...
Panel |
---|
Name = jee |
Setup Agent Filter
...
http://developers.sun.com/identity/reference/techart/policyagents.html
Mode
The filter would not work until I followed the Protecting Java EE Applications With OpenSSO Policy Agents article to change the Filter Mode.
Edit the jee Profile. Click the General link at the top of the page.
Remove the ALL filter.
For New Value,
Map Key = leave empty
Corresponding Map Value = SSO_ONLY
Setup Agent on Server
Unless otherwise indicated use the serveradmin user account.
...
Code Block | ||
---|---|---|
| ||
sudo chown -R serveradmin:staff tomcat_v6_agent/ sudo chmod -R 750 tomcat_v6_agent/ |
...
Setup Password File
Create your password file using an editor. Do not use a command line because it may be logged into some kind of history file for example,
Code Block | ||
---|---|---|
| ||
cd /opt/openam.0/agents vi tomcat. |
...
Code Block |
---|
--2.password.txt |
Afterwards protect the file so only serveradmin has access,
Code Block | ||
---|---|---|
| ||
chmod 600 ./tomcat.2.password.txt |
Run Setup
Before installing the policy agent, make sure OpenDJ and OpenAM are running. Also make sure the target tomcat server is currently off. Using serveradmin,
Code Block | ||
---|---|---|
| ||
cd /opt/openam.0/agents/tomcat_v6_agent
./agentadmin --install |
Here is the output of our sample install,
Code Block |
---|
----------------------------------------------- SUMMARY OF YOUR RESPONSES ----------------------------------------------- Tomcat Server Config Directory : /opt/apache/tomcat.12/conf OpenSSO server URL : http://openam.krypton.com:8080/openam $CATALINA_HOME environment variable : /opt/apache/tomcat.12 Tomcat global web.xml filter install : true Agent URL : http://krypton.com:81808280/examples Agent Profile name : jee Agent Profile Password file name : /homeopt/svradm/openam.0/agents/tomcat.2.password.txt Verify your settings above and decide from the choices below. 1. Continue with Installation 2. Back to the last interaction 3. Start Over 4. Exit Please make your selection [1]: Updating the /opt/apache/tomcat.1 |
A successful install will look like the following,
Expand |
---|
Updating the /opt/tomcat.2/bin/setenv.sh script with the Agent configuration JVM option ...DONE.
Creating directory layout and configuring Agent file for Agent_001 instance ...DONE. Reading data from file /opt/ j2ee_openam.0/agents/tomcat _v6_agent/.2.password.txt and encrypting it ...DONE. Generating audit log file name ...DONE. Creating tag swapped OpenSSOAgentBootstrap.properties file for instance Agent_001 ...DONE. Creating a backup for file /opt/ apache/tomcat. 12/conf/server.xml ...DONE. Creating a backup for file /opt/ apache/tomcat. 12/conf/web.xml ...DONE. Adding OpenSSO Tomcat Agent Realm to Server XML file :
tomcat. 12/conf/server.xml ...DONE. Adding filter to Global deployment descriptor file :
tomcat. 12/conf/web.xml ...DONE. Adding OpenSSO Tomcat Agent Filter and Form login authentication to
Web applications ...DONE. SUMMARY OF AGENT INSTALLATION
instance name: Agent_001
Bootstrap file location:
.0/ j2ee_agents/tomcat_v6_agent/Agent_001/config/OpenSSOAgentBootstrap.properties
Configuration file location
.0/ j2ee_agents/tomcat_v6_agent/Agent_001/config/OpenSSOAgentConfiguration.properties
Audit directory location:
.0/ j2ee_agents/tomcat_v6_agent/Agent_001/logs/audit
Debug directory location:
.0/ j2ee_agents/tomcat_v6_agent/Agent_001/logs/debug Install log file location:
.0/ j2ee_agents/tomcat_v6_agent/installer-logs/audit/install. l |
log Thank you for using OpenSSO Policy Agent |
Test
Warning |
---|
Before testing make sure you log out of your current OpenAM login used to access the OpenAM console. |
Go to the url of the protected application, http://krypton.com:8280/examples.
You should be redirect to the OpenAM login page. Enter in the credentials of a the created user.
References
http://openam.forgerock.org/doc/agent-install-guide/OpenAM-Agent-Install-Guide.html
...