Chapter 3 Installing OpenSSO Enterprise

Installing Sun^TM OpenSSO Enterprise from a web archive (WAR) file involves these steps:

• Downloading OpenSSO Enterprise

• Deploying the OpenSSO Enterprise WAR File

• Creating and Deploying Specialized OpenSSO Enterprise WAR Files

• Examples: Deploying OpenSSO Enterprise on JBoss Application Server

Before you begin, check the OpenSSO Enterprise 8.0 Requirements.

Downloading OpenSSO Enterprise

OpenSSO Enterprise is available in the opensso_enterprise_80.zip file, which you can download from the Sun Downloads site:

http://www.sun.com/download/index.jsp

The following table describes the layout after you unzip the opensso_enterprise_80.zip file. The directory where you unzip the file is represented by zip-root.

Table 3–1 OpenSSO Enterprise opensso_enterprise_80.zip File Layout

zip-root/opensso/ Directory	Description
deployable-war	OpenSSO Enterprise WAR and related files:  opensso.war contains all OpenSSO Enterprise components. Use this file you to deploy OpenSSO Enterprise server or to generate specialized WAR files. See Deploying the OpenSSO Enterprise WAR File. console contains the additional files for deploying only the OpenSSO Enterprise Console. See Chapter 10, Installing the OpenSSO Enterprise Console Only. distauth contains the additional files for deploying a Distributed Authentication UI server. See Chapter 8, Deploying a Distributed Authentication UI Server. idpdiscovery contains the additional files for deploying OpenSSO Enterprise as an identity provider (IDP) using the Discovery Service. See Chapter 9, Deploying the Identity Provider (IDP) Discovery Service. noconsole contains the additional files for deploying OpenSSO Enterprise server without the Console. See Chapter 11, Installing OpenSSO Enterprise Server Only. fam-distauth.list, fam-console.list, fam-noconsole.list, fam-idpdiscovery.list, and fam-nosample.list lists the files that allow you to create specialized WAR files. See Creating and Deploying Specialized OpenSSO Enterprise WAR Files.
docs	Java API reference documentation (opensso-public-javadocs.jar).
integrations	cleartrust contains the files to install and configure a custom authentication module that enables the SSO integration between OpenSSO Enterprise and RSA Access Manager (formerly RSA ClearTrust). oracle contains the files for integrating OpenSSO Enterprise with Oracle Access Manager (formerly Oblix). siteminder contains the files for integrating OpenSSO Enterprise with Computer Associates SiteMinder.
fedlet	Fedlet-unconfigured.zip file. After you unzip this file, fedlet.war allows you to deploy the Fedlet, a light-weight SAMLv2 service provider (SP). Follow the instructions in the Readme to configure the Fedlet metadata and COT and to deploy fedlet.war.
ldif	LDIF files for Sun Java System Directory Server, Microsoft Active Directory, and other LDAPv3 compliant directory servers.
libraries	DLL and JAR files for components such as OpenSSO Enterprise client SDK, the C SDK library for web policy agents, and the Secure Attribute Exchange (SAE) also known as Virtual Federation Proxy.
patches	Reserved for future use.
samples	Client SDK and samples (opensso-client.zip). See Chapter 12, Installing the OpenSSO Enterprise Client SDK.
tools	OpenSSO Enterprise tools and utilities:  ssoAdminTools.zip contains files to setup and run the OpenSSO Enterprise command-line (CLI) utilities and scripts such as ssoadm and ampassword. ssoSessionTools.zip contains the files to setup and configure OpenSSO Enterprise session failover. helpers contains files for the UNIX authentication helper (amunixd). See Chapter 6, Installing the OpenSSO Enterprise Utilities and Scripts.
upgrade	Upgrade scripts and related files to upgrade Access Manager or Federation Manager.  See the Sun OpenSSO Enterprise 8.0 Upgrade Guide.
xml	OpenSSO Enterprise XML files, such as amAdminConsole.xml, amAuth.xml, amSession.xml, and amUser.xml.

Deploying the OpenSSO Enterprise WAR File

Before you deploy the opensso.war, a supported web container must be deployed and configured, as described in Chapter 2, Deploying the OpenSSO Enterprise Web Container.

Then you deploy the OpenSSO Enterprise WAR (opensso.war) file using the web container administration console or deploy command.

---

Caution –

If you plan to use the OpenSSO configuration data store, you must deploy OpenSSO Enterprise on a local file system and not on an NFS-mounted file system. The OpenSSO configuration data store, which is deployed with OpenSSO Enterprise, is not supported on an NFS-mounted file system.

---

To Deploy the OpenSSO Enterprise WAR (opensso.war) File

1. Login as a user who has the following privileges:

   • Access to the OpenSSO Enterprise web container administration console, if you plan to deploy opensso.war using the console.

     or

   • The capability to execute the web container's deploy command-line utility, if you plan to deploy opensso.war using the CLI.

2. If necessary, copy opensso.war to the server where you want to deploy OpenSSO Enterprise.

3. Deploy opensso.war using either the web container administration console or deploy command.

   If the OpenSSO Enterprise web container administration console includes the option to deploy a WAR file, this method is usually the simplest one to use.

   Otherwise, use the web container deploy command. For example, the following command deploys opensso.war on the Application Server 9.1 web container on Solaris systems:

   # cd /opt/SUNWappserver/appserver/bin
   # ./asadmin deploy --user admin --passwordfile /tmp/pwdfile
   --port 4848 zip-root/opensso/deployable-war/opensso.war

   where:

   • zip-root is where you unzipped the opensso_enterprise_80.zip file. Or, if you copied opensso.war to a different location, use that location in the command.

   • /tmp/pwdfile is the Application Server 9.1 password file. This ASCII text file contains the AS_ADMIN_PASSWORD variable set to the administrator password.

Next Steps

Continue with the initial OpenSSO Enterprise server configuration using the Configurator:

Chapter 4, Configuring OpenSSO Enterprise Using the GUI Configurator

or

Chapter 5, Configuring OpenSSO Enterprise Using the Command-Line Configurator

Creating and Deploying Specialized OpenSSO Enterprise WAR Files

In addition to an OpenSSO Enterprise full server deployment, you can also create and deploy the following specialized WAR files:

• Distributed Authentication UI Server: Chapter 8, Deploying a Distributed Authentication UI Server

• IDP Discovery Service: Chapter 9, Deploying the Identity Provider (IDP) Discovery Service

• OpenSSO Enterprise Administration Console only: Chapter 10, Installing the OpenSSO Enterprise Console Only

• OpenSSO Enterprise server without the Administration Console: Chapter 11, Installing OpenSSO Enterprise Server Only

• OpenSSO Enterprise client SDK: Chapter 12, Installing the OpenSSO Enterprise Client SDK

Examples: Deploying OpenSSO Enterprise on JBoss Application Server

This section describes two additional methods to deploy OpenSSO Enterprise. Each method uses JBoss Application Server as the web container, but you can also use these methods on other web containers, if the container support the method.

• Method 1: Deploying OpenSSO Enterprise Server on JBoss Application Server Using the Exploded Archive Method

• Method 2: Deploing OpenSSO Enterprise Server on JBoss Application Server Using the Traditional Single Archive Method

Method 1: Deploying OpenSSO Enterprise Server on JBoss Application Server Using the Exploded Archive Method

To Deploy OpenSSO Enterprise Server on JBoss Application Server Using the Exploded Archive Method

1. Create a subdirectory under JBOSS_HOME/server/instance/deploy/name_of_war_file. For example:

   # mkdir /opt/jboss-4.2.2.GA/server/opensso/deploy/opensso.war

2. Explode the opensso.war file in this new directory. For example:

   # cd /opt/jboss-4.2.2.GA/server/opensso/deploy/opensso.war
   # jar xvf /tmp/opensso.war

   Your don't need to restart the container, because JBoss Application Server will automatically hot-deploy it.

3. Point your browser to http://host.domain:port/opensso or http://host:port/openssoand start configuring OpenSSO Enterpriseserver.

4. The OpenSSO Enterprise Configurator will write a bootstrap file in your home directory. For example:

   /.openssocfg/AMConfig_opt_jboss-4.2.2.GA_server_opensso_._deploy_opensso.war_

Method 2: Deploing OpenSSO Enterprise Server on JBoss Application Server Using the Traditional Single Archive Method

To Deploy OpenSSO Enterprise Server on JBoss Application Server Using the Traditional Single Archive Method

1. Explode the opensso.war file in a temporary directory. For example:

   # cd /tmp/sun
   # jar xvf zip-root/opensso/deployable-war/opensso.war

   where zip-root is where you unzipped the opensso_enterprise_80.zip file.

2. In the WEB-INF/classes/bootstrap.properties file, uncomment the configuration.dir property and set the property to the configuration directory that you plan to use for the OpenSSO Enterprise installation. For example:

   configuration.dir=/opt/opensso-server1

3. Create a new opensso.war with the extracted contents. For example:

   # cd /tmp/sun
   # jar cvf /tmp/opensso.war *

4. Hot-deploy this new WAR file on the JBoss Application Server container instance by copying the opensso.war from Step 3 to the JBoss deploy directory. For example:

   # cp /tmp/opensso.war /opt/jboss-4.2.2.GA/server/opensso/deploy

5. Start configuring OpenSSO Enterprise by pointing your browser to http://host.domain:port/opensso or http://host:port/opensso.

   Note: Because you pre-configured the OpenSSO Enterprise configuration directory in the opensso.war file in Step 4, you won't be able to change it during the configuration process.