Monday Mar 17, 2008
Telecommunication with an SSL Data Store
I found this procedure internally and I thought it might help some externally. The engineer was configuring OpenSSO to communicate with an SSL data store.
- Set up your data store with SSL enabled.
- Import a root certificate for your data store to the web container using the following command:
JAVA_HOME/bin/keytool -import -keystore keystore_file_name -keyalg RSA -trustcacerts -alias alias_name -storepass changeit -file certificate_file_name- For Sun Application Server 9.1, keystore_file_name in the default
domain1is/opt/SUNWappserver/domains/domain1/config/cacerts.jks - For Sun Web Server 7.0U1, keystore_file_name is
/usr/jdk/entsys-j2se/jre/lib/security/cacerts
- For Sun Application Server 9.1, keystore_file_name in the default
- Restart the web container.
- Deploy
opensso.war.
When running the WAR configurator, you can't point to the SSL port so you must point to the non-SSL port. - Log into the administration console as the administrator; by default
amadmin. - Create a new data store configuration or edit the existing one.
Click the Data Stores tab for the appropriate realm under the Access Control tab. Be sure to enable the following two attributes:- LDAP Server must have the host name and SSL port of the SSL data store.
- LDAP SSL must be checked.
- Create a new User that points to the SSL port of the data store.
Click the Directory Configuration tab after choosing the appropriate Server under the Sites and Servers tab, located under the Configuration tab. Select New... under User and configure the user so that it points to the SSL port. - Delete the default non-SSL user and save.
Posted at 04:57PM Mar 17, 2008 by Michael Teger in Sun | Comments[0]
Comments: