 To Modify the Top-Level Realm for User Authentication
To Modify the Top-Level Realm for User AuthenticationAccess https://osso1.idp-example.com:1081/opensso/console in a web browser.
Log in to the OpenSSO Enterprise console as the administrator.
amadmin
ossoadmin
Click the Access Control tab.
Click / (Top Level Realm), the root realm, under the Access Control tab.
Click the Data Stores tab.
The embedded data store link is displayed.
Click embedded.
The Generic LDAPv3 properties page is displayed.
On the Generic LDAPv3 properties page, set the following attribute values and click Save.
Enter ou.
Enter Groups.
Enter ou.
Enter users.
If this field is empty, the search for user entries will start from the root suffix.
Click Back to Data Stores.
(Optional) Click the Subjects tab to verify that the test users are now displayed.
idpuser is displayed under Users (as well as others created during OpenSSO Enterprise configuration).
Click the Authentication tab.
Click the Advanced Properties link under General.
The Core Realm Attributes page is displayed.
Change the value of User Profile to Ignored.
This new value specifies that a user profile is not required by the Authentication Service in order to issue a token after successful authentication. This modification is specific to this deployment example because the OpenSSO Enterprise schema and the Directory Server schema have not been mapped.
Click Save.
Click Back to Authentication.
Click Back to Access Control.
Log out of the OpenSSO Enterprise console.