6.1 Modifying the Top-Level Realm for Test Users

At this point in the deployment, the OpenSSO Enterprise root realm (by default, / (Top Level Realm)) is configured to authenticate special OpenSSO Enterprise accounts (for example, amadmin and agents) against the embedded configuration data store. Since the external user data store is an instance of Directory Server (and not part of the embedded configuration data store), we now modify the external user data store configuration details using the OpenSSO Enterprise console to map the user data stores schema to the test user entries previously imported. Use the following list of procedures as a checklist for completing this task.

1. To Modify the Top-Level Realm for User Authentication

2. To Verify that a User Can Successfully Authenticate

To Modify the Top-Level Realm for User Authentication

1. Access https://osso-1.example.com:1081/opensso/console in a web browser.

2. Log in to the OpenSSO Enterprise console as the administrator.

   User Name:

   amadmin

   Password:

   ossoadmin

3. Click the Access Control tab.

4. Click / (Top Level Realm), the root realm, under the Access Control tab.

5. Click the Data Stores tab.

   The GenericLDAPv3 data store link is displayed.

6. Click GenericLDAPv3.

7. On the GenericLDAPv3 data store properties page, set the following attribute values and click Save.

   LDAP People Container Naming Attribute

   Enter ou.

   LDAP Groups Container Value

   Enter Groups.

   LDAP Groups Container Naming Attribute

   Enter ou.

   LDAP People Container Value

   Enter users.

   ---

   Note –

   If this field is empty, the search for user entries will start from the root suffix.

   ---

8. Click Back to Data Stores.

9. (Optional) Click the Subjects tab to verify that the test users are now displayed.

   testuser1 and testuser2 are displayed under Users (as well as others created during OpenSSO Enterprise configuration.

10. Click the Authentication tab.

11. Click the Advanced Properties link under General.

    The Core Realm Attributes page is displayed.

12. Change the value of User Profile to Ignored.

    This new value specifies that a user profile is not required by the Authentication Service in order to issue a token after successful authentication. This modification is specific to this deployment example because the OpenSSO Enterprise schema and the Directory Server schema have not been mapped.

13. Click Save.

14. Click Back to Authentication.

15. Click Back to Access Control.

16. Log out of the OpenSSO Enterprise console.

To Verify that a User Can Successfully Authenticate

You should be able to log in successfully as a test user.

1. Access https://osso-1.example.com:1081/opensso/UI/Login in a web browser.

2. Log in to the OpenSSO Enterprise console as the administrator.

   User Name:

   testuser1

   Password:

   password

   You should be able to log in successfully and see a page with a message that reads You're logged in. Since the User Profile attribute was set to Ignored, the user's profile is not displayed after a successful login. If the login is not successful, watch the Directory Server access log to troubleshoot the problem.