You can use ssoadm CLI to automate the OpenSSO service configuration. 
In the next few blog entries I am planning to give some examples on how
to perform certain configuration changes using the ssoadm CLI. In this
article I am going to show you how to create an Authentication Chain.
You should have configured the CLI  as a prerequisite.

How To Determine whether the given LDAP server support persistent search

• IBM(Tivoli Directory)
  


• Novell(eDirectory)
  


• Sun(DSEE)
  


• OpenDS(OpenDS Directory Server 1.0.0-build007)
  


• Fedora-Directory/1.0.4 B2006.312.1539
  

ldapsearch -p 389 -h ds_host -s base -b '' "objectclass=*" supportedControl | grep 2.16.840.1.113730.3.4.3

Active Directory

AD implements in a different form using the LDAP control 1.2.840.113556.1.4.528

ldapsearch  -h AD_HOST -p PORT  -D"CN=Administrator,CN=Users,dc=test,dc=com" -w secret12 -s base  -b '' "objectclass=*" supportedControl | grep 1.2.840.113556.1.4.528

This blog is an addendum  to my earlier entry on the password reset application.
This article specifically addresses the steps involved in configuring
the OpenDS as the user store for the OpenSSO and enabling password
reset that works  in association with OpenDS Password policy. 

This document specifically addresses the workaround for the
opensso issue 4094, yet this document can be used to configure the
Opensso Server against an existing Sun Java System Directory Server
Enterprise Edition. (DSEE)

Out of the box Access Manager Repository Plug-in datastore plugin cannot be created in the OpenSSO server, This is not a bug rather it is intentional to configure it manually depending up on the customer requirement.   Access Manager Repository Plug-in data store may be applicable in the co-existence and/or upgrade scenarios with its predecessors like Sun Java System Access Manager.  For the fresh deployments customers should be using the Identity Repository Datastore Plugins. 

Problem:

• 
  

  
  Create cn=dsameuser entry under the configuration directory server

  
  


• 
  

  
  Update the serverconfig.xml in the configuration store

  
  

later option is recommended to the production customers

People who love programming in the interpretive languages would love the OpenSSO  REST based Identity Services, OpenSSO offers decently powerful REST interfaces to manipulate the idenity information stored in any supported OpenSSO identity store. I strongly encourage to read  Aravindan Ranganathan's  article on Identity Servic

This document is generated based on the  article

OpenSSO support most of the commercially available LDAP servers as
identity store. In this blog entry I am goign to show you how to create
these data store from famadm CLI. IT is easy and less error prone and
repeatable.

The simplest way to configure the OpenSSO system is to use the browser just to fill four test fields, it is that simple. However there are scenarios where you want to script the configuration on multiple machines or when you can not reach out to a browser, let us say all you've got is a dumb terminal access. In these scenarios what you do?

In this article I am going to discuss how to configure the Sun Java System Access Manager Policy agents on to websphere cluster. For this exercise it is assumed the WebSphere Network Deployment Server (WNDS) has one cell with two clusters in it.(CARE and IS ) Each cluster has exactly two Application Server instances belonging to the same profile, hosting one or more applications. The cluster member Application Servers instances are distributed among two physical nodes as depicted in the diagrams below. The WNDS profile is located in one of the nodes. The clusters are already created before installing the agents. This document will not cover the procedures for creating WebSphere clusters or configuring the IBM HTTP Server for load balancing. Additionally no custom SSL key store is used. The Application Server and Access Manager traffic happens over HTTP.

To deploy the policy agents on the WebSphere clusters there is no need to defederate the nodes.

Web Applications protected by the Sun Java System Access Manager Policy Agents version 2.2 can obtain the authenticated identity's attributes as well as the resource specific attributes by the following means

• Set in as HTTP Header values

• Set in the Browser Cookie as name value pairs.

In this part of doc, only the HTTP header option is discussed. The end application protected by the agents can obtain the authenticated identity's attributes as the HTTP header name value pairs in the following three ways:

• Retrieve from authenticated identity's profile

• Retrieve from authenticated identity's Session

• Retrieve from policy resource response providers

Latest version of this article is available here