DocTeger

OpenSSO Technical Information

And a Spoonful of Music

To Make the Medicine Go Down

Telecommunication with an SSL Data Store

I found this procedure internally and I thought it might help some externally. The engineer was configuring OpenSSO to communicate with an SSL data store.

1. Set up your data store with SSL enabled.
2. Import a root certificate for your data store to the web container using the following command:
   JAVA_HOME/bin/keytool -import -keystore keystore_file_name -keyalg RSA -trustcacerts -alias alias_name -storepass changeit -file certificate_file_name
   • For Sun Application Server 9.1, keystore_file_name in the default domain1 is /opt/SUNWappserver/domains/domain1/config/cacerts.jks
   • For Sun Web Server 7.0U1, keystore_file_name is /usr/jdk/entsys-j2se/jre/lib/security/cacerts
3. Restart the web container.
4. Deploy opensso.war.
   When running the WAR configurator, you can't point to the SSL port so you must point to the non-SSL port.
5. Log into the administration console as the administrator; by default amadmin.
6. Create a new data store configuration or edit the existing one.
   Click the Data Stores tab for the appropriate realm under the Access Control tab. Be sure to enable the following two attributes:
   • LDAP Server must have the host name and SSL port of the SSL data store.
   • LDAP SSL must be checked.
7. Create a new User that points to the SSL port of the data store.
   Click the Directory Configuration tab after choosing the appropriate Server under the Sites and Servers tab, located under the Configuration tab. Select New... under User and configure the user so that it points to the SSL port.
8. Delete the default non-SSL user and save.

And now OpenSSO is configured to communicate with a secure directory. In celebration here's another type of communication: Telecommunication, live by A Flock of Seagulls.

Posted at 04:57PM Mar 17, 2008 by Michael Teger in Sun  |  Comments[1]