This section lists the properties and default values in the portal-ext.properties and AMConfig.properties files, which are the primary configuration files for the OpenSSO Add-On. All customization of the OpenSSO Add-On is performed through these two files. You may find it useful to refer to the tables in this section as you configure the OpenSSO for your particular Web Space Server site.
As described in Installing the OpenSSO Add-On, there are several site-specific modifications you must make to the portal-ext.properties and AMConfig.properties files before installing the OpenSSO Add-On. In addition, these are also the files you will need to modify if you want to make any post-installation customizations to the OpenSSO Add-On. Note that any customizations made to these files after the OpenSSO Add-On has been installed require that you also rebuild the Web Space Server WAR files, as described in Customizing the OpenSSO Add-On.
The location of the portal-ext.properties and AMConfig.properties files that you should modify varies depending on whether you are performing the modifications before or after the OpenSSO Add-On has been installed.
Before installing the OpenSSO Add-On
Before installation of the OpenSSO Add-On, the portal-ext.properties and AMConfig.properties files you need to modify are located in the glassfish_dir/webspace/opensso/templates directory.
When you first download the OpenSSO Add-On, there are two sample versions of these two files, named portal-ext.properties.template and AMConfig.properties.template. It is strongly recommended that you make copies of these template files and then only make modifications to the copies. After modifying the copies, make sure that the copies are named portal-ext.properties and AMConfig.properties (no .template extension) before proceeding with the OpenSSO Add-On installation.
After installing the OpenSSO Add-On
After the OpenSSO Add-On has been installed, any additional customizations you want to make must only be made to the portal-ext.properties and AMConfig.properties files that are located in the webspace_dir/var/webspace/war-workspace/customs/webspace/WEB-INF/classes directory.
Listed below are the properties and default values in the portal-ext.properties file.
access.manager.auth.enabled
Default: true
Enable the OpenSSO Add-On
access.manager.sync.enabled
Default: true
Enable automatic synchronization of users from OpenSSO to Web Space Server
access.manager.import.enabled
Default: true
Enable the automatic import of the OpenSSO user account if the corresponding account does not already exist in Web Space Server
access.manager.allow.public.pages
Default: true
Allow access to Web Space Server public pages with first being redirected to OpenSSO server for user authentication
access.manager.email.attr
Default: mail
Web Space Server user email property corresponding to OpenSSO email property
access.manager.first.name.attr
Default: givenName
Web Space Server user first name property corresponding to OpenSSO first name property
access.manager.last.name.attr
Default: sn
Web Space Server user last name property corresponding to OpenSSO last name property
access.manager.screen.name.attr
Default: uid
Web Space Server user ID property corresponding to OpenSSO user ID property
access.manager.login.url
Default: http://localhost:8080/opensso/UI/Login?goto=http://localhost:8080/c/portal/login
URL for OpenSSO authentication login redirect; use only when authenticating through OpenSSO; enabled by default
access.manager.logout.url
Default: http://localhost:8080/opensso/UI/Logout?goto=http://localhost:8080/portal
URL for OpenSSO authentication logout redirect; use only when authenticating through OpenSSO; enabled by default
access.manager.login.url
Default: http://localhost:8080/amserver/UI/Login?goto=http://localhost:8080/c/portal/login
URL for Access Manger authentication login redirect; use only when authenticating through Access Manager; disabled by default
access.manager.logout.url
Default: http://localhost:8080/amserver/UI/Logout?goto=http://localhost:8080/portal
URL for Access Manager authentication logout redirect; use only when authenticating through Access Manager; disabled by default
auto.login.hooks
Default: com.sun.portal.security.auth.AccessManagerAutoLogin, com.liferay.portal.security.auth.CASAutoLogin, com.liferay.portal.security.auth.NtlmAutoLogin, com.liferay.portal.security.auth.OpenIdAutoLogin, com.liferay.portal.security.auth.OpenSSOAutoLogin, com.liferay.portal.security.auth.ParameterAutoLogin, com.liferay.portal.security.auth.RememberMeAutoLogin
Classes required to enable OpenSSO autologin features; you should not need to modify these properties
application.startup.events
Default: com.sun.portal.opensso.startup.OpenssoAddonStartupAction
Parameter passed to the Sun GlassFish Enterprise Server to start the OpenSSO Add-On
Listed below are the properties and default values in the AMConfig.properties file.
com.iplanet.am.cookie.encode
Default: true
Allows authentication server to URLencode the cookie value, converting characters to ones that are understandable by HTTP
com.iplanet.am.cookie.name
Default: iPlanetDirectoryPro
Name of the persistent cookie
com.iplanet.am.cookie.secure
Default: false
Set secure mode in which browser will only return the cookie when a secure protocol like HTTP(s) is used
com.iplanet.am.naming.url
Default: http://localhost:8080/opensso/namingservice
URI for the authentication server naming service; use with OpenSSO
com.iplanet.am.notification.url
Default: http://localhost:8080/opensso/notificationservice
URI of the authentication server notification service; allows authentication server to send notifications to registered applications when an event has occurred, and enables single sign-on cache to stay up to date; use with OpenSSO
com.iplanet.am.naming.url
Default: http://localhost:8080/amserver/namingservice
URI for the authentication server naming service; use with Access Manager; disabled by default
com.iplanet.am.notification.url
Default: http://localhost:8080/amserver/notificationservice
URI of the authentication server notification service; use with Access Manager; disabled by default
com.iplanet.am.service.password
Default: anonymous
Specifies the password of the user with permission to read OpenSSO Enterprise configuration data.
com.iplanet.security.encryptor
Default: com.iplanet.services.util.JCEEncryption
Specifies the encrypting class implementation; available classes are com.iplanet.services.util.JCEEncryption and com.iplanet.services.util.JSSEncryption
com.iplanet.services.debug.directory
Default: /var/opt/sun/identity/debug
Directory in which debug messages are stored
com.iplanet.services.debug.level
Default: error
Severity of debug messages recorded in server log; possible values are: off | error | warning | message
com.sun.identity.agents.app.username
Default: anonymous
Defines a user with permission to read the OpenSSO Enterprise configuration data