You can use ssoadm CLI to automate the OpenSSO service configuration.
In the next few blog entries I am planning to give some examples on how
to perform certain configuration changes using the ssoadm CLI. In this
article I am going to show you how to create an Authentication Chain.
You should have configured the CLI as a prerequisite.
Friday Jun 26, 2009
Sunday Jun 14, 2009
The postings I made in the past seem to be very useful to the OpenSSO community I conclude this based on the private mails that I have received periodically. This time I am venturing out to see how the Oracle Internet Directory (OID) could be massaged to store the OpenSSO User and Group information. I dont claim to be an expert in Oracle Directory Server nevertheless what I provide here is a validated procedure that is expected to work. Though I am part of the OpenSSO enterprise product team, in no means I imply this particular identity store is a official part of the supported OpenSSO release.
Monday Jun 08, 2009
How To Determine whether the given LDAP server support persistent search
the persistent search draft version
control 2.16.840.1.113730.3.4.3 is implemented by many of the LDAP servers including
- IBM(Tivoli Directory)
- Novell(eDirectory)
- Sun(DSEE)
- OpenDS(OpenDS Directory Server 1.0.0-build007)
- Fedora-Directory/1.0.4 B2006.312.1539
ldapsearch -p 389 -h ds_host -s base -b '' "objectclass=*" supportedControl | grep 2.16.840.1.113730.3.4.3
Active Directory
AD implements in a different form using the LDAP control 1.2.840.113556.1.4.528
ldapsearch -h AD_HOST -p PORT -D"CN=Administrator,CN=Users,dc=test,dc=com" -w secret12 -s base -b '' "objectclass=*" supportedControl | grep 1.2.840.113556.1.4.528
Thursday Apr 09, 2009
This blog is an addendum to my earlier entry on the password reset application.
This article specifically addresses the steps involved in configuring
the OpenDS as the user store for the OpenSSO and enabling password
reset that works in association with OpenDS Password policy.
Monday Mar 09, 2009
I have been receiving email constantly about questions that regard to configuring OpenDS as user store for OpenSSO. In my earlier post I have detailed a hack to configure OpenDS with OpenSSO. Starting from Express build 7 of OpenSSO , OpenDS is officially supported as the user store with some known limitation regards to support for OpenDS password policies. These shortcomings will be resolved in the forth coming Express builds.
Monday Nov 10, 2008
It is easy to configure an already existing opensso system to run in 'debug' mode, but what if the system is being configured and you want to view the debug traces of opensso? There is a way to do that in OpenSSO.
[Read More]Friday Nov 07, 2008
Configuring multiple OpenSSO servers with Configuration store as Directory Server Enterprise Edition
This document specifically addresses the workaround for the
opensso issue 4094, yet this document can be used to configure the
Opensso Server against an existing Sun Java System Directory Server
Enterprise Edition. (DSEE)
Thursday Nov 06, 2008
Out of the box Access Manager Repository Plug-in datastore plugin cannot be created in the OpenSSO server, This is not a bug rather it is intentional to configure it manually depending up on the customer requirement. Access Manager Repository Plug-in data store may be applicable in the co-existence and/or upgrade scenarios with its predecessors like Sun Java System Access Manager. For the fresh deployments customers should be using the Identity Repository Datastore Plugins.
[Read More]
Problem:
While configuring the OpenSSO(build 6) server against Sun Directory Server to store the configuration data, if you have selected different passwords for the 'amadmin' user and for the DSEE Bind DN user(for eg: cn=directory manager), then the command line tool 'ssoadm' will fail on certain circumstances.
This issue does not happen when OpenSSO server is configured with default configuration store. There are two workarounds to resolve the issue.
-
Create cn=dsameuser entry under the configuration directory server
-
Update the serverconfig.xml in the configuration store
later option is recommended to the production customers
Tuesday Jul 01, 2008
People who love programming in the interpretive languages would love the OpenSSO REST based Identity Services, OpenSSO offers decently powerful REST interfaces to manipulate the idenity information stored in any supported OpenSSO identity store. I strongly encourage to read Aravindan Ranganathan's article on Identity Servic
This document is generated based on the article
Saturday Apr 12, 2008
OpenSSO support most of the commercially available LDAP servers as
identity store. In this blog entry I am goign to show you how to create
these data store from famadm CLI. IT is easy and less error prone and
repeatable.
Friday Feb 08, 2008
The simplest way to configure the OpenSSO system is to use the browser just to fill four test fields, it is that simple. However there are scenarios where you want to script the configuration on multiple machines or when you can not reach out to a browser, let us say all you've got is a dumb terminal access. In these scenarios what you do?
[Read More]Monday Sep 24, 2007
Sun Java System Access Manager Support on Application Server 9.1
Sun has recently released the Application Server 9.1, Access Manager server ver 7.1 is supported on this version. Access Manager 7.1 can be installed on Application server 9.1 in two ways.
1. Single WAR deployment of Access Manager
2. Installing Access Manager using the Java ES 5 update 1 installer
You can find the document on how to achieve the same
Sun Java System Access Manager Policy Agents for Application Server 9.1
There is an agent that is also made available for Application Server 9.1,
You can download the agent from this location
This agent can be configured by following this documentation
Tuesday Aug 21, 2007
Sun Java Enterprise System Access Manager provides a way to reset forgotten user passwords by simply configuring secret customizable questions and answers. This does not involve any administrator intervention except a one time system wide password reset application service configuration.
[Read More]
Tuesday Jul 31, 2007
In this article I am going to discuss how to configure the Sun Java System Access Manager Policy agents on to websphere cluster. For this exercise it is assumed the WebSphere Network Deployment Server (WNDS) has one cell with two clusters in it.(CARE and IS ) Each cluster has exactly two Application Server instances belonging to the same profile, hosting one or more applications. The cluster member Application Servers instances are distributed among two physical nodes as depicted in the diagrams below. The WNDS profile is located in one of the nodes. The clusters are already created before installing the agents. This document will not cover the procedures for creating WebSphere clusters or configuring the IBM HTTP Server for load balancing. Additionally no custom SSL key store is used. The Application Server and Access Manager traffic happens over HTTP.
To deploy the policy agents on the WebSphere clusters there is no need to defederate the nodes.
[Read More]This blog copyright 2009 by indira
