Sidharth's blog

A free of cost deployment training is now available to the OpenSSO developer community, thanks to David and our friends in Sun Learning Services.  The training comprises five self-paced, downloadable labs that take you through a set of complex real world OpenSSO deployment scenarios.

What's even more interesting is that the lab infrastructure is powered by Solaris and ZFS, which allows the developers to choose and try out particular labs and skip some.  ZFS is an amazing technology. Its snapshot capability quickly changes the way you work on the desktop or server. Add replication via zfs send and zfs recv, and life gets even better. In case of ZFS the replication is just a simple stream. Simply brilliant that is, because it means you can dump a ZFS Snapshot into a single file which acts as an archive that can be restored later at any point in time. The OpenSSO training virtual machine infrastructure leverages these features of this very powerful file system.

If you've been on the look out for  a structured and step by step hands on training, on various aspects of single sign on using OpenSSO, you'll find the training very helpful. More details on the training is available here.

Federated Access Manager(FAM) introduces a workflow centric approach which makes installation, deployment and administrative tasks simpler, quicker, and easier.

The goal has been to make the product really simple to use and configure, for real time production deployments in different areas such as Federation management, Agents Management, Web Services Security etc. and we're making progress. Federated Access Manager / OpenSSO, is a self-contained J2EE application, which can be deployed on J2EE containers.

Here's a screencast of installation on Glassfish(steps are also here).

Tags: OpenSSO, FAM, GlassFish

OpenSSO is a self-contained J2EE application and the installation is a breeze. Here's the detailed steps.

1.  Create a base directory. "/opensso_bits"

2.  Install GlassFish. If you already have GlassFish running, go to step-4.

3.  Create a GlassFish domain - "fam".

To Create new GlassFish domain.  
Create "/tmp/passfile" with following content,
AS_ADMIN_ADMINPASSWORD=adminadmin
AS_ADMIN_MASTERPASSWORD=changeit

Create glassfish domain with the following commandline
./asadmin create-domain --adminuser admin --passwordfile /tmp/passfile --portbase 7000 fam

4.  Start Glassfish instance and make the following changes to the instance on which opensso is being deployed (fam)

cd <GLASSFISH_HOME>/bin
./asadmin start-domain fam

./asadmin delete-jvm-options  --port 7048 --user admin "\\-client"
./asadmin create-jvm-options  --port 7048 --user admin "\\-server"

./asadmin delete-jvm-options  --port 7048 --user admin "\\-Xmx512m"
./asadmin create-jvm-options  --port 7048 --user admin "\\-Xmx1G"

5.  Important (Optional for first time opensso install on a system).

If you already have opensso deployed and configured on the GlassFish instance,

- Undeploy opensso (via GlassFish admin console)
- Delete the configuration directory, as used during the previous configuration. (e.g. rm -rf /opensso)
- Delete the Access Manager directory (Usually in the users home directory). (e.g. rm -rf /AccessManager)

6.  Restart the glassfish instance.

cd <GLASSFISH_HOME>/bin
./asadmin stop-domain fam
./asadmin start-domain fam

7.  Deploy OpenSSO on the Glassfish domain "fam".

- Go to Glassfish admin console. (http://<host>.<domain>:7048)
- Login as admin/adminadmin
- On left nav bar, click on "Web Applications"
- Click on "Deploy".
- Browse and locate opensso.war ( "/opensso_bits/opensso/deployable_war/opensso.war" )
- Under "General"
- Application Name - opensso
- Context Root - opensso

- Click "Ok"

8.  Go to the deoployed opensso instance.

- Under "Custom Configuration", select "Create New Configuration".
- General
- Password - <password for amadmin>
- Confirm Password - <same as above>

Server Settings (Most of the following are populated by the installer and can be left as it is.)

- Server URL - <e.g. http://sid.opensso.com:7080>
- Cookie Domain - <e.g. .opensso.com>
- Platform Locale - <e.g. en_US>
- Configuration Directory </openssoconfig>

Configuration Store - (e.g. Use all Defaults, as populated by installer).

- Data Store Type - <e.g. Embedded (Open DS)>
- Port - <e.g. 50389>
- Encryption Key - <e.g. as populated by installer>
- Root Suffix - <e.g. dc=opensso,dc=java,dc=net>

User Store Settings

- Embedded.

(Note - Embedded User Store is supported in POC / Demo environments only. For Production deployments an external User Store should be used.)

Site Configuration (e.g. Use Defaults, as populated by installer)

- Will this instance be deployed behind a load balancer as part of a site configuration? <No>

Agent Information

- Default Agent [amldapuser]
- Password - <select password, should be different from the password for amadmin>
- Confirm - <same as above>

Click "Next".

Summary

Click "Create Configuration".

9.  You'll see a message "Configuration Complete", "Proceed to Login".

Click on "Proceed to Login"

10.  Login as amadmin with the corresponding password.