Hide Forgot
Affects: Documentation (Ref Guide, User Guide, etc.) Date of First Response: 2008-08-27 00:06:07 project_key: SOA Configuring OpenSSO in SOA-P ----------------------------------------- In this opensso integration, we are using the /AuthContext/ class, which is in the openssoclientsdk.jar, to do the authentication. In order to make the integration work, you will need to do some the configuration. 1. $soa-p/jbossas/server/domain(e.g. default)/conf/login-config.xml <application-policy name="OpenSSOLogin"> <authentication> <login-module code="org.jboss.soa.security.opensso.OpenSSOLoginModule" flag="required"> <module-option name="orgName">opensso</module-option> <module-option name="moduleName">DataStore</module-option> <module-option name="amPropertiesFile">/props/AMConfig.properties</module-option> </login-module> </authentication> </application-policy> You need to have above configuration in the login-config.xml to provide the ability to integrate with opensso. the 'orgName' and the 'moduleName' are the information that you configured in the opensso system. The last property shows that where the AMConfig.properties file located. 2. $soa-p/jbossas/server/domain(e.g. default)/conf/props/AMConfig.properties # Login URL and Authentication web service URL for Liberty use cases com.sun.identity.loginurl=http://localhost:8080/opensso/UI/Login com.sun.identity.liberty.authnsvc.url=http://localhost:8080/opensso/Liberty/authnsvc You need to update these two value to the url where you install your opensso. some other values modification you need to conduct the opensso documentation at: http://opensso.dev.java.net After finishing above two steps, you are able to use the OpenSSOLogin module as a JAAS plugin provider. such as you can use it as an identity provider to secure ESB service like: <service category="OpenSSO" name="SimpleListenerSecured" description="Hello World"> <security moduleName="OpenSSOLogin" runAs="adminRole"/> <listeners> <jms-listener name="JMS-Gateway" busidref="quickstartGwChannel" maxThreads="1" is-gateway="true" /> </listeners> <actions mep="OneWay"> <action name="debug" class="org.jboss.soa.esb.actions.SystemPrintln"> <property name="printfull" value="false"/> <property name="message" value="In Service1"/> </action> </actions> </service> Deploy opensso in JBoss AS 4.x ------------------------------- 1. Download the opensso build 4 zip from the opensso download page (https://opensso.dev.java.net/public/use/index.html). 2. Following the release note (http://download.java.net/general/opensso/stable/openssov1-build4/B4-ReleaseNotes.html) of deploying the opensso.war in the JBossAS4.x. 3. Update 'run.conf" and add '-XX:MaxPermSize=512m' JVM options.The line in run.conf should looks something like this: JAVA_OPTS="-Xms128m -Xmx512m -XX:MaxPermSize=512m -Dsun.rmi.dgc.client.gcInterval=3600000" 4. Then start the $JBoss/bin/run.sh, you should be able to access its admin page in http://yourdomain:8080/opensso. (OpenSSO doesn't work well with the localhost, so you should specify a full qualified domain for it) 5. And then you can have a default configuration from http://yourdomain:8080/opensso link. 6. After you have the default configuration, you should be able to login the system by using: amAdmin, amLdapuser and with the password that you set before. This is been validated against JBoss AS 4.2.2.GA. More information about opensso, please visit its website at: http://opensso.dev.java.net.
Not sure if you have received my update one, but I am commenting it for your information. ======================= Configuring OpenSSO in SOA-P ------------------------------ In this opensso integration, we are using the AuthContext class, which is in the openssoclientsdk.jar, to do the authentication. In order to make the integration work, you will need to do some the configuration. 1. $soa-p/jbossas/server/domain(e.g. default)/conf/login-config.xml <application-policy name="OpenSSOLogin"> <authentication> <login-module code="org.jboss.soa.security.opensso.OpenSSOLoginModule" flag="required"> <module-option name="orgName">opensso</module-option> <module-option name="moduleName">DataStore</module-option> <module-option name="amPropertiesFile">/props/AMConfig.properties</module-option> </login-module> </authentication> </application-policy> You need to have above configuration in the login-config.xml to provide the ability to integrate with opensso. the 'orgName' and the 'moduleName' are the information that you configured in the opensso system. The last property shows that where the AMConfig.properties file located. 2. $soa-p/jbossas/server/domain(e.g. default)/conf/props/AMConfig.properties By default, we configured it to 'localhost', '8080' port and the 'opensso' context path. If you want to change it to your own configuration, or adopt an existed deployed opensso, it is suggested that you use the 'scripts/setup.sh' (setup.bat for windows case) to do the configuration. The bin is located in $opensso.zip/samples/fam-client/sdk/scripts/setup.sh. Once you run it, you will simply have a screen as following: Debug directory (make sure this directory exists): /var/local/tmp Password of the server application: opensso1 Protocol of the server: http Host name of the server: putian.nay.redhat.com Port of the server: 8080 Server's deployment URI: opensso Naming URL (hit enter to accept default value, http://putian.nay.redhat.com:8080/opensso/namingservice): And then copy the 'AMConfig.properties' from $opensso.zip/samples/fam-client/sdk/resources/AMConfig.properties. For other information about opensso configuration, please conduct the opensso documentation at: http://opensso.dev.java.net. After finishing above two steps, you are able to use the OpenSSOLogin module as a JAAS plugin provider. such as you can use it as an identity provider to secure ESB service like: <service category="OpenSSO" name="SimpleListenerSecured" description="Hello World"> <security moduleName="OpenSSOLogin" runAs="adminRole"/> <listeners> <jms-listener name="JMS-Gateway" busidref="quickstartGwChannel" maxThreads="1" is-gateway="true" /> </listeners> <actions mep="OneWay"> <action name="debug" class="org.jboss.soa.esb.actions.SystemPrintln"> <property name="printfull" value="false"/> <property name="message" value="In Service1"/> </action> </actions> </service> Deploy opensso in JBoss AS 4.x ------------------------------- 1. Download the opensso build 4 zip from the opensso download page (https://opensso.dev.java.net/public/use/index.html). 2. Following the release note (http://download.java.net/general/opensso/stable/openssov1-build4/B4-ReleaseNotes.html) of deploying the opensso.war in the JBossAS4.x. 3. Update 'run.conf" and add '-XX:MaxPermSize=512m' JVM options.The line in run.conf should looks something like this: JAVA_OPTS="-Xms128m -Xmx512m -XX:MaxPermSize=512m -Dsun.rmi.dgc.client.gcInterval=3600000" 4. Then start the $JBoss/bin/run.sh, you should be able to access its admin page in http://yourdomain:8080/opensso. (OpenSSO doesn't work well with the localhost, so you should specify a full qualified domain for it) 5. And then you can have a default configuration from http://yourdomain:8080/opensso link. 6. After you have the default configuration, you should be able to login the system by using: amAdmin, amLdapuser and with the password that you set before. This is been validated against JBoss AS 4.2.2.GA. More information about opensso, please visit its website at: http://opensso.dev.java.net.
It has been updated again through email on 09/03/2008. By asking users to deploy opensso into Tomcat.
This content has been added to the Administration Guide as a new section at the end of Chapter1 - Configuration Configuring OpenSSO in SOA-P ------------------------------ In this opensso integration, we are using the AuthContext class, which is in the openssoclientsdk.jar, to do the authentication. In order to make the integration work, you will need to do some the configuration. 1. $soa-p/jbossas/server/domain(e.g. default)/conf/login-config.xml <application-policy name="OpenSSOLogin"> <authentication> <login-module code="org.jboss.soa.security.opensso.OpenSSOLoginModule" flag="required"> <module-option name="orgName">opensso</module-option> <module-option name="moduleName">DataStore</module-option> <module-option name="amPropertiesFile">/props/AMConfig.properties</module-option> </login-module> </authentication> </application-policy> You need to have above configuration in the login-config.xml to provide the ability to integrate with opensso. the 'orgName' and the 'moduleName' are the information that you configured in the opensso system. The last property shows that where the AMConfig.properties file located. 2. $soa-p/jbossas/server/domain(e.g. default)/conf/props/AMConfig.properties By default, we configured it to 'localhost', '8080' port and the 'opensso' context path. If you want to change it to your own configuration, or adopt an existed deployed opensso, it is suggested that you use the 'scripts/setup.sh' (setup.bat for windows case) to do the configuration. The bin is located in $opensso.zip/samples/fam-client/sdk/scripts/setup.sh. Once you run it, you will simply have a screen as following: Debug directory (make sure this directory exists): /var/local/tmp Password of the server application: opensso1 Protocol of the server: http Host name of the server: putian.nay.redhat.com Port of the server: 8080 Server's deployment URI: opensso Naming URL (hit enter to accept default value, http://putian.nay.redhat.com:8080/opensso/namingservice): And then copy the 'AMConfig.properties' from $opensso.zip/samples/fam-client/sdk/resources/AMConfig.properties. For other information about opensso configuration, please conduct the opensso documentation at: http://opensso.dev.java.net. After finishing above two steps, you are able to use the OpenSSOLogin module as a JAAS plugin provider. such as you can use it as an identity provider to secure ESB service like: <service category="OpenSSO" name="SimpleListenerSecured" description="Hello World"> <security moduleName="OpenSSOLogin" runAs="adminRole"/> <listeners> <jms-listener name="JMS-Gateway" busidref="quickstartGwChannel" maxThreads="1" is-gateway="true" /> </listeners> <actions mep="OneWay"> <action name="debug" class="org.jboss.soa.esb.actions.SystemPrintln"> <property name="printfull" value="false"/> <property name="message" value="In Service1"/> </action> </actions> </service> Install and configure OpenSSO in Tomcat: --------------------------------------- Install and configure OpenSSO: 1. Download the Tomcat 6.0.14 from apache site. http://archive.apache.org/dist/tomcat/tomcat-6/v6.0.14/bin/apache-tomcat-6.0.14.tar.gz 2. Unzip it to a diectory. (such as /opt/tomcat6.0.14) 3. Open up /opt/tomcat6.0.14/bin/catalina.sh (catalina.bat for windows) Add max size to the JAVA_OPTS. Before Editing: JAVA_OPTS="$JAVA_OPTS "-Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager" After Editing: JAVA_OPTS="$JAVA_OPTS "-Xmx1G" "-Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager" 4. Download the opensso.zip build4.5 from opensso site: https://opensso.dev.java.net/public/use/index.html 5. Unextract the opensso.zip and copy the opensso.war from $opensso/deployable-war to /opt/tomcat6.0.14/webapps/ 6. If you want to deploy the soa-p and tomcat in the same machine, for simplicity, you can update tomcat port in $tomcat/server.xml as below: <Connector port="8090" protocol="HTTP/1.1".... <Connector port="8099" protocol="AJP/1.3" redirectPort="8443" /> 7. Start the tomcat by running /opt/tomcat6.0.14/bin/startup.sh (startup.bat for windows) 8. Open http://tomcatHost.example.com:8090/opensso in a browser. 9. Click on "Create Default Configuration". 10. Enter 'adminpass' for the "Default User[amAdmin]" and 'ldappass'for "Default Agent [amldapuser]" 11. Click on "Create Configuration". This is cause OpenSSO to configure itself 12. Visit http://tomcatHost.example.com:8090/opensso again. Log in using the proper credentials. User Name is amAdmin and Password is the password you chose to go with amAdmin. * Details of opensso on Tomcat, you can refer to this blog entry: http://blogs.sun.com/JohnD/entry/how_to_install_tomcat_6 More information about opensso, please visit its website at: http://opensso.dev.java.net.
Link: Added: This issue is a dependency of JBQA-1826
Verified in GA