test

Sun OpenSSO Enterprise 8.0 Integration Guide

ProcedureTo Configure Application Server to Work with Identity Manager

Before You Begin

In the following steps, you configure the AMConfig.properties you generate in the first step. Use the credentials of the amadmin user to connect with the OpenSSO Enterprise server. You could use a user other than amadmin as long as the user has privileges to read the OpenSSO Enterprise configuration data. This should not be a security concern because the AMConfig.properties file is required only to perform the initial configuration and to test the Access Manager Realm Resource adapter instance. The AMConfig.properties file is not needed after the Policy Agent has been installed on the Identity Manager server, and the file can be deleted afterward.

  1. Generate the OpenSSO Enterprise client configuration file.

    Go to the directory, where you extracted the OpenSSO Enterprise zip distribution, and unzip the opensso/samples/opensso-client.zip archive in a temporary directory. Then run the following commands:


    # cd opensso/samples/tmp/sdk

# chmod +x scripts/compile-samples.sh

# scripts/compile-samples.sh

# chmod +x scripts/setup.sh

# scripts/setup.sh
Debug directory (make sure this directory exists): 
  /opt/SUNWappserver91/domains/idm/logs/opensso_debug
Application user (e.g. URLAccessAgent)passord: password
Protocol of the server: http
Host name of the server: host1.example.com
Port of the server: 8280
Server's deployment URI: /opensso
Naming URL (hit enter to accept default value, 
  http://host1.example.com:8280//opensso/namingservice):
  http://host1.example.com8280/opensso/namingservice
#

    You should now see a AMConfig.properties file created in the sdk/resources directory.

  2. Install the OpenSSO Enterprise command-line tools.

    They are present in the OpenSSO Enterprise zip distribution, in the opensso/tools/ssoAdminTools.zip archive.


    # mkdir /opt/opensso-tools

# cd /opt/opensso-tools

# unzip /export/software/
  FAM_80_B3_QA_Test/opensso_zip/opensso/tools/ssoAdminTools.zip

# export JAVA-HOME=/usr/java
# ./setup
Path to config files of OpenSSO server (example: /openSSO):
/opt/fam80-qatest-server1
Debug Directory: /opt/opensso-tools/debug
Log Directory: /opt/opensso-tools/log
The scripts are properly setup under directory: 
/opt/opensso-tools/opensso
Debug directory is /opt/opensso-tools/debug.
Log directory is /opt/opensso-tools/logs.
The version of this tools.zip is: Express build 5b(2008-September-22 07:55)
The version of your server instance is: Express build 5b(2008-September-22 07:55)
#

    You will now see an opensso directory (or a directory with the name of the context-root of your OpenSSO Enterprise deployment), in the /opt/opensso-tools directory.

  3. Encrypt the password for the amadmin user using the ampassword utility.

    First, you need to create a text file containing the password of the amadmin user in plain text. In the following example, the password file /export/software/amadmin_pwd is created:


    # cd /opt/opensso-tools/opensso/bin

# ./ampassword --encrypt /export/software/amadmin_pwd
AQICSw+UrU2DJyY1KBeoC0iuzv3gQTGkbI39
#

  4. Customize the AMConfig.properties file that was created in step 1.

    1. In the OpenSSO Enterprise console, navigate to Configuration > Servers and Sites > server-entry > Security.

    2. Copy the value from the property Password Encryption Key, and use the value to modify the following property:

      am.encryption.pwd=AQICrPmBjI5aThg1H6kKcJr0/Lu4D9LdTlqe

    3. Modify the following property as shown:

      com.sun.identity.agents.app.username=amadmin

    4. For security purposes, either comment out the following line, or leave the value empty:


      #com.iplanet.am.service.password=

    5. Modify the following property using the value from the encrypted password generated in step 3 above:

      com.iplanet.am.service.secret=AQICSw+UrU2DJyY1KBeoC0iuzv3gQTGkbI39

  5. Copy the OpenSSO Enterprise Client files to the Identity Manager application directory. You will need the following files:

    • The openssoclientsdk.jar library that is present in the /sdk/lib directory from the fam-client.zip archive in the OpenSSO Enterprise zip distribution. 


      # cp /export/software/
  FAM_80_IDM_80_Integration/fam_zip/opensso/samples/
tmp/sdk/lib/openssoclientsdk.jar  /opt/SUNWappserver91/domains/domain1/
  applications/j2ee-modules/idm/WEB-INF/lib/

    • The AMConfig.properties generated above. 


      # mkdir /opt/SUNWappserver91/domains/domain1/applications/j2ee-modules/
idm/WEB-INF/classes
# cp /export/software/FAM_80_IDM_80_Integration/fam_zip/opensso/samples/
tmp/sdk/resources/AMConfig.properties /opt/SUNWappserver91/domains/domain1/
applications/j2ee-modules/
idm/WEB-INF/classes

  6. Update the Application Server classpath.

    1. Login to the Application Server Console.

    2. Navigate to Application Server | JVM Settings | Path Settings

    3. Update the Classpath Suffix to contain the following entries:


      /opt/SUNWappserver91/domains/domain1/applications/j2ee-modules/idm/
   WEB-INF/lib/openssoclientsdk.jar

/opt/SUNWappserver91/domains/domain1/applications/j2ee-modules/idm/WEB-INF/classes

    4. Click Save to save your changes.

    5. Log out from the Application Server Console.

  7. Restart the Application Server.


    # /opt/SUNWappserver91/bin/asadmin stop-domain domain1

# /opt/SUNWappserver91/bin/asadmin start-domain domain1

    Watch for any errors in the Application Server server.log log file.