Interoperatability: openSSO and AccessManager 7.0

Dear all,
currently we run AccessManager 7.0 due to some legacy apps we run so we
can not update to OpenSSO, but we want to use some features provided by
openSSO. Additionally we have to change our default domain regarding openSSO.
Is there somewhere a howto about this issue ?
Currently we tried this:
- installed openSSO with SAME user-store but DIFFERENT config-store
- installed openSSO in same contexct as AM7.0 (i.e. /amserver)
- installed openSSO with SAME encryption key as AM7.0 was installed
- configured openSSO after installation to use: com.iplanet.security.encryptor=com.iplanet.services.util.JCEEncryption
- added all my AM7.0 servers at "Servers and Sites" within OpenSSO
- added my openSSO server at AM7.0 configuration
When I log in at AM7.0 I would expect that I could login at openSSO without providing again my credentials. But this does not work. Even when I use 2 applications. App1 is configured to use AM7.0 and App2 is configured to use openSSO. I have to authenticate myself at each application.
Many thanks for any hints
Kind regards
Joerg

shivarambhat wrote:
Have you looked at the OpenSSO upgrade guide? It has different options to upgrade to OpenSSO by retaining AM 7.1 data with some changes.
http://docs.sun.com/app/docs/doc/820-5019/6ngeodr62?a=view
I've read about upgrading, but due to I am running AM 7.0 the situation seems to be a little more complex. So is no coexisting feature
available for AM7.0 and openSSO, etc.
In the scenarios you tried, are AM 7.1 and OpenSSO independent instances? Meaning have their own config store? If so, it will ask you to authenticate again. If you set them to trust each other (by configuring in platform service) or make them as part of single site(in this case, config data store can't be different), it should not ask you to authenticate again.As written in my original post, I am running AM7.0 and OpenSSO with DIFFERENT config stores and SAME user-store and
I've configured all instances regarding platform service and site configuration..
any other ideas ?
thanks in advance
joerg

Similar Messages

  • How to start the ServiceRegistery and AccessManager

    I have downloaded the Java Identity Management Suite.(java_es-5-identsuite-ga-windows-x86.zip) I used a Configure Now installation on my WindowsXP. Everything went fine and after installation I was able to go to
    http://localhost:6480/soar/index.jsp
    and
    http://localhost:8080/amserver/UI/Login
    when going to AccessManager Console what is the login username/password as I am unable to log-in
    Then I restarted the box but after that I am not able to go to these pages it says page not found
    I tried the following but gives errors. How do I start ServiceRegistery and AccessManager
    C:\Sun\JavaES5\identity\bin>amserver stop
    System error 1060 has occurred.
    The specified service does not exist as an installed service.
    C:\Sun\JavaES5\identity\bin>amserver start
    The service name is invalid.
    More help is available by typing NET HELPMSG 2185.
    The service name is invalid.
    More help is available by typing NET HELPMSG 2185.Any help is appreciated.
    Thanks

    KM will install with portal itself
    after logging into portal goto -- content admin -- km content
    and for collobration follow below steps to activate
    Content Administration ® Portal Content ®  Portal Users ® Standard Portal Users ® Default Framework Page
    Double-click Default Framework Page.
    Select the Tool Area iView checkbox.
    Choose Open. The Property Editor page displays.
    Choose Show All in the Property Category drop list menu.
    Choose Enable Collaboration Lauch Pad properties. 
    Select Yes radio button.
    Choose Save
    Choose Close.
    Choose F5 to refresh your portal screen.
    now u can see collabaration link in tool area.
    Regards
    Krishna.

  • Issue with using openAM/openSSO and wrong FQDN on server

    Hi,
    Does anyone made a configuration with SSO and OpenAM.
    I did some configuration according to document : oam90-cucm8586-cuc86-sso.pdf
    A COMPLETE GUIDE FOR
    THE INSTALLATION, CONFIGURATION, AND INTEGRATION OF
    OPEN ACCESS MANAGER 9.0 WITH
    CISCO UNIFIED COMMUNICATIONS MANAGER 8.5/8.6,
    CISCO UNITY CONNECTION 8.6, AND ACTIVE
    DIRECTORY FOR SINGLE SIGN-ON
    But it looks like we have choosen the wrong server name when installing/configuring the openSSO software.
    The server redirects to the server name instead of the FQDN.
    This will cause an error when using 'utils sso enable', because the certificate is incorrect.
    Error: Open Access Manager (OpenAM) not configured based on FQDN
    I can find it on several places in the configuration, but don't know where to change.
    We also removed the software (Java, Tomcat and openAM) but the configuration is still present.
    We are using a windows server.
    In documentation it says you have to remove the .openssocfg file somewhere but we can't find it.
    any hints or help is much appreciated.
    kind regards,
    Jos de Bruin

    I had this problem and fixed it. We were absolutely positive that the FQDN configuration on the OpenAM server was correct. Certainly verify that first on your server, but it's not the ONLY thing that throws this error.
    Looking at the OpenAM debug logs set at the Message level in the Authentication file, I was able to see numerous failed authentication attempts for the "demo" user when I tried to enable SSO.
    We had earlier removed the demo user because it shouldn't be really needed for any production OpenAM deployments.
    We were wrong.
    I added the demo user back to the OpenDJ embedded database "Access Control > Top Level Realm > Subjects" and then I was able to enable SSO on my CUCM server.
    The UserID is "demo" the password is "changeit" and all fields are mandatory, even thought First Name doesn't always have the * that indicates it is mandatory.
    Hopefully there will be either a documentation defect or a code defect coming out of this recent discovery.

  • Co-existance mode with OpenSSO and Federation

    This is just a general question. I have just upgraded to express build 8 of OpenSSO from my existing 7.1 legacy mode Access Manager. I am staying in legacy mode because of my Communications Express mail client and am waiting until I upgrade to convergence before I make the full switch to OpenSSO realm mode.
    The question is: do I lose anything in the federation models in my co-existing world? Does all the SAML 2.0 and the new shibbleth stuff work in co-existance mode or do I need to de-couple my Communications Express?
    thanks
    steve

    Steve (guest) wrote:
    : Good luck fixing this one!!!!!!
    : I did the samething and had things so hosed up I had to reload
    : all software. The only way I could establish a second oracle
    home
    : was to load the oracle database product in two homes (I was
    using
    : 8.0.4 enterprise edition on NT platform). Once the second home
    : was established developer could be installed in either home.
    : There might be an easier way (hopefully there is) but this was
    my
    : solution. The problem that I have seen documented in various
    : postings to this page is that developer is not multiple home
    : complient. As final note the developer versions that I was
    : dealing with was 2.1 and 6.0 beta. This was a real learning
    : experience.
    : Radhakrishnan Veetil (guest) wrote:
    : : I have Personal Oracle7 & Developer/2000 Ver.2.1 installed in
    : my
    : : PC (under C:\ORAWIN95 as Oracle Home directory) and was
    workig
    : : fine. When I installed Developer/2000 -Ver 1.5 in a new
    Oracle
    : : Home C:\ORAWIN, both PO7 and Dev/2000 Ver 2.1 are not
    working.
    : : When I was installing Dev/2000- Ver 1.5, I noticed the
    message
    : : saying that Icons already existing are deleting....
    : : When I started PO7, it is not starting. When I started Forms
    : : 5.0, it comes with error C:\ORAWIN\dbs\fmcus.msb not found .
    I
    : : found these .msb files are in FOMS45 and FOMS50 directory and
    : : not under DBS directory. Do I have to edit the Window
    registery
    : : to switch between the two oralce home to use the old
    : : installations (Dev/200 Ver 2.1 & PO7)?
    : : Is there any quick solution to change the oracle home and use
    : : Dev/2000 ver 1.5 & 2.1 at a fly?
    Only Oracle 8 supports multiple homes.
    I would ask why did you put the Developer 1.5 and 2.1 under
    different Oracle Homes. They should co-exist just fine under the
    same home. I have Developer 1.3.2, 2.1, and 6 all installed
    under the same Oracle Home with no co-existence problems.
    null

  • App running on weblogic and opensso,agent running on glassfish

    I am running glassfish v2.1 application server where OpenSSO and Policy Agent apps running on two different domains.
    My app which needs to use federation services is running on weblogic 8 application server.
    After installing opensso and agent softwares, when I was setting up the mini-agentapp app for testing purpose, it says the app which needs to protected by policy agent needs to be under same domain as the agent is installed.
    How does work or does it even work the app being in different server(weblogic) than the Policy agent server (glassfish).
    Please advise?

    You need to install an agent on weblogic as well.

  • Help required integration opensso with OAM

    Help required integration openssowith OAM
    Edited by: user13111258 on Mar 24, 2011 5:58 AM

    You will need quite a lot of help so you might consider hiring someone who knows both OpenSSO and OAM. Anyway, which version of OAM are we talking about here as this is very important to know, as well as what types of agents that are involved and whether this is a single domain or cross domain solution.

  • SAMLPOSTProfileServlet failing to initialize and execute

    Doing some testing with SAML v1.1 against a Juniper SA SSL VPN. I got it working to a point where, after the IDP login, the SAML assertion is created, and redirects back to the SA.
    I had to restart the OpenSSo service because a change a the SAML 1.1 config wasn’t refreshing. After that, the SAMLPOSTProfileServlet fails, which worked before the restart. I restarted the service again and rebooted the server, but same issue.
    No changes were made to the service config, no updates installed, only working with the SAML 1.1 config under Federation. No changes to Glassfish, etc.
    Any ideas? Any help would be appreciated.
    Thanks,
    Chris
    Browser Error:
    HTTP Status 500 -
    type Exception report
    message
    descriptionThe server encountered an internal error () that prevented it from
    fulfilling this request.
    exception
    javax.servlet.ServletException: AMSetupFilter.doFilter
    root cause
    javax.servlet.ServletException: PWC1244: Servlet execution threw an
    exception
    root cause
    java.lang.NoClassDefFoundError
    note The full stack traces of the exception and its root causes are available in
    the Sun GlassFish Enterprise Server v2.1.1 logs.
    Sun GlassFish Enterprise Server v2.1.1
    Glassfish server.log entry: (/opt/glassfish/domains/domain1/logs)
    [#|2010-06-24T14:24:40.786-0700|WARNING|sun-appserver2.1|javax.enterprise.system.stream.err|_ThreadID=14;_ThreadName=httpSSLWorkerThread-443-0;_RequestID=ca4ed648-298b-4050-a90d-009f5783cb0d;|javax.servlet.ServletException: PWC1244: Servlet execution threw an exception
    at org.apache.catalina.core.ApplicationFilterChain.servletService(ApplicationFilterChain.java:450)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:333)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:214)
    at com.sun.identity.setup.AMSetupFilter.doFilter(AMSetupFilter.java:91)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:246)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:214)
    at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:313)
    at org.apache.catalina.core.StandardContextValve.invokeInternal(StandardContextValve.java:287)
    at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:218)
    at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:648)
    at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:593)
    at com.sun.enterprise.web.WebPipeline.invoke(WebPipeline.java:94)
    at com.sun.enterprise.web.PESessionLockingStandardPipeline.invoke(PESessionLockingStandardPipeline.java:98)
    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:222)
    at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:648)
    at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:593)
    at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:587)
    at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:1093)
    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:166)
    at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:648)
    at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:593)
    at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:587)
    at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:1093)
    at org.apache.coyote.tomcat5.CoyoteAdapter.service(CoyoteAdapter.java:291)
    at com.sun.enterprise.web.connector.grizzly.DefaultProcessorTask.invokeAdapter(DefaultProcessorTask.java:666)
    at com.sun.enterprise.web.connector.grizzly.DefaultProcessorTask.doProcess(DefaultProcessorTask.java:597)
    at com.sun.enterprise.web.connector.grizzly.DefaultProcessorTask.process(DefaultProcessorTask.java:872)
    at com.sun.enterprise.web.connector.grizzly.DefaultReadTask.executeProcessorTask(DefaultReadTask.java:341)
    at com.sun.enterprise.web.connector.grizzly.ssl.SSLReadTask.process(SSLReadTask.java:444)
    at com.sun.enterprise.web.connector.grizzly.ssl.SSLReadTask.doTask(SSLReadTask.java:230)
    at com.sun.enterprise.web.connector.grizzly.TaskBase.run(TaskBase.java:264)
    at com.sun.enterprise.web.connector.grizzly.ssl.SSLWorkerThread.run(SSLWorkerThread.java:106)
    Caused by: java.lang.ExceptionInInitializerError
    at com.sun.identity.saml.servlet.SAMLPOSTProfileServlet.doGet(SAMLPOSTProfileServlet.java:95)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:734)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:847)
    at org.apache.catalina.core.ApplicationFilterChain.servletService(ApplicationFilterChain.java:427)
    ... 31 more
    Caused by: java.lang.NullPointerException
    at com.sun.identity.saml.common.SAMLServiceManager.getAttribute(SAMLServiceManager.java:1291)
    at com.sun.identity.saml.common.SAMLUtils.<clinit>(SAMLUtils.java:145)
    ... 35 more
    [#|2010-06-24T14:24:40.801-0700|SEVERE|sun-appserver2.1|javax.enterprise.system.container.web|_ThreadID=14;_ThreadName=httpSSLWorkerThread-443-0;_RequestID=ca4ed648-298b-4050-a90d-009f5783cb0d;|StandardWrapperValve[SAMLPOSTProfileServlet]: PWC1406: Servlet.service() for servlet SAMLPOSTProfileServlet threw exception
    java.lang.ExceptionInInitializerError
    at com.sun.identity.saml.servlet.SAMLPOSTProfileServlet.doGet(SAMLPOSTProfileServlet.java:95)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:734)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:847)
    at org.apache.catalina.core.ApplicationFilterChain.servletService(ApplicationFilterChain.java:427)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:333)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:214)
    at com.sun.identity.setup.AMSetupFilter.doFilter(AMSetupFilter.java:91)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:246)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:214)
    at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:313)
    at org.apache.catalina.core.StandardContextValve.invokeInternal(StandardContextValve.java:287)
    at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:218)
    at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:648)
    at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:593)
    at com.sun.enterprise.web.WebPipeline.invoke(WebPipeline.java:94)

    If you enable the Debug mode on in OpenSSO and look at the /debug/Federation log file you will see the reason for this error.
    For me the issue was due to NumberFormatException. One value for one of the Service Provider was set not sure from where as string instead of number. I deleted the service provider configuration and restarted the server and all is working fine....

  • Certificate based Authentication failing on OpenSSO

    Hi,
    I have installed openSSO Server 8.0 on a glassfish server and a Apache Http Server OpenSSO Policy Agent on 2 seperate machine in the same domain
    I have configured the OpenSSO Server listener for SSL and Client Authentication
    I have also created a policy to a restricted resource such that the re-direction from the SP (OpenSSO Policy Agent) happens to the SSL Configured listener
    The resource to be protected on the SP is
    http://<SP-Hostname>:Port/resource.html
    When i access the above URL, it redirects me to https://<OpenSSO-ServerHost>:8181/opensso/UI/Login which pops up the Choose a client Certificate window. On Selecting the certificate, the Authentication happens and the redirection URL looks like the below:
    http://<SP-Hostname>:Port/resource.html?CookieName=<EncodedCookie>
    This results in an error and the SP logs indicate that there is no policy defines for resource
    http://<SP-Hostname>:Port/resource.html?CookieName=<EncodedCookie>
    I am sure that the Authentication passes because, the certificate authenticates the user when the server is access directly i.e. on accessing
    https://<OpenSSO-ServerHost>:8181/opensso
    and selecting the cert, the User Page is displayed
    Also if the page is username/password protected, then the re-direction URL does not contain the Cookie
    Can someone tell me why the Cookie is part of the URL and if there is way to see homogenous behaviour irrespective of the Authentication Module being used
    Any help will be highly appreciated

    Hello,
    As per your query i can suggest you the following solution-
    EAP-FAST with certificates on both the client and the server side. For this, the setup uses Microsoft Certificate Authority (CA) server to generate the client and server certificates.
    The user credentials are stored in the LDAP server so that on successful certificate validation, the controller queries the LDAP server in order to retrieve the user credentials and authenticates the wireless client.
    This document assumes that these configurations are already in place:
    A LAP is registered to the WLC. Refer to Lightweight AP (LAP) Registration to a Wireless LAN Controller (WLC) for more information on the registration process.
    A DHCP server is configured to assign an IP address to the wireless clients.
    Microsoft Windows 2003 server is configured as domain controller as well as CA server. This example uses wireless.com as the domain.
    Refer to Configuring Windows 2003 as a Domain Controller for more information on configuring a Windows 2003 server as a domain controller.
    Refer to Install and Configure the Microsoft Windows 2003 Server as a Certificate Authority (CA) Server in order to configure Windows 2003 server as Enterprise CA serve
    For more information please refer to the link-
    http://www.cisco.com/en/US/products/ps6366/products_configuration_example09186a008093f1b9.shtml
    Hope this will help you.

  • OpenSSO 8.0 sharepoint 2007 integration problem

    Hi,
    when i typed the sharepoint url its redirecting to opensso and when login in opensso the http 401 internal server page error giving and in agent log file invalid session and http 401 internal server giving.
    please kinldy give any one solution for me in successful of this integration.
    thank u.
    Ramesh

    I got rid of the deployment error message by including the necessary jar in WEB-INF/lib (which was missing in the original sample).
    I can now run the sample, but I don't think it is working correctly. The SOAP messages are exchanged, but without any SOAP security headers. In other words, both the wsc and the StockAgent OpenSSO profiles are set to generate SAML2-SenderVouches, but none is generated.
    The only security provider that seems to get engaged is FAMHttpProvider (because I get a login prompt if I select "User Authentication Required" in the StockService agent profile referenced by FAMHttpProvider).
    If I activate the SOAP providers XWS-Client and XWS-Server, the bodies get signed with X509 certificates, which is not what I specified in the OpenSSO profiles. The OpenSSO profiles seem to have no role in the SOAP security headers being generated.
    Any suggestion of what might be missing?
    Thank you,
    Ugo

  • OpenSSO-Sun IDM integration

    Hi All,
    I have implemented the OpenSSO-Sun IDM integration based on the "OpenSSO Integration Guide.pdf". Now, if the users are created in Sun-IDM are provisioned to OpenSSO. Can anyone suggest me, can the users created in OpenSSO be provisioned to Sun IDM?
    Also, is there any way to have a password sync between OpenSSO and Sun IDM users? That is, if the user's password is changed in OpenSSO can it also be changed in Sun-IDM?
    Best Wishes,
    Aruna

    Hi Frank,
    Thanks for the response,
    1. This is user/pw from the AC system you need to send with the web service call from SUN to AC
    So, we create and provide user credentials to IDM team and they need to incorporate the user credentials when ever they are calling the web services in AC5.3 ?
    For this initial communication happening, what need to be done. Setting up SAP Jco is required in this case? Do we get involved with the configuration/development activity at IDM end?
    I could not find proper documentation on this, this leaves me in what amount of involvement I have to do as a SAP GRC AC5.3 consultant.
    Regards......

  • OpenSSO Agent Installation

    Hi
    I ` ve been working, with OpenSSO v1 build 2, on a GlassFish server. On a Centos 5.
    I deployed this build of opensso several times whitout a problem. Then I try to use Agents of opensso.
    I realize that its not possible from the opensso GUI (I read that on a opensso forum).
    As far as I know, these two links are the most complete install process for opensso agents.
    (1) http://blogs.sun.com/indira/entry/building_and_installing_opensso_j2ee
    This one its old (2006) but it has a good idea.
    (2) http://wikis.sun.com/display/OpenSSO/getstarted
    Got a all the instalation process. Especialy this link to opensso agent configuration
    (3) http://wikis.sun.com/display/OpenSSO/b2agentinstallinstruction
    Please take a look of the (3) link.
    I follow the instructions on link (3).
    The agent-install process has no problem, either the changes to the AMAgentConfiguration.properties file.
    Then I tried to do it from the command line with famAdminTools, and the command �famadm create-agent�, but first must be configured with the �setup� script, that ask for the config path (specialy for AMConfig.properties file) , and there comes the problem, if I use the glassfis/domains/domain1/config/ the script �setup� never ends, and if I use the glassfis/domains/domain1/applications/j2ee-modules/opensso/WEB-INF/classes/ the setup script ends, and this is the output.
    ./setup -p ~/openesb/glassfish-v2/domains/domain2/applications/j2ee-modules/opensso/WEB-INF/classes/The scripts are properly setup under directory: /home/carlgira/lib/opensso/tools/@SERVER_URI@
    The version of this tools.zip is: 8.0
    The version of your server instance is: null
    The version of your server instance is: null. ---> This value should not be null.
    @SERVER_URI@ ----> This should be a real value.
    I realize that the AMConfig.properties file of opensso config directory its very small and have references to variables defined somewere else. @SERVER_URI@ its a reference to some variable.
    On the previus version of opensso this file was more complete. I think a read somewere that this file was going to desapear but not sure.
    Even with this rare output the setup script configurate de �famadm� script. This one had errors too.
    The first one:
    Exception in thread "main" java.lang.NullPointerException
    at com.sun.identity.tools.bundles.VersionCheck.isValid(VersionCheck.java:56)
    at com.sun.identity.tools.bundles.Main.main(Main.java:46)
    I changed the famadm script. I change the classpath, and put a flag that does not make a VersionCheck.
    The second error:
    Can't find bundle for base name com.sun.identity.tools.bundles.amadmtoolssetup, locale es_ES
    At this moment i was trying to do anything to get work this thing. I download the CVS version of opensso, I compiled this version, generate a jar where it was this �es_ES locale� resource. Somehow the famadm script end.
    But it does not work.
    I tried in diferentes ways.
    Like said before I download the CVS version, it took me a while trying to compile all the code, from the agents and tools, because the dependencys. (dont work for me the instalation guide). This job its recomended in the (1) link, to get all the, jars, wars, and tools from the same sources.
    I did the same process of agent instalation, does not work either.
    I tried again with a �Periodic OpenSSO and Client� and it seems that its going to be possible to do some agent configuration, from the OpenSSO GUI.
    But i cant either. Every time it tries to configurate the opensso, i get �fail status�. Some times was a Ldap Conection error, other times the key of saving data was repeated, and when it realy seems to work......... �fail status� again dont know why.
    I get some ideas to get througt all this.
    I going to try the ubuntu GlassFish Server. The ubuntu guys bet for the GlassFish server, so maybe its working better that in Centos.
    Wait until the next OpenSSO stable release.
    If someone has some idea, comments, or just experience with this I realy apreciate the help.
    Thanks.
    (sorry by my English)

    Hi
    I ` ve been working, with OpenSSO v1 build 2, on a GlassFish server. On a Centos 5.
    I deployed this build of opensso several times whitout a problem. Then I try to use Agents of opensso.
    I realize that its not possible from the opensso GUI (I read that on a opensso forum).
    As far as I know, these two links are the most complete install process for opensso agents.
    (1) http://blogs.sun.com/indira/entry/building_and_installing_opensso_j2ee
    This one its old (2006) but it has a good idea.
    (2) http://wikis.sun.com/display/OpenSSO/getstarted
    Got a all the instalation process. Especialy this link to opensso agent configuration
    (3) http://wikis.sun.com/display/OpenSSO/b2agentinstallinstruction
    Please take a look of the (3) link.
    I follow the instructions on link (3).
    The agent-install process has no problem, either the changes to the AMAgentConfiguration.properties file.
    Then I tried to do it from the command line with famAdminTools, and the command �famadm create-agent�, but first must be configured with the �setup� script, that ask for the config path (specialy for AMConfig.properties file) , and there comes the problem, if I use the glassfis/domains/domain1/config/ the script �setup� never ends, and if I use the glassfis/domains/domain1/applications/j2ee-modules/opensso/WEB-INF/classes/ the setup script ends, and this is the output.
    ./setup -p ~/openesb/glassfish-v2/domains/domain2/applications/j2ee-modules/opensso/WEB-INF/classes/The scripts are properly setup under directory: /home/carlgira/lib/opensso/tools/@SERVER_URI@
    The version of this tools.zip is: 8.0
    The version of your server instance is: null
    The version of your server instance is: null. ---> This value should not be null.
    @SERVER_URI@ ----> This should be a real value.
    I realize that the AMConfig.properties file of opensso config directory its very small and have references to variables defined somewere else. @SERVER_URI@ its a reference to some variable.
    On the previus version of opensso this file was more complete. I think a read somewere that this file was going to desapear but not sure.
    Even with this rare output the setup script configurate de �famadm� script. This one had errors too.
    The first one:
    Exception in thread "main" java.lang.NullPointerException
    at com.sun.identity.tools.bundles.VersionCheck.isValid(VersionCheck.java:56)
    at com.sun.identity.tools.bundles.Main.main(Main.java:46)
    I changed the famadm script. I change the classpath, and put a flag that does not make a VersionCheck.
    The second error:
    Can't find bundle for base name com.sun.identity.tools.bundles.amadmtoolssetup, locale es_ES
    At this moment i was trying to do anything to get work this thing. I download the CVS version of opensso, I compiled this version, generate a jar where it was this �es_ES locale� resource. Somehow the famadm script end.
    But it does not work.
    I tried in diferentes ways.
    Like said before I download the CVS version, it took me a while trying to compile all the code, from the agents and tools, because the dependencys. (dont work for me the instalation guide). This job its recomended in the (1) link, to get all the, jars, wars, and tools from the same sources.
    I did the same process of agent instalation, does not work either.
    I tried again with a �Periodic OpenSSO and Client� and it seems that its going to be possible to do some agent configuration, from the OpenSSO GUI.
    But i cant either. Every time it tries to configurate the opensso, i get �fail status�. Some times was a Ldap Conection error, other times the key of saving data was repeated, and when it realy seems to work......... �fail status� again dont know why.
    I get some ideas to get througt all this.
    I going to try the ubuntu GlassFish Server. The ubuntu guys bet for the GlassFish server, so maybe its working better that in Centos.
    Wait until the next OpenSSO stable release.
    If someone has some idea, comments, or just experience with this I realy apreciate the help.
    Thanks.
    (sorry by my English)

  • Every time I restart the opensso have to set up all over again!!

    every time I restart the opensso have to set up all over again,
    I haved the download Opensso and every time that i shutdown the server, i have to set up ALL again...
    where can I find the Docs how to set up It correctly????
    Thanks in advanced!!!!

    Hi,
    Have you deployed on JBoss? If so, ensure you've done an exploded deployment - see JBoss section of the release notes at http://download.java.net/general/opensso/stable/openssov1-build4/B4-ReleaseNotes.html
    Deploying the WAR directly onto JBoss expands it into a temporary directory and it loses its configuration when the server is shutdown.
    Cheers,
    Pat

  • OpenSSO configuration issue

    Greetings!
    I am new to OpenSSO and trying to configure OpenSSO on my local machine. Here is what I have done so far
    - Installed Sun Directory Server on my local machine which is listening on port 389
    - Two instance of JBoss running on local machine listening at ports 9090, 9091
    - Downloaded opensso.war from Sun website and deployed in JBoss instance that is listening at 9091
    After deploying, I went about running the UI configuration and configured OpenSSO. I configured OpenSSO to use the directory server to store all my information. After configuration I was able to login to OpenSSO and was able to move around.
    Issue is when I restart my JBoss instance, OpenSSO is loosing its configuration details and prompting me to configure OpenSSO once again. But the values created in LDAP are still intact.
    Can somone help me with where am i going wrong
    - Kasi

    I also faced the same problem when deploying in JBOSS. But i have used tomcat 5.x for deploying opensso.war. Now,it is working fine even i have stoped sever,data is not losed,

  • OpenSSO Logon issue

    Greetings!
    I configured OpenSSO and along with Sun IDM. Sun IDM was providing authentication. I dont know which property I changed, after that no one is able to logon to any of the application. I am not even able to logon to OpenSSO console to fix this issue.
    I went about removing OpenSSO from my machine and tried it all over again, but the behavior did not change. The behavior is, when I key in correct user id and password it goes through the authentication processes and land back on logon screen. If bad user id or password is provided, then it is throwing a error.
    I am totally stuck and not able to move at all. Need expert help.
    Thanx in advance
    - Kasi

    I also faced the same problem when deploying in JBOSS. But i have used tomcat 5.x for deploying opensso.war. Now,it is working fine even i have stoped sever,data is not losed,

  • OpenSSO is live

    After a long year of hard work on the part of a ton of people, we are finally live with OpenSSO and ready to accept contributions from the external community. Please go an sign up - tell your friends.
    https://opensso.dev.java.net/servlets/NewsItemView?newsItemID=4039
    Welcome to the official launch of the OpenSSO project and community site. OpenSSO is an open source access management software distribution that provides the means to build authentication, authorization, and session management for Java and web applications and web services. OpenSSO is the result of a close collaboration between a community of developers and Sun engineers working to promote the evaluation, use, and innovation of identity and access management technology. And, since Sun will be basing the Sun Java System Access Manager product on OpenSSO, eventually everything that is committed to the OpenSSO source will end up running in real, production deployments.
    So what happened today? In simple terms, we are finally turning on full read and write access to the source code. What does that mean for you, the developer?
    Through the OpenSSO project site, we invite you to participate in the development process by reviewing source code, providing input on features, submitting bug fixes, requesting new functionality, and spearheading other improvements. You can check out source. You can download and deploy the J2EE web application archive. You can break it, fix it, write about it, and talk about it. Or, simply join in the technical discussions.
    We thank you for participating.
    https://opensso.dev.java.net/

    Where does OpenSSO cross over to enterprise systems?
    We're running Sun Java Access Manager, but, need to access SJAM from an ALSB Service Bus to check a users authority.
    SAML Subject and Principals are available, originating in the Consumer Applications which are SJAM Protected in the SOAP Message.
    I am currently trying to integrate WLS and ALSB with SAM, and I have run into the following issue:
    1. What am I trying to do? - I need to evaluate policies for a specific user. I expect result to be either "permit" or "deny". I do not have the SSOToken available for the user whose rights I want to check, I have just his user name (otherwise I have the full configuration of the SAM Agent available, plus I can get a SSOToken of an administrator of SAM).
    2. Why am I trying to do that? - I want to write a custom authorization provider for ALSB. We have established SAML (based on WLS configuration) to enable single sign-on between a web application (which uses SAM for authentication and authorization) and a Web-Service running on ALSB. As the Web-Service invocation no longer contains any information about the SAM authentication (e.g. no SAM session id), I have access only to the user name (which is trusted, as I have used SAML to propagate it).
    3. What have I done until now? - I have tried to go the path of "ProxyPolicyEvaluator", which seemed to be a natural fit, until I realized that it cannot run remotely (e.g. it has to run within SAM's Web-container). And the "PolicyEvaluator" in the client package allows only Policy evaluation for a user for which we do have an SSOToken.
    Now what I would like to achieve in the SAM "API" terms (or THE QUESTION):
    Is there a class like "ProxyPolicyEvaluator" that runs on a SAMAgent enabled client (or any initialized SAM client SDK), which would allow me to evaluate policies for anybody by using a proxy account to access the SAM? If not, is there a way how to achieve the functionallity described above?
    One of the requirements I am trying to follow with high priority is that the developer of the web application, ALSB proxy and Web-Service should not be required to do any custom coding to enable security, e.g. it should always be possible to enabled/disable security declaratively and to define access right policies within SAM.
    I'm going to multi post as I have NO IDEA if this is even close to the right location....

Maybe you are looking for

  • Display in ALV

    how to display contents of internal table to ALV whats d FM used for that?

  • HT5225 how do i pay for the next year if my subscription runs out?

    You have sent a lot of emil, I'm still confused. Can I pop my .mac.com email to my 3g iphone? how do i make a payment for icloud or .me account??? --tony

  • Songs not in correct folder--how do I get them there???

    Hello all, I saved, for gods know why,all my songs to a music folder I created.I recently discovered that when you import a cd it automatically saves it to "itunes folder" in "my music" with a subfolder created for the artist eg AC/DC and then anothe

  • Capturing with xdcam

    Hi, what setting do I use to capture from xdcam??? ( optical disk) Thanks for any insight you can provide! Leigh

  • Time Machine/ExHD/Storage - Help!

    I have two external 1tb hard drives and 500gb on my macbook hard drive. The storage on my macbook was mainly used up by "other." On my first ext HD i had nearly 600gb's of "other" using up all my space. All of my files only use about 350gb on that di