Thursday, April 8, 2010

Steps to configure a CDSSO sample in OpenSSO

Deployment example:
OpenSSO updat1 patch 3 server on machine
Glassfish 3.0 J2EE Policy Agent on machine

Step-1: Install OpenSSO server. Configure agent profile, policies.

Step-2: Install J2EE Policy Agent 3.0

Step-3: In container hosting agent, deploy mini agent sample application from

Step-4: In container hosting agent, deploy agentapp.war This is not installed by default. It is available in the following location:

Step-5: Configure agent profile for 3 properties mentioned in the link:
In my sample, the values are (Agent Profile -> SSO tab):
a) Enabled "Cross Domain SSO" checkbox
b) CDSSO Servlet URL:
c) CDSSO Domain List:

Step-6: Set property "CDSSO Clock Skew" if you have not synchronized time between two machines hosting OpenSSO and agent.

Step-7: Add agent machine domain name to Realm/DNS Aliases

Step-8: Restart both containers hosting OpenSSO and glassfish server.

Trouble shooting tips:
1. Do not add /agentapp/sunwCDSSORedirectURI to not-enforced-list. This has been discussed some places in a google search.

Related docs:
CDSSO Config
CDSSO Block Diagram
Mini agent sample deployment


  1. sounds really good.
    I have a similar environment:

    I followed your instructions, but I am receiving a 404 Error :(.

    Do you have an idea why?

  2. Both your servers hosting agent and opensso are in same domain. Why do you want to setup CDSSO?