====OpenSSO=====
This post is more a personal reminder, than a documentation. But may be
it will be hopeful for somepeople.
====Installation====
^ OS | Solaris 10u3 x86 |
^ OpenSSO version | Nov. 15th build |
^ Application server | Glassfish, v2 (build 58g) |
Extract the //deployable-war/opensso.war// from the OpenSSO zip file. Log in Glassfish's webconsole (port 4848), and deploy the war file. Then, hit http://server:8080/opensso. I choose the first choice (default configuration), but could be a good idea to define some values yourself.
If you choose the default configuration, an opends (Directory Server) instance will be created, in ~/opends, with dc=opensso,dc=java,dc=net basesuffix, running on port 50389. Use "cn=Directory Manager" and the password you gave as admin credentials.
Note: I was not able to use whole scripts from the sdk, and fam-client, probably because bug #937 (thanks to zif). I download the Nov. 11th nightly build (for the sdk) instead.
====First try====
===Create a new user===
Once you're logged in the amconsole, create a new realm, then click on it, and add a new user from the Subjects tab.
===Try it with CLI===
Extract the samples/ directory from the OpenSSO zip file. Go in samples/sdk directory, make scripts/*.sh executables, and then run ./script/compile-samples.sh (you must be in the sdk directory). Finally, run ./scripts/Login.sh:
./scripts/Login.sh
Realm (e.g. /): asyd.net
Login module name (e.g. DataStore or LDAP): DataStore
Login locale (e.g. en_US or fr_FR): en_US
DataStore: Obtained login context
User Name:asyd
Password:secret
Login succeeded.
Logged Out!!
./scripts/Login.sh
[..]
User Name:asyd
Password:wrongsecret
Login failed.
====With fam-client====
I used the fam-client from the Nov. 11th nighty build, the one in Nov. 15th is broken! Deploy fam-client-jdk15.war in Glassfish (I used fam-client as
context-root). Then, I create a new subject named famclient from the fam console. Hit http://server:8080/fam-client, and provide the subject you just created as "Application user name" ad "Application uer password". This JSP (sampleconfigurator.jsp) will create ~/AMConfig.properties for you.
Hit http://server:8080/fam-client/ once again. Click on the first link (Access Management Samples) and then, "Service Configuration Sample Servlet". Once logged, the page show you your SSO token, which can check in command line, using scripts/SSOTokenSample.sh.
% ./scripts/SSOTokenSample.sh
Enter SSOToken ID:
AQIC5wM2LY4Sfcy8b6loGGLpzgjUOoxG7qYvoa+fraO2NRU=@AAJTSQACMDE=#
SSOToken host name: xxx.xxx.xxx.xxx
SSOToken Principal name: id=asyd,ou=user,dc=opensso,dc=java,dc=net
Authentication type used: DataStore
IPAddress of the host: xxx.xxx.xxx.xxx
SSO Token validation test Succeeded.
Token ID: AQIC5wM2LY4Sfc[..]
Property: TimeZone: PST
Property: County: SantaClara
====Notes about OpenSSO====
===Logs file===
If you have error such exceptions, take a look in $GLASSFISH_HOME/domains/domain1/logs/server.log. Logs from opensso itself are store in the ~/opensso/log directory.
~~DISCUSSION~~