Thursday, April 8, 2010

Steps to configure a CDSSO sample in OpenSSO

Deployment example:
------------------
OpenSSO updat1 patch 3 server on machine avatar.red.iplanet.com
Glassfish 3.0 J2EE Policy Agent on machine rub-s10-6.sfbay.sun.com


Step-1: Install OpenSSO server. Configure agent profile, policies.

Step-2: Install J2EE Policy Agent 3.0

Step-3: In container hosting agent, deploy mini agent sample application from http://developers.sun.com/identity/reference/techart/policyagents/agent-mini-app.zip

Step-4: In container hosting agent, deploy agentapp.war This is not installed by default. It is available in the following location:
/opt/lakshman/installations/agents/j2ee_agents/appserver_v9_agent/etc

Step-5: Configure agent profile for 3 properties mentioned in the link:
http://docs.sun.com/app/docs/doc/820-5816/aeabl?a=view
In my sample, the values are (Agent Profile -> SSO tab):
a) Enabled "Cross Domain SSO" checkbox
b) CDSSO Servlet URL: http://avatar.red.iplanet.com:8080/opensso/cdcservlet
c) CDSSO Domain List: .sun.com

Step-6: Set property "CDSSO Clock Skew" if you have not synchronized time between two machines hosting OpenSSO and agent.

Step-7: Add agent machine domain name to Realm/DNS Aliases

Step-8: Restart both containers hosting OpenSSO and glassfish server.

Trouble shooting tips:
----------------------
1. Do not add /agentapp/sunwCDSSORedirectURI to not-enforced-list. This has been discussed some places in a google search.

*************
Related docs:
*************
CDSSO Config
CDSSO Block Diagram
Mini agent sample deployment

2 comments:

  1. sounds really good.
    I have a similar environment:
    Agent:
    pepwebservice.wiwi.domain1.com:8080/agentapp
    OpenSSO:
    opensso.wiwi.domain1.com:8080/opensso

    I followed your instructions, but I am receiving a 404 Error :(.

    Do you have an idea why?

    ReplyDelete
  2. Both your servers hosting agent and opensso are in same domain. Why do you want to setup CDSSO?

    ReplyDelete