Chapter 1 Logging In To The Console

The OpenSSO Enterprise console is a web interface that allows both administrators and users without administrative privileges to log in and manage their respective entitlements. Depending on the level of access defined, an administrator can create realms, modify user membership in the realms, configure authentication chains, define data stores, and establish enforcement policies to protect and limit access to the realm's resources. In addition, administrators can view and terminate current user sessions and manage their federation configurations (create, delete and modify authentication domains and entity providers). Users without administrative privileges, on the other hand, can manage personal information (name, email address, password, telephone number, and so forth), subscribe and unsubscribe to groups, and view their roles. The following sections describe the different console views this functionality offers.

• Administrator Interface

• User Interface

• Legacy Support

Administrator Interface

When a user with an administrative role authenticates to OpenSSO Enterprise, the administrator view is displayed, by default. Using this interface, the administrator can accomplish most administrative tasks related to OpenSSO Enterprise. This includes realm-based access control, global service configuration, and web services and federation management. To access the Administrator Interface login screen, use protocol://machine-name:port/uri/UI/Login as the URL syntax where protocol is either http or https depending upon your deployment.

User Interface

When a user who has not been assigned an administrative role authenticates to OpenSSO Enterprise, the user's own profile is displayed. Using this interface, a user can modify the values of the personal profile attributes. This can include, but is not limited to, name, home address and password. To access the User Profile Interface login screen, use protocol://machine-name:port/uri/UI/Login as the URL syntax where protocol is either http or https depending upon your deployment. Although the URL for both the Administrator and Personal Profile interfaces is the same, entering the username and password of a user who has not been assigned an administrative role will direct the user to the User Profile interface.

The User Profile interface is based on information defined in the amUser.xml service file.

Legacy Support

Legacy support in OpenSSO Enterprise is based on the Sun Java System Access Manager 6.3 architecture. When OpenSSO Enterprise is deployed in legacy mode, the console is different from when it is installed in the default realm mode. In OpenSSO Enterprise 8.0 legacy mode is supported through upgrade only; if you have Access Manager 7.0 or 7.1 installed in legacy mode, you can upgrade to OpenSSO Enterprise 8.0 and keep legacy mode. For more information, see the Sun OpenSSO Enterprise 8.0 Upgrade Guide.

Legacy support is deprecated and will be removed in a future release. It is strongly recommended not to use this option.