Single Sign-On Between OpenSSO Enterprise and Identity Manager
Configuring Single-Logout Between Identity Manager and OpenSSO Enterprise
To Configure OpenSSO Enterprise for Single-Logout
To Test the Single-Logout Configuration
Configuring First-Time User Login Behavior
To Configure OpenSSO Enterprise First-Time User Login Behavior
Developing a Post-Authentication Plug-In for First-Time User Login
Writing Your Own Post-Authentication Plug-In
Using the Post-Authentication Plug-In Sample Source Code
To Compile the Post-Authentication Plug-In Code
Configuring User-Initiated Password Reset
To Define Identity Manager URLs as Not Enforced
Modifying the OpenSSO Enterprise Login Page
To Manually Modify a Deployed Login.jsp
To Use the Sample Login.jsp
Configuring the Identity Manager Password Controls
To Configure the Identity Manager Password Controls
To Test the Identity Manager Password Control Configuration
To Test the User-Initiated Password Reset Configuration
Configuring Administrator-Initiated Password Reset
Configuring Directory Server
Important Information About Using Sun Directory Server 6.3
Configuring OpenSSO Enterprise for Administrator-Initiated Password Reset
To Enable LDAP Authentication
To Define Identity Manager URLs as Not Enforced
Creating a Custom ChangePassword.jsp File
To Create a New ChangePassword.jsp File
To Use the Sample Source Code
Modifying the LDAP Authentication Module XML Service File
To Manually Modify a Deployed LDAP.xml File
To Use the Sample LDAP.xml
Modifying the OpenSSO Login Page
To Modify a Deployed Login.jsp File
To Use the Sample Login.jsp
Configuring the Identity Manager Password Controls
To Configure the Identity Manager Password Controls
To Test the Identity Manager Password Control Configuration
Testing Administrator-Initiated Password Reset Configurations
To Test the Password Expiration Warning
To Test the Password Expiration
To Test Administrator-Initiated Password Reset
Troubleshooting Administrator-Initiated Account Unlock
Configuring User-Initiated Account Unlock
Configuring the Directory Server
Configuring OpenSSO Enterprise for User-Initiated Account Unlock
To Enable LDAP Authentication
To Define Identity Manager URLs as Not Enforced
Modifying the OpenSSO Enterprise Login Page
To Manually Modify a Deployed Login.jsp
To Use the Sample Login.jsp
Modifying the Account Lockout Message Page
To Manually Modify the Account Lockout Message Page
To Use the Sample Account Lockout Message Page
To Test the User-Initiated Account Unlock Configurations
To Test Memory Account Unlock
To Test Physical Account Unlock
Configuring Identity Manager End-User Self-Registration
Configuring OpenSSO Enterprise for End-User Self-Registration
To Define Identity Manager URLs as Not Enforced
Modifying the OpenSSO Enterprise Login Page
To Manually Modify a Deployed Login.jsp
To Use the Sample Login.jsp
Modifying the Identity Manager Registration Work Flow
To Change the Registration Work Flow Using NetBeans IDE
To Use the Identity Manager Debug Pages
Testing Configurations for End-User Self-Registration
To Test End-User Self-Registration
To Test Approval of New User Account
Verify Provisioning Of New User Account
Verify Activation Of New User Account
Troubleshooting Identity Manager Integration
To Enable Trace in Identity Manager
To Inspect Log Files
To View or Change Identity Manager System Settings
Using the Identity Manager Debug Administrator Interface
Using the Identity Manager IDE Interface
To Inspect an Identity Manager Object
To Update an Identity Manager Object
To Consult Forums and Mailing Lists
Sample Output
ChapterĀ 2 Integrating CA SiteMinder
About CA SiteMinder
Authentication and Authorization
User Sessions
Understanding the SiteMinder User Cases
Simple Single Sign-On Use Case
Federated Single Sign-On Use Cases
Federated Single Sign-On in an Identity Provider Environment
Federated Single Sign-On Use Case in the Service Provider Environment
Installing SiteMinder
Configuring SiteMinder After Installation
To Log In to SiteMinder
Creating a Sample User
To Create a SiteMinder Web Agent Configuration
To Create and Configure the User Directory
Creating and Configuring a Form-Based Authentication Scheme
To Create a Policy
Using OpenSSO Enterprise to Enable SiteMinder Federation in an Identity Provider Environment
To Install the Principal Components
To Configure the Identity Provider OpenSSO Enterprise to Use SAMLv2 Identity Provider Protocols
To Configure the SiteMinder Agent to Protect OpenSSO Enterprise URLs
Installing the OpenSSO Enterprise Policy Agent
To Verify that Single Sign-On is Working Properly
Sample Identity Provider Interactions
1. Access the SM Agent protected application
2. SiteMinder authentication
3. SAML Service Provider SSO initiation
4. Redirection to SiteMinder authentication module in OpenSSO Enterprise
5. Finish SAML SSO
Using OpenSSO Enterprise to Enable SiteMinder Federation in a Service Provider Environment
To Install OpenSSO Enterprise Instances
To Install and Configure SiteMinder in the Service Provider Domain
To Configure the OpenSSO Enterprise Identity Provider and Service Provider for SAML2 protocols
Sample Service Provider Interactions
1. Invocation of SAML SSO request
2. Redirection to Identity Provider
3. Redirection to Login
4. Redirection to Service Provider Assertion Consumer Service
5. Check the SMSESSION Creation
ChapterĀ 3 Integrating Oracle Access Manager
About Oracle Access Manager
Overview of a Typical Oracle Access Manager Session
Understanding the Oracle Access Manager Use Cases
Simple Single Sign-On Use Case
Federated Single Sign-On Use Cases
Using OpenSSO Enterprise to Enable Oracle Federation in an Identity Provider Environment
Using OpenSSO Enterprise to Enable Oracle Federation in a Service Provider Environment
Installing and Configuring Oracle Access Manager
To Install Oracle Access Manager and Oracle Access Manager Web Policy Agent
To Configure Oracle Access Manager
Using OpenSSO Enterprise to Enable Oracle Federation in the Identity Provider Environment
Installing and Configuring OpenSSO Enterprise in the Identity Provider Container
Installing and Configuring the Oracle WebGate
Installing the Custom Oracle Authentication Module
Installing and Configuring OpenSSO Enterprise in the Service Provider Container
Setting Up SAML2
To Configure the Identity Provider OpenSSO Enterprise for SAMLv2 Identity Provider Protocols
To Configure Oracle Access Manager Agent to protect OpenSSO Enterprise URLs
To Configure the Service Provider
To Test the Single Sign-On
Using OpenSSO Enterprise to Enable Oracle Federation in a Service Provider Environment
Installing OpenSSO Enterprise in the Identity Provider Environment
Installing OpenSSO Enterprise in the Service Provider Environment
Installing Oracle Access Manager
Configuring Oracle Access Manager for an OpenSSO Enterprise Scheme
Configuring a Resource
Setting Up SAMLv2
To Configure the OpenSSO Enterprise Identity and Service Providers for SAML2 Protocols
Verifying that Single Sign-On Works Properly
© 2010, Oracle Corporation and/or its affiliates