« A Spring Framework... | Main | Integrating OpenSSO... »
Monday Dec 08, 2008

OpenSSO Servers and Sites Configuration with SSL and SSQ

Here is some information regarding how you might configure OpenSSO sites and servers for a sample SAMLv2 deployment. The requirement in this SAMLv2 deployment is to allow normal users to access OpenSSO via pure SSL and administrative users to access OpenSSO via SSL with certificate authentication. The deployment is a straight forward setup (using two instances of OpenSSO and Glassfish, and one load balancer) except for the following:

  1. The requirement for certificate authentication for one group of users and LDAP authentication for t'other group of users.
  2. The users are split into two domains: one for the identity provider and t'other for the service provider. The identity provider will authenticate, and the service provider will control access using a J2EE policy agent.
The load balancer should be configured with two listening sockets but there should be only one configured Site in OpenSSO. The Site configuration does not need to know both listening sockets as long as the two configured listening sockets (in this example, port 1443 and 2443) point to the same instance of OpenSSO. For this deployment do the following configurations.
  • On both instances of OpenSSO, under the Configuration --> Servers and Sites tabs in the console, create one New Server for each OpenSSO instance as in:

    • https://osso1.server.com:1443/opensso
    • https://osso2.server.com:1443/opensso

    Create a New Site with your chosen name and a Primary URL that points to the first virtual IP of the load balancer as in https://lb-vip1.server.com:1443/opensso. Click the created Site and add the second virtual IP of the load balancer, https://lb-vip2.server.com:1443/opensso.

    Click each server previously created to add the created Site as the value of the Parent Site attribute.

  • In the first instance of the Glassfish console, configure two listening sockets:

    • https://osso1.server.com:1443/opensso
    • https://osso1.server.com:2443/opensso

    In the second instance of the Glassfish console, configure two listening sockets:

    • https://osso2.server.com:1443/opensso
    • https://osso2.server.com:2443/opensso

  • In the load balancer, configure two virtual servers that each points to two different pools:

    • Virtual Server 1

      https://lb-vip1.server.com:1443 points to two different pools:

      • https://osso1.server.com:1443/opensso
      • https://osso2.server.com:1443/opensso

    • Virtual Server 2

      https://lb-vip2.server.com:2443 points to two different pools:

      • https://osso1.server.com:2443/opensso
      • https://osso2.server.com:2443/opensso

And from SSL to SSQ, here's Synthecide. Stacey Q was lead singer of this mid-80s Berlin-sounding synth band before she went solo with the Madonna-sounding Two of Hearts. At that point, everyone decided to hate her and she was never heard from again.

Posted at 11:59AM Dec 08, 2008 by Michael Teger in Sun  |  Comments[0]

Comments:

Post a Comment:
  • HTML Syntax: NOT allowed