Skip to Content
Sun and Oracle
Channel Sun
How to Buy
Log In
English
docs.sun.com Home
>
Sun OpenSSO Enterprise 8.0
> Sun OpenSSO Enterprise 8.0 Installation and Configuration Guide
Sun OpenSSO Enterprise 8.0 Installation and Configuration Guide
Search only this book
Search Help
Contained Within
Sun OpenSSO Enterprise 8.0
Find More Documentation
Browse Documentation Titles
Browse Product Documentation
Featured Support Resources
Sun Training Courses
BigAdmin System Admininstration Portal
Sun Support Center
Sun Solve
Download this book in PDF (1816 KB)
Sun OpenSSO Enterprise 8.0 Installation and Configuration Guide
Index
A
D
G
I
O
P
R
S
Book Information
Preface
Who Should Use This Guide
Before You Read This Guide
How This Guide Is Organized
Related Documentation
OpenSSO Enterprise Documentation Set
Policy Agent Documentation
Related Product Documentation
Searching Sun Product Documentation
Related Third-Party Web Site References
Documentation, Support, and Training
Typographic Conventions
Shell Prompts in Command Examples
Default Paths and Directory Names
Revision History
Sun Welcomes Your Comments
1. Getting Started With OpenSSO Enterprise 8.0
OpenSSO Enterprise 8.0 Requirements
Overview of Installing and Configuring OpenSSO Enterprise
Some OpenSSO Enterprise 8.0 Changes to Consider
Summary of the OpenSSO Enterprise 8.0 Installation and Configuration Steps
Using Sun Service Tags With OpenSSO Enterprise
2. Deploying the OpenSSO Enterprise Web Container
Planning Your OpenSSO Enterprise Web Container Deployment
Sun Java System Application Server 9.1 Update 1 and Update 2
OpenSSO Enterprise Pre-Deployment Tasks
GlassFish Application Server V2 UR1 and UR2
OpenSSO Enterprise Pre-Deployment Tasks
Sun Java System Web Server 7.0 Update 3
OpenSSO Enterprise Pre-Deployment Tasks
Apache Tomcat 5.5.27 and 6.0.18
OpenSSO Enterprise Pre-Deployment Tasks
OpenSSO Enterprise Post-Deployment Tasks
BEA WebLogic Server 9.2 MP2
OpenSSO Enterprise Pre-Deployment Tasks
BEA WebLogic Server 10
OpenSSO Enterprise Pre-Deployment Tasks
Oracle Application Server 10g
OpenSSO Enterprise Pre-Deployment Tasks
IBM WebSphere Application Server 6.1
OpenSSO Enterprise Pre-Deployment Tasks
Adding GenericJvmArguments
Adding Security Permissions
Running the JSP Compiler
Post-Deployment Task
Using the ssoadm and ampassword Utilities
Apache Geronimo Application Server 2.1.1
OpenSSO Enterprise Pre-Deployment Tasks
JBoss Application Server 4.x
OpenSSO Enterprise Pre-Deployment Tasks
Adding Security Permissions For a Web Container
Adding OpenSSO Enterprise Security Permissions
OpenSSO Enterprise Security Permissions for Apache Tomcat
OpenSSO Enterprise Security Permissions for WebLogic Server
OpenSSO Enterprise Security Permissions for IBM WebSphere Application Server 6.1
OpenSSO Enterprise Security Permissions for JBoss Application Server
OpenSSO Enterprise Security Permissions for Oracle Application Server
OpenSSO Enterprise Security Permissions for Geronimo Application Server
To Enable the Java Security Manager for Geronimo Application Server
3. Installing OpenSSO Enterprise
Downloading OpenSSO Enterprise
Deploying the OpenSSO Enterprise WAR File
To Deploy the OpenSSO Enterprise WAR (opensso.war) File
Creating and Deploying Specialized OpenSSO Enterprise WAR Files
Examples: Deploying OpenSSO Enterprise on JBoss Application Server
Method 1: Deploying OpenSSO Enterprise Server on JBoss Application Server Using the Exploded Archive Method
To Deploy OpenSSO Enterprise Server on JBoss Application Server Using the Exploded Archive Method
Method 2: Deploing OpenSSO Enterprise Server on JBoss Application Server Using the Traditional Single Archive Method
To Deploy OpenSSO Enterprise Server on JBoss Application Server Using the Traditional Single Archive Method
4. Configuring OpenSSO Enterprise Using the GUI Configurator
Starting the Configurator
To Start the Configurator
Configuring OpenSSO Enterprise With the Default Configuration
To Configure OpenSSO Enterprise With the Default Configuration
Configuring OpenSSO Enterprise With a Custom Configuration
To Configure OpenSSO Enterprise With a Custom Configuration
5. Configuring OpenSSO Enterprise Using the Command-Line Configurator
Requirements to Run the Command-Line Configurator
Installing the Command-Line Configurator
To Install the Command-Line Configurator
Configuring OpenSSO Enterprise Server
To Configure OpenSSO Enterprise Using the Command-Line Configurator
OpenSSO Enteprise Configuration Parameters For the Command-Line Configurator
General and Server Parameters
Configuration Data Store Parameters
Multi-Server Deployment Parameters
User Data Store Parameters
Site Configuration Parameters
6. Installing the OpenSSO Enterprise Utilities and Scripts
Installing the OpenSSO Enterprise Utilities and Scripts in the ssoAdminTools.zip File
To Install the OpenSSO Enterprise Utilities and Scripts in the ssoAdminTools.zip File
Using ssoadm With OpenSSO Enterprise Configured as a Site
To Use ssoadm With OpenSSO Enterprise Configured as a Site
Running the Unix Authentication Helper (amunixd Daemon)
To Run the Unix Authentication Helper (amunixd Daemon)
7. Implementing OpenSSO Enterprise Session Failover
Overview of OpenSSO Enterprise Session Failover
OpenSSO Enterprise Session Failover Components
OpenSSO Enterprise Session Failover Flow
Installing and Configuring the OpenSSO Enterprise Session Failover Components
Unzipping the ssoSessionTools.zip File
To Unzip the ssoSessionTools.zip File
Running the Session Failover setup Script
To Run the Session Failover setup Script
Creating a New User to Connect to the Message Queue Broker (Optional)
To Create a New User to Connect to the Message Queue Broker
Editing the amsessiondb Script (if Needed)
Encrypting the Message Queue Broker Password Using the amsfopassword Script (Required)
To Encrypt the Message Queue Broker Password Using the amsfopassword Script
Running the amsfo Script to Start and Stop the Session Failover Components
To Run the amsfo Script
Configuring Session Failover in the OpenSSO Enterprise Console
To Configure Session Failover in the OpenSSO Enterprise Console
8. Deploying a Distributed Authentication UI Server
Distributed Authentication UI Server Overview
Distributed Authentication UI Server Deployment Scenario
Requirements for a Distributed Authentication UI Server Deployment
Generating a Distributed Authentication UI Server WAR File
To Generate a Distributed Authentication UI Server WAR File
Deploying the Distributed Authentication UI Server WAR File
To Deploy the Distributed Authentication UI Server WAR File
Configuring the Distributed Authentication UI Server
To Configure the Distributed Authentication UI Server
Accessing the Distributed Authentication User Interface Web Application
9. Deploying the Identity Provider (IDP) Discovery Service
Generating an IDP Discovery Service WAR File
To Generate an IDP Discovery Service WAR File
Configuring the IDP Discovery Service
To Configure the IDP Discovery Service
10. Installing the OpenSSO Enterprise Console Only
Requirements to Deploy Only the Console
Generating a Console Only WAR File
To Generate a Console Only WAR File
Deploying and Configuring the Console Only WAR File
To Deploy and Configure the Console Only WAR File
Accessing the Console
11. Installing OpenSSO Enterprise Server Only
Requirements to Deploy OpenSSO Enterprise Server Only
Generating a WAR File to Deploy OpenSSO Enterprise Server Only
To Generate a WAR File to Deploy OpenSSO Enterprise Server Only
Deploying OpenSSO Enterprise Server Only
To Deploy OpenSSO Enterprise Server Only
12. Installing the OpenSSO Enterprise Client SDK
OpenSSO Enterprise Client SDK Requirements
Installing the OpenSSO Enterprise Client SDK
To Install the OpenSSO Enterprise Client SDK
Compiling and Running the Client SDK Samples
To Compile and Run the Client SDK Samples
13. Configuring OpenSSO Enterprise Sessions
Setting Session Quota Constraints
Deployment Scenarios for Session Quota Constraints
Multiple Settings For Session Quotas
Configuring Session Quota Constraints
To Configure Session Quota Constraints
Configuring Session Property Change Notifications
To Configure Session Property Change Notifications
14. Enabling the Access Manager SDK (AMSDK) Identity Repository Plug-in
Requirements to Enable the AMSDK Identity Repository Plug-in
Configuring Sun Java System Directory Server
To Configure an Existing Directory Server With Access Manager 7.x User Data Store
To Configure a New Directory Server
Configuring OpenSSO Enterprise Server
Configuring OpenSSO Enterprise Server Using the ssoadm Command with add-amsdk-idrepo-plugin Subcommand
To Configure OpenSSO Enterprise Server Using the ssoadm Command and add-amsdk-idrepo-plugin Subcommand
Configuring OpenSSO Enterprise Server Manually
Loading the Directory Access Instructions (DAI) Service
To Load the DAI Service
Loading the AMSDK Subschema
To Load the AMSDK Subschema
Updating the Directory Server Information for the AMSDK Plug-in
To Update the Directory Server Information for the AMSDK Plug-in
Enabling Persistent Search Connections for the AMSDK Plug-in
To Enable Persistent Search Connections for the AMSDK plug-in
Creating a Data Store Using the AMSDK Plug-in
To Create a Data Store Using the AMSDK Plug-in
15. Managing LDAP Persistent Searches
Enabling Persistent Searches
To Enable Persistent Searches Using the Console
Enabling Persistent Searches by Setting the com.sun.am.event.connection.disable.list Property
Disabling Persistent Searches
To Disable Persistent Searches Using the Console
Disabling Persistent Searches by Setting the com.sun.am.event.connection.disable.list Property
Re-Enabling Persistent Searches
To Disable Persistent Searches for a Data Store
Disabling Persistent Searches on a Data Store
To Disable Persistent Searches on a Data Store
Configuration Properties That Affect Persistent Searches
16. Customizing OpenSSO Enterprise Administration Console Pages
Customizing the OpenSSO Enterprise Login and Logout Pages
To Customize the OpenSSO Enterprise Login and Logout Pages
17. Loading the OpenSSO Schema into Sun Java System Directory Server
Loading the OpenSSO Schema into Directory Server
To Load the OpenSSO Schema into Directory Server
18. Using Active Directory as the User Data Store
Overview of Using Active Directory as the User Data Store
Requirements For Active Directory as the User Data Store
Configuring Active Directory With the OpenSSO Enterprise Schema Files
To Configure Active Directory with OpenSSO Enterprise Schema Files
Configuring a Data Store For Active Directory
To Configure a Data Store For Active Directory
Configuring an Authentication Module to Login Through Active Directory
To Configure an Authentication Module to Login Through Active Directory
Operational Notes
19. Taking Precautions Against Session-Cookie Hijacking in an OpenSSO Enterprise Deployment
Defining Key Cookie Hijacking Security Issues
Cookie Hijacking Security Issues
OpenSSO Enterprise Solution: Shared Session Cookies
OpenSSO Enterprise Solution: A Less Secure Application
OpenSSO Enterprise Solution: Modification of Profile Attributes
Key Aspects of the OpenSSO Enterprise Solution: Cookie Hijacking Security Issues
OpenSSO Enterprise Session Cookies Involved in Issuing Unique SSO Tokens
Enabling OpenSSO Enterprise to Use Unique SSO Tokens
Implementing the OpenSSO Enterprise Solution for Cookie Hijacking Security Issues
About the Agent Profile
Configuring the OpenSSO Enterprise Deployment Against Cookie Hijacking
To Configure the OpenSSO Enterprise Deployment Against Cookie Hijacking
20. Patching OpenSSO Enterprise 8.0
Planning Your Patch Operation
To Plan Your Patch Operation
OpenSSO Patch and Upgrade Paths
Overview of the ssopatch Utility
Running the ssopatch Utility
Installing the ssopatch Utility
To Install the ssopatch Utility
Patching an OpenSSO Enterprise 8.0 WAR File
To Patch OpenSSO Enterprise 8.0
Creating a New OpenSSO Enterprise 8.0 Patched WAR File
To Create a New OpenSSO Enterprise 8.0 Patched WAR File
Running the updateschema Script
To Run the updateschema Script
21. Uninstalling OpenSSO Enterprise
Uninstalling OpenSSO Enterprise Server
To Uninstall OpenSSO Enterprise Server
Uninstalling the OpenSSO Enterprise Utilities and Scripts
To Uninstall the OpenSSO Enterprise Utilities and Scripts
Uninstalling a Distributed Authentication UI Server Deployment
To Uninstall a Distributed Authentication UI Server Deployment
Uninstalling an IDP Discovery Deployment
To Uninstall an IDP Discovery Deployment
Uninstalling a Client Sample Deployment
To Uninstall a Client Sample Deployment
Uninstalling a Fedlet Deployment
To Uninstall a Fedlet Deployment
Uninstalling an OpenSSO Enterprise Console Only Deployment
To Uninstall an OpenSSO Enterprise Console Only Deployment
Uninstalling the OpenSSO Enterprise Client SDK
To Uninstall the OpenSSO Enterprise Client SDK
Removing OpenSSO Enterprise Entries From Directory Server
To Remove OpenSSO Enterprise Entries From Directory Server
News Center
About Sun
Contact Sun
Terms of Use
Privacy
Copyright
1994-2009
Sun Microsystems, Inc.
Download this book in PDF (1816 KB)