JavaScript is required to for searching.
Skip Navigation Links
Exit Print View
Oracle OpenSSO 8.0 Update 2 Release Notes
Oracle Technology Network
Library
PDF
Print View
Feedback

Document Information

Preface

1.  About OpenSSO 8.0 Update 2

2.  OpenSSO 8.0 Update 2 Patch Releases

3.  Installing OpenSSO 8.0 Update 2

4.  Using the Security Token Service

5.  Using the Oracle OpenSSO Fedlet

6.  Integrating the OpenSSO 8.0 Update 2 with Oracle Access Manager

Overview of Integration Steps

Before You Begin

Unpacking the Integration Bits

Building Source Files for Oracle Access Manager in OpenSSO

To Build the Source Files for Oracle Access Manager

(Optional) Build an Authentication Scheme for OpenSSO in Oracle Access Manager

To Build an Authentication Scheme for OpenSSO in Oracle Access Manager

Configuring Single Sign-On Using Oracle Access Manager and Oracle OpenSSO STS

To Configure Single Sign-On Using Oracle Access Manager and Oracle OpenSSO 8.0 Update 2

To Test Single Sign-On

(Optional) Installing of Oblix AuthScheme into Oracle Access Manager

Integrating the OpenSSO 8.0 Update 2 with Oracle Access Manager

Configuring Single Sign-On Using Oracle Access Manager and Oracle OpenSSO STS

To Configure Single Sign-On Using Oracle Access Manager and Oracle OpenSSO 8.0 Update 2

Before you begin: Sun Java System Web Server 7.x must already be installed and configured. See the Sun Java System Web Server Documentation Wiki for Web Server installation instructions.

  1. Install OpenSSO on Sun Java System Web Server 7.x.
  2. Install an OpenSSO Policy Agent on a supported container and configure the agent to work with OpenSSO.

    For installation instructions, see the Policy Agent 3.0 guide for the agent you are using. These guides are available in the following documentation collection:

    http://download.oracle.com/docs/cd/E19681-01/index.html

  3. Install and configure Oracle Access Manager.

    See the Oracle Access Manager Installation Guide 10g (10.1.4.3)

  4. Install and configure Oracle Access Manager SDK with Oracle Access Manager.

    See the Oracle Access Manager Installation Guide 10g (10.1.4.3)

  5. Install Oracle Webgate on the same web container where OpenSSO server is installed. (Sun Web Server 7.x)

    Configure OpenSSO so that it protects only deployURI/UI/* of the OpenSSO web application. Example:/opensso/UI/.../*

    For Oracle Access Manager policies, resources and other configuration details, check the Oracle Access Manager administration guide. Unprotect every other URL in OpenSSO Enteprise. This is for simple single sign-on integration scenario, but evaluate policies based on full integration and other deployment dependencies.

  6. Configure the Authentication Module in OpenSSO.
    1. Access the OpenSSO console.

      The browser redirects to Oracle Access Manager for authentication. After successful authentication, OpenSSO presents a login page. Log in using the OpenSSO admin user name and password.

    2. Import the Oracle Authentication Module service XML file into the OpenSSO configuration.

      The authentication module service can be loaded from command line ssoadm utility, and as well as browser based ssoadm.jsp.

    3. Access http://host:port/opensso/ssoadm.jsp.
    4. Choose the create-service option.
    5. Copy and paste the XML file from $openssozipdir/integrations/oracle/config/OblixAuthService.xml and click Submit.

      This loads the authentication module service into the OpenSSO configuration.

    6. Register the authentication module into the authentication Core service.

      The Core service contains a list of authenticators. Choose the register-auth-module option in http://host:port/opensso/ssoadm.jsp. Enter com.sun.identity.authentication.oblix.OblixAuthModule as the authentication module class name.

    7. Verify that the authentication module is registered to the default realm.

      Access OpenSSO using the URL http://host:port/opensso. In the OpenSSO console, click the default realm, and then click the Authentication tab. Click New to create a new authentication module named OblixAuth.

    8. On the Authentication tab, select the OblixAuth authentication module.

      Configure the Oblix SDK directory. Enable Check Remote User Header Only, and specify the remote header name as OAM_REMOTE_USER. This parameter is configurable based on the deployment.

  7. (Optional) Enable the Ignore Profile option in the OpenSSO core authentication service.

    In the OpenSSO console, go to Configuration > Core > Realm Attributes > User Profile . Choose Ignored, and then click Save.

    This configuration prevents OpenSSO from searching for an existing user profile after successful authentication. However, if the user repository used by OpenSSO and Oracle Access Manager are exactly same, then this step is not necessary. Go to Admin Console -> Configuration -> Core -> Realm Attributes -> User Profile. Choose Ignored, and then click Save.

  8. Edit the web server start script to include Oracle Access Manager SDK shared libraries.

    Update LD_LIBRARY_PATH in the startserv script to include the shared libraries from $ACCESSDKDIR/oblix/lib.

  9. Restart the Sun Web Server that contains both OpenSSO and Oracle Webgate.
  10. Update the Login URL for Web Agent value as http://openssohost:openssoport/deployURI/UI/Login?module=OblixAuth.
Copyright © 2010, 2012, Oracle and/or its affiliates. All rights reserved. Legal Notices
Previous Next