« Jonathan Speaks... | Main | Federated Access... »
Thursday Dec 06, 2007

OpenSSO Client SDK: Service Configuration Sample

UPDATED: 12/11/07 - answers to questions below

In preparation for writing the Client SDK chapter of the FAM8 Developer's Guide, I am running the Client SDK samples. I did not find a lot of information concerning what these samples are actually doing so I figured I'd tell you what I've done and if you have questions (or answers), comment me.

NOTE: AMConfig.properties has been deprecated for OpenSSO. The server configuration data is now stored in an OpenDS server when you freshly install the soon-to-be-latest release. The Client SDK, however, still uses AMConfig.properties to store its configuration data as it is remote to the installed OpenSSO server.

This Service Configuration Sample Servlet executes the ServiceConfigServlet.java which retrieves and displays attributes from the service name input; in the sample, DAI.
  1. Deploy opensso.war in glassfish.

  2. Deploy and launch the fam-client-jdk15.war

    In the the samples directory of the inflated opensso.zip, you find fam-client.zip. Unzip this and see the war and sdk directories. The war directory contains the Client SDK and web-based samples. The sdk directory contains command line based samples (compile the source code before using it). In the war directory, you will find fam-client-jdk14.war and fam-client-jdk15.war. Deploying the appropriate WAR, depending on the version of Java on your machine, installs the Client SDK. Launching the deployed WAR via the Glassfish console displays the Configurator page.

  3. Configure the Client SDK by pointing it to your local instance of OpenSSO.

    NOTE: Be sure to use an opening forward slash (/) in the Service Deployment URI.

  4. After configuration, click the link to proceed to the samples and, from the resulting page, click Access Management Samples. The following page is displayed.

  5. Click Service Configuration Sample Servlet, enter values on the resulting page and submit.

    You only have to enter the password; admin123, by default. I got an error the first time around and had to change the value of two properties in the Client SDK AMConfig.properties (which, after configuration, I found in the top-level root directory of my machine - not a very organized place for it to land).

    • com.sun.identity.agents.app.username should have a value of UrlAccessAgent
    • com.iplanet.am.service.password should have a value of changeit

    NOTE: Restart the glassfish domain after modifying the file and before entering the password and submitting again.

  6. SUCCESS!! You can see the Client SDK retrieved the attributes of the DAI Service. Also the SSOToken of the questioning user.

    Questioning?*

*Yes. Questioning the following:
  • What is the DAI Service? Many moons ago, it referred to the ums.xml. Is DAI just a hold over that is now only used for this sample? Or is it something more?

    ANSWER: The service is still used for an existing directory information tree (DIT) and legacy installs.

  • What is the difference between the Configuration Type options, schema and config? The output for schema you see above. The output for config looks like an LDAP blob. In either case, the output is not very pretty and I can't make heads or tails of it.

    ANSWER: schema refers to the data structure, the template for the data. Default values may be defined dependent on the service. config is the actual data. The output is defined as key/value pairs, one right after t'other. (sic)

  • What happens if I used another OpenSSO Service Name? Would this still work? Or is it, as the name says, just a sample.

    ANSWER: You can use any OpenSSO service as input as long as you use the value defined as the name attribute of the service element in the particular service's XML service file.

  • Now that Amy Winehouse has received six Grammy nominations for her album, Back to Black, will she clean herself up in time to perform?

    ANSWER: With any luck. Even though she cancelled the concert I had tickets for nine months ago, I'm still in Amy's corner. I am, though, getting tired of reading stories that begin, "Troubled singer Amy Winehouse..." In this picture video, Amy covers the Teddy Bears' classic To Know Him Is To Love Him (which, ironically enough, was written by troubled record producer Phil Spector).

See User and Policy Samples: OpenSSO Client SDK for more Client SDK sample information.

Posted at 03:13PM Dec 06, 2007 by Michael Teger in Sun  |  Comments[7]

Comments:

Hi Michael,

Your image in the left sidebar ( http://photos.central.sun.com/126042.jpg ) doesn't work for anyone outside SWAN.

Cheers,

Pat

Posted by Pat Patterson on December 07, 2007 at 10:29 AM PST #

Thanks, Pat. It's outside of SWAN now so everyone can see my punim (http://www.urbandictionary.com/define.php?term=punim). And Max's too.

Posted by DocTeger on December 07, 2007 at 10:51 AM PST #

I get:

com.sun.identity.security.AMSecurityPropertiesException: AdminTokenAction: FATAL ERROR: Cannot obtain Application SSO token.
Check AMConfig.properties for the following properties
com.sun.identity.agents.app.username
com.iplanet.am.service.password

I cannot find the AMConfig.properties file anywhere to change the username and password properties as you suggest.

Posted by RC on January 04, 2008 at 06:08 AM PST #

Did you run the configurator.jsp? The only reason I can think of that AMConfig can't be found is that OpenSSo wasn't configured yet. See my entry about configuring OpenSSO (http://blogs.sun.com/docteger/entry/installing_opensso_buld_2). If you did this send your question to users@opensso.dev.java.net and see if anyone else has had this issue.

Posted by DocTeger on January 04, 2008 at 06:49 AM PST #

Hi,
I'm now trying to setup ID-WSF by reading FAQ from opensso site.
https://opensso.dev.java.net/public/about/faqcenter/faqhowdoi.html#IDWSFsample
Now, I finished deploying fam-client-jdk15.war and then access to the URL, /opensso-client-jdk15/Configurator.jsp.

Because FAQ does not describe how to enter each value,
I try to search any tips by google and find this blog.

I entered following values in configurator page.

Server Protocol: http
Server host: hostname where OpenSSO is deployed
Server port: port number
Server Deployment URI: /opensso-sp
Debug directory: /tmp
Application User name: amadmin
Application user password: amadmin's password which was set during OpenSSO custom configuration

Then, click Configure.

Then, I changed com.iplanet.am.cookie.name to customized value(iPlanetDirectoryProsp2) in AMConfig.properties

Then, click "Access Management Samples" and click "Service Configuration Sample Servlet".(as you did above in this blog.)

Enter amadmin's password and click Submit.
Follwing error happens.
----
amadmin com.sun.identity.authentication.spi.AuthLoginException: Failed to create new Authentication Context: For input string: "6080opensso-sp" at com.sun.identity.authentication.AuthContext.login(AuthContext.java:578) at com.sun.identity.authentication.AuthContext.login(AuthContext.java:521) at com.sun.identity.authentication.AuthContext.login(AuthContext.java:362) at com.sun.identity.samples.clientsdk.SampleBase.authenticate(SampleBase.java:49) at com.sun.identity.samples.clientsdk.ServiceConfigServlet.doGet(ServiceConfigServlet.java:86) at
:
:
----
Do you know what is fault and causing this error?
Please advice me by reply this comment or by e-mail directly.

Posted by Shinichi Hanaki on December 15, 2008 at 03:02 AM PST #

Sorry, I did not say my mail address in previous comment.
It is shinichi.hanaki at sun.com.

Posted by Shinichi Hanaki on December 15, 2008 at 03:06 AM PST #

OK, I found that UrlAccessAgent and its password should be set for user name/password.
Then, I could see wsc/index.jsp. :)

BTW, FQA does not explain what is next step, how to test/verify or what we can do on this page...

Posted by Shinichi Hanaki on December 15, 2008 at 07:14 AM PST #

Post a Comment:
  • HTML Syntax: NOT allowed