Default Configuration Files

This section lists the properties and default values in the portal-ext.properties and AMConfig.properties files, which are the primary configuration files for the OpenSSO Add-On. All customization of the OpenSSO Add-On is performed through these two files. You may find it useful to refer to the tables in this section as you configure the OpenSSO for your particular Web Space Server site.

As described in Installing the OpenSSO Add-On, there are several site-specific modifications you must make to the portal-ext.properties and AMConfig.properties files before installing the OpenSSO Add-On. In addition, these are also the files you will need to modify if you want to make any post-installation customizations to the OpenSSO Add-On. Note that any customizations made to these files after the OpenSSO Add-On has been installed require that you also rebuild the Web Space Server WAR files, as described in Customizing the OpenSSO Add-On.

• Locations of the portal-ext.properties and AMConfig.properties Files

• portal-ext.properties Properties File

• AMConfig.properties Properties File

Locations of the portal-ext.properties and AMConfig.properties Files

The location of the portal-ext.properties and AMConfig.properties files that you should modify varies depending on whether you are performing the modifications before or after the OpenSSO Add-On has been installed.

• Before installing the OpenSSO Add-On

  Before installation of the OpenSSO Add-On, the portal-ext.properties and AMConfig.properties files you need to modify are located in the glassfish_dir/webspace/opensso/templates directory.

  When you first download the OpenSSO Add-On, there are two sample versions of these two files, named portal-ext.properties.template and AMConfig.properties.template. It is strongly recommended that you make copies of these template files and then only make modifications to the copies. After modifying the copies, make sure that the copies are named portal-ext.properties and AMConfig.properties (no .template extension) before proceeding with the OpenSSO Add-On installation.

• After installing the OpenSSO Add-On

  After the OpenSSO Add-On has been installed, any additional customizations you want to make must only be made to the portal-ext.properties and AMConfig.properties files that are located in the webspace_dir/var/webspace/war-workspace/customs/webspace/WEB-INF/classes directory.

portal-ext.properties Properties File

Listed below are the properties and default values in the portal-ext.properties file.

• access.manager.auth.enabled

  Default: true

  Enable the OpenSSO Add-On

• access.manager.sync.enabled

  Default: true

  Enable automatic synchronization of users from OpenSSO to Web Space Server

• access.manager.import.enabled

  Default: true

  Enable the automatic import of the OpenSSO user account if the corresponding account does not already exist in Web Space Server

• access.manager.allow.public.pages

  Default: true

  Allow access to Web Space Server public pages with first being redirected to OpenSSO server for user authentication

• access.manager.email.attr

  Default: mail

  Web Space Server user email property corresponding to OpenSSO email property

• access.manager.first.name.attr

  Default: givenName

  Web Space Server user first name property corresponding to OpenSSO first name property

• access.manager.last.name.attr

  Default: sn

  Web Space Server user last name property corresponding to OpenSSO last name property

• access.manager.screen.name.attr

  Default: uid

  Web Space Server user ID property corresponding to OpenSSO user ID property

• access.manager.login.url

  Default: http://localhost:8080/opensso/UI/Login?goto=http://localhost:8080/c/portal/login

  URL for OpenSSO authentication login redirect; use only when authenticating through OpenSSO; enabled by default

• access.manager.logout.url

  Default: http://localhost:8080/opensso/UI/Logout?goto=http://localhost:8080/portal

  URL for OpenSSO authentication logout redirect; use only when authenticating through OpenSSO; enabled by default

• access.manager.login.url

  Default: http://localhost:8080/amserver/UI/Login?goto=http://localhost:8080/c/portal/login

  URL for Access Manger authentication login redirect; use only when authenticating through Access Manager; disabled by default

• access.manager.logout.url

  Default: http://localhost:8080/amserver/UI/Logout?goto=http://localhost:8080/portal

  URL for Access Manager authentication logout redirect; use only when authenticating through Access Manager; disabled by default

• auto.login.hooks

  Default: com.sun.portal.security.auth.AccessManagerAutoLogin, com.liferay.portal.security.auth.CASAutoLogin, com.liferay.portal.security.auth.NtlmAutoLogin, com.liferay.portal.security.auth.OpenIdAutoLogin, com.liferay.portal.security.auth.OpenSSOAutoLogin, com.liferay.portal.security.auth.ParameterAutoLogin, com.liferay.portal.security.auth.RememberMeAutoLogin

  Classes required to enable OpenSSO autologin features; you should not need to modify these properties

• application.startup.events

  Default: com.sun.portal.opensso.startup.OpenssoAddonStartupAction

  Parameter passed to the Sun GlassFish Enterprise Server to start the OpenSSO Add-On

AMConfig.properties Properties File

Listed below are the properties and default values in the AMConfig.properties file.

• com.iplanet.am.cookie.encode

  Default: true

  Allows authentication server to URLencode the cookie value, converting characters to ones that are understandable by HTTP

• com.iplanet.am.cookie.name

  Default: iPlanetDirectoryPro

  Name of the persistent cookie

• com.iplanet.am.cookie.secure

  Default: false

  Set secure mode in which browser will only return the cookie when a secure protocol like HTTP(s) is used

• com.iplanet.am.naming.url

  Default: http://localhost:8080/opensso/namingservice

  URI for the authentication server naming service; use with OpenSSO

• com.iplanet.am.notification.url

  Default: http://localhost:8080/opensso/notificationservice

  URI of the authentication server notification service; allows authentication server to send notifications to registered applications when an event has occurred, and enables single sign-on cache to stay up to date; use with OpenSSO

• com.iplanet.am.naming.url

  Default: http://localhost:8080/amserver/namingservice

  URI for the authentication server naming service; use with Access Manager; disabled by default

• com.iplanet.am.notification.url

  Default: http://localhost:8080/amserver/notificationservice

  URI of the authentication server notification service; use with Access Manager; disabled by default

• com.iplanet.am.service.password

  Default: anonymous

  Specifies the password of the user with permission to read OpenSSO Enterprise configuration data.

• com.iplanet.security.encryptor

  Default: com.iplanet.services.util.JCEEncryption

  Specifies the encrypting class implementation; available classes are com.iplanet.services.util.JCEEncryption and com.iplanet.services.util.JSSEncryption

• com.iplanet.services.debug.directory

  Default: /var/opt/sun/identity/debug

  Directory in which debug messages are stored

• com.iplanet.services.debug.level

  Default: error

  Severity of debug messages recorded in server log; possible values are: off | error | warning | message

• com.sun.identity.agents.app.username

  Default: anonymous

  Defines a user with permission to read the OpenSSO Enterprise configuration data