OpenSSO

This post is more a personal reminder, than a documentation. But may be it will be hopeful for somepeople.

Installation

OS Solaris 10u3 x86
OpenSSO version Nov. 15th build
Application server Glassfish, v2 (build 58g)

Extract the deployable-war/opensso.war from the OpenSSO zip file. Log in Glassfish's webconsole (port 4848), and deploy the war file. Then, hit http://server:8080/opensso. I choose the first choice (default configuration), but could be a good idea to define some values yourself.

If you choose the default configuration, an opends (Directory Server) instance will be created, in ~/opends, with dc=opensso,dc=java,dc=net basesuffix, running on port 50389. Use “cn=Directory Manager” and the password you gave as admin credentials.

Note: I was not able to use whole scripts from the sdk, and fam-client, probably because bug #937 (thanks to zif). I download the Nov. 11th nightly build (for the sdk) instead.

First try

Create a new user

Once you're logged in the amconsole, create a new realm, then click on it, and add a new user from the Subjects tab.

Try it with CLI

Extract the samples/ directory from the OpenSSO zip file. Go in samples/sdk directory, make scripts/*.sh executables, and then run ./script/compile-samples.sh (you must be in the sdk directory). Finally, run ./scripts/Login.sh:

./scripts/Login.sh
Realm (e.g. /): asyd.net
Login module name (e.g. DataStore or LDAP): DataStore
Login locale (e.g. en_US or fr_FR): en_US
DataStore: Obtained login context
User Name:asyd
Password:secret
Login succeeded.
Logged Out!!

./scripts/Login.sh
[..]
User Name:asyd
Password:wrongsecret
Login failed.

With fam-client

I used the fam-client from the Nov. 11th nighty build, the one in Nov. 15th is broken! Deploy fam-client-jdk15.war in Glassfish (I used fam-client as context-root). Then, I create a new subject named famclient from the fam console. Hit http://server:8080/fam-client, and provide the subject you just created as “Application user name” ad “Application uer password”. This JSP (sampleconfigurator.jsp) will create ~/AMConfig.properties for you.

Hit http://server:8080/fam-client/ once again. Click on the first link (Access Management Samples) and then, “Service Configuration Sample Servlet”. Once logged, the page show you your SSO token, which can check in command line, using scripts/SSOTokenSample.sh.

% ./scripts/SSOTokenSample.sh
Enter SSOToken ID:
AQIC5wM2LY4Sfcy8b6loGGLpzgjUOoxG7qYvoa+fraO2NRU=@AAJTSQACMDE=#
SSOToken host name: xxx.xxx.xxx.xxx
SSOToken Principal name: id=asyd,ou=user,dc=opensso,dc=java,dc=net
Authentication type used: DataStore
IPAddress of the host: xxx.xxx.xxx.xxx
SSO Token validation test Succeeded.
Token ID: AQIC5wM2LY4Sfc[..]
Property: TimeZone: PST
Property: County: SantaClara

Notes about OpenSSO

Logs file

If you have error such exceptions, take a look in $GLASSFISH_HOME/domains/domain1/logs/server.log. Logs from opensso itself are store in the ~/opensso/log directory.