This post is more a personal reminder, than a documentation. But may be it will be hopeful for somepeople.
OS | Solaris 10u3 x86 |
---|---|
OpenSSO version | Nov. 15th build |
Application server | Glassfish, v2 (build 58g) |
Extract the deployable-war/opensso.war from the OpenSSO zip file. Log in Glassfish's webconsole (port 4848), and deploy the war file. Then, hit http://server:8080/opensso. I choose the first choice (default configuration), but could be a good idea to define some values yourself.
If you choose the default configuration, an opends (Directory Server) instance will be created, in ~/opends, with dc=opensso,dc=java,dc=net basesuffix, running on port 50389. Use “cn=Directory Manager” and the password you gave as admin credentials.
Note: I was not able to use whole scripts from the sdk, and fam-client, probably because bug #937 (thanks to zif). I download the Nov. 11th nightly build (for the sdk) instead.
Once you're logged in the amconsole, create a new realm, then click on it, and add a new user from the Subjects tab.
Extract the samples/ directory from the OpenSSO zip file. Go in samples/sdk directory, make scripts/*.sh executables, and then run ./script/compile-samples.sh (you must be in the sdk directory). Finally, run ./scripts/Login.sh:
./scripts/Login.sh Realm (e.g. /): asyd.net Login module name (e.g. DataStore or LDAP): DataStore Login locale (e.g. en_US or fr_FR): en_US DataStore: Obtained login context User Name:asyd Password:secret Login succeeded. Logged Out!! ./scripts/Login.sh [..] User Name:asyd Password:wrongsecret Login failed.
I used the fam-client from the Nov. 11th nighty build, the one in Nov. 15th is broken! Deploy fam-client-jdk15.war in Glassfish (I used fam-client as context-root). Then, I create a new subject named famclient from the fam console. Hit http://server:8080/fam-client, and provide the subject you just created as “Application user name” ad “Application uer password”. This JSP (sampleconfigurator.jsp) will create ~/AMConfig.properties for you.
Hit http://server:8080/fam-client/ once again. Click on the first link (Access Management Samples) and then, “Service Configuration Sample Servlet”. Once logged, the page show you your SSO token, which can check in command line, using scripts/SSOTokenSample.sh.
% ./scripts/SSOTokenSample.sh Enter SSOToken ID: AQIC5wM2LY4Sfcy8b6loGGLpzgjUOoxG7qYvoa+fraO2NRU=@AAJTSQACMDE=# SSOToken host name: xxx.xxx.xxx.xxx SSOToken Principal name: id=asyd,ou=user,dc=opensso,dc=java,dc=net Authentication type used: DataStore IPAddress of the host: xxx.xxx.xxx.xxx SSO Token validation test Succeeded. Token ID: AQIC5wM2LY4Sfc[..] Property: TimeZone: PST Property: County: SantaClara
If you have error such exceptions, take a look in $GLASSFISH_HOME/domains/domain1/logs/server.log. Logs from opensso itself are store in the ~/opensso/log directory.