In this scenario, you want to customize the DAI service (ums.xml file), so you must configure OpenSSO Enterprise server manually by:
Updating the Directory Server Information for the AMSDK Plug-in
Enabling Persistent Search Connections for the AMSDK Plug-in
In the zip-root/opensso/xml/ums.xml file, replace the following items, as needed for your deployment:
@USER_NAMING_ATTR@ with your user naming attribute. For example, uid (which is the default)
@ORG_NAMING_ATTR@ with your organization naming attribute. For example, o (which is the default)
Load the DAI service from the ums.xml file using the ssoadm command with the create-svc subcommand. For example:
# ./ssoadm create-svc -u amadmin -f ./password-file \ --xmlfile zip-root/opensso/xml/ums.xml
where:
-u specifies the administrative user. For example: amadmin
-f specifies the password file for the administrative user.
--xmlfile (or -X) specifies the path to the ums.xml file.
zip-root is where the opensso_enterprise_80.zip file was unzipped.
In zip-root/opensso/xml/idRepoAmSDK.xml, replace @NORMALIZED_ORGBASE@ with the Directory Server root suffix.
Load the IdRepo subschema using the ssoadm command with the add-sub-schema subcommand. For example:
# ./ssoadm add-sub-schema -u amadmin -f ./password-file \ -s sunIdentityRepositoryService -t Organization -F zip-root/opensso/xml/idRepoAmSDK.xml
where:
-u specifies the administrative user. For example: amadmin
-f specifies the password file for the administrative user.
-s specifies the service name. Must be sunIdentityRepositoryService
-t specifies the schema type. Must be: Organization
-F specifies the path to the idRepoAmSDK.xml file.
Update the Directory Server information by exporting, modifying, and then re-importing the information.
Important: If your deployment has multiple OpenSSO Enterprise server instances, you must perform the following steps on all server instances.
Export the Directory Server configuration information from the OpenSSO Enterprise server instance using the ssoadm command with the get-svccfg-xml subcommand. For example:
# ./ssoadm get-svrcfg-xml -u amadmin -f ./password-file \ -s http(s)://host.domain:port/opensso -o serverconfig.xml
where:
-u specifies the administrative user. For example: amadmin
-f specifies the password file for the administrative user.
-s specifies the server instance name. For example: https://openssohost1.example.com:8080/opensso
-o specifies the output file name that will contain the Directory Server configuration information. For example: serverconfig.xml
Edit the Directory Server configuration information in the serverconfig.xml file as follows:
Import the revised Directory Server configuration information using the ssoadm command with the set-svccfg-xml subcommand. For example:
# ./ssoadm set-svrcfg-xml -u amadmin -f ./password-file \ -s http(s)://host.domain:port/opensso -X serverconfig.xml
where:
-u specifies the administrative user. For example: amadmin
-f specifies the password file for the administrative user.
-s specifies the server instance name. For example: http://openssohost1.example.com:8080/opensso
-X specifies the input file name that contains the revised Directory Server configuration information. For example: serverconfig.xml
This task involves enabling the persistent search (psearch) connections for the OpenSSO Enterprise server to allow the AMSDK Identity Repository plug-in to receive change notifications.