Sun OpenSSO Enterprise 8.0 Installation and Configuration Guide


The Sun OpenSSO Enterprise 8.0 Installation and Configuration Guide describes how to install and configure OpenSSO Enterprise 8.0, including OpenSSO Enterprise, OpenSSO Enterprise server only (no administration console), administration console only, client SDK only, scripts and utilities, Distributed Authentication UI server, and a session failover deployment.


Who Should Use This Guide

This guide is intended for system administrators, system integrators, and others who are installing and configuring OpenSSO Enterprise.

Before You Read This Guide

Readers should be familiar with the following components and concepts:

How This Guide Is Organized

This guide is organized by chapters, as described in the Contents.

Related Documentation

Related documentation is available as follows:

OpenSSO Enterprise Documentation Set

The following table describes the OpenSSO Enterprise documentation set, which is available on the following collection:

Table P–1 OpenSSO Enterprise Documentation Set



Sun OpenSSO Enterprise 8.0 Release Notes

Describes new features, installation notes, and known issues and limitations. The Release Notes are updated periodically after the initial release to describe any new features, patches, or problems. 

Sun OpenSSO Enterprise 8.0 installation and Configuration Guide (this guide)

Provides information about installing and configuring OpenSSO Enterprise.about, including OpenSSO Enterprise server, Administration Console only, client SDK, scripts and utilities, Distributed Authentication UI server, and session failover. 

Sun OpenSSO Enterprise 8.0 Technical Overview

Provides an overview of how components work together to consolidate access control functions, and to protect enterprise assets and web-based applications. It also explains basic concepts and terminology. 

Sun OpenSSO Enterprise 8.0 Deployment Planning Guide

Provides planning and deployment solutions for OpenSSO Enterprise. 

Sun OpenSSO Enterprise 8.0 Administration Guide

Describes how to use the OpenSSO Enterprise Administration Console as well as how to manage user and service data using the command-line interface (CLI). 

Sun OpenSSO Enterprise 8.0 Administration Reference

Provides reference information for the OpenSSO Enterprise command-line interface (CLI), configuration attributes, log files, and error codes. 

Sun OpenSSO Enterprise 8.0 Developer’s Guide

Provides information about customizing OpenSSO Enterprise and integrating its functionality into an organization’s current technical infrastructure. It also provides details about the programmatic aspects of the product and its API. 

Sun OpenSSO Enterprise 8.0 C API Reference for Application and Web Policy Agent Developers

Provides summaries of data types, structures, and functions that make up the public OpenSSO Enterprise C APIs. 

Sun OpenSSO Enterprise 8.0 Java API Reference

Provides information about the implementation of Java packages in OpenSSO Enterprise. 

Sun OpenSSO Enterprise 8.0 Upgrade Guide

Describes how to upgrade Sun Java System Access Manager and Sun Java System Federation Manager (including configuration data in Sun Java System Directory Server) to Sun OpenSSO Enterprise 8.0. 

Sun OpenSSO Enterprise 8.0 Performance Tuning Guide

Provides information about how to tune OpenSSO Enterprise and its related components for optimal performance. 

Policy Agent Documentation

Policy agent documentation includes these collections:

Related Product Documentation

The following table provides links to documentation collections for related products.

Table P–2 Related Product Documentation



Sun Java System Directory Server 6.3

Sun Java System Web Server 7.0 Update 3

Sun Java System Application Server 9.1

Sun Java System Message Queue 4.1

Sun Java System Web Proxy Server 4.0.6

Sun Identity Manager 8.0

Searching Sun Product Documentation

Besides searching Sun product documentation from the web site, you can use a search engine by typing the following syntax in the search field:


For example, to search for “broker,” type the following:


To include other Sun web sites in your search (for example,,, and, use in place of in the search field.

Related Third-Party Web Site References

Third-party URLs are referenced in this document and provide additional, related information.

Note –

Sun is not responsible for the availability of third-party web sites mentioned in this document. Sun does not endorse and is not responsible or liable for any content, advertising, products, or other materials that are available on or through such sites or resources. Sun will not be responsible or liable for any actual or alleged damage or loss caused or alleged to be caused by or in connection with use of or reliance on any such content, goods, or services that are available on or through such sites or resources.

Documentation, Support, and Training

See the following web sites for additional resources:

Oracle Welcomes Your Comments

Oracle welcomes your comments and suggestions on the quality and usefulness of its documentation. If you find any errors or have any other suggestions for improvement, go to and click Feedback. Indicate the title and part number of the documentation along with the chapter, section, and page number, if available. Please let us know if you want a reply.

Oracle Technology Network offers a range of resources related to Oracle software:

Typographic Conventions

The following table describes the typographic conventions that are used in this book.

Table P–3 Typographic Conventions





The names of commands, files, and directories, and onscreen computer output 

Edit your .login file.

Use ls -a to list all files.

machine_name% you have mail.


What you type, contrasted with onscreen computer output 

machine_name% su



Placeholder: replace with a real name or value 

The command to remove a file is rm filename.


Book titles, new terms, and terms to be emphasized 

Read Chapter 6 in the User's Guide.

A cache is a copy that is stored locally.

Do not save the file.

Note: Some emphasized items appear bold online.

Shell Prompts in Command Examples

The following table shows the default UNIX system prompt and superuser prompt for shells that are included in the Oracle Solaris OS. Note that the default system prompt that is displayed in command examples varies, depending on the Oracle Solaris release.

Table P–4 Shell Prompts



Bash shell, Korn shell, and Bourne shell 


Bash shell, Korn shell, and Bourne shell for superuser 


C shell 


C shell for superuser 


Default Paths and Directory Names

The OpenSSO Enterprise documentation uses the following terms to represent default paths and directory names:

Table P–5 Default Paths and Directory Names




Represents the directory where the file is unzipped.


Represents the deployment directory where the web container deploys the opensso.war file.

This value varies depending on the web container. To determine the value of OpenSSO-Deploy-base, view the file name in the .openssocfg directory, which resides in the home directory of the user who deployed the opensso.war file. For example, consider this scenario with Application Server 9.1 as the web container:

  • Application Server 9.1 is installed in the default directory: /opt/SUNWappserver.

  • The opensso.war file is deployed by super user (root) on Application Server 9.1.

The .openssocfg directory is in the root home directory (/), and the file name in .openssocfg is:


Then, the value for OpenSSO-Deploy-base is:



Represents the name of the configuration directory specified during the initial configuration of OpenSSO Enterprise server instance using the Configurator. 

The default is opensso in the home directory of the user running the Configurator. Thus, if the Configurator is run by root, ConfigurationDirectory is /opensso.

Revision History

Table P–6 Revision History

Date (Version) 

Description of Change 

August 10, 2010 (16) 

May 6, 2010 (15) 

September 10, 2009 (14) 

June 16, 2009 (13) 

April 17, 2009 (12) 

November 14, 2008 (11) 

Updated for late changes. 

November 11, 2008 (10) 

Initial release. 

August 6, 2008 (05) 

Early Access (EA) release draft. 

Oracle Welcomes Your Comments

Oracle is interested in improving its documentation and welcomes your comments and suggestions.

To share your comments, go to and click Send comments. In the online form, provide the document title and part number. The part number is a seven-digit or nine-digit number that can be found on the title page of the guide or at the top of the document.

For example, the title of this guide is the Sun OpenSSO Enterprise 8.0 Installation and Configuration Guide, and the part number is 820-3320.