How to install Tomcat 6.x then launch and configure OpenSSO

The following tasks are described in this blog entry:

  • How to install Tomcat 6.x as the Application Server
  • How to Install OpenSSO (instead of Federated Access Manager 8.0) on Tomcat 6.x.
NOTE TO READER: If you see anything that isn't clear or is outright incorrect, don't hesitate to leave a comment. I'll try to straighten it out.

Also, in this blog, you can bring up a list of blog entries with instructions for this deployment. This deployment is all on one machine (on Solaris 10) and inlcudes OpenSSO server on Tomcat 6.x with the Application Server 9.0 agent on GlassFish server. This will probably include other configurations, too, such as deploying the sample application and more. Click the following link:
Blog entires related to the deployment: Tomcat for OpenSSO & GlassFish for GlassFish agent
I installed these two software pieces on a Solaris 10 SPARC machine. It doesn't matter much what operating system you install on as long as the system has a relatively new JDK version installed. I had JDK 1.5.

The thing to keep in mind about the instructions that follow is that the examples include UNIX commands only, since I installed on Solaris. The machine I was using was set to the bourne "sh" shell by default. I didn't mess with that. What do I know from shells? Many times, I'd try various UNIX commands until one worked. When I show the wording "For example", that means that that's  what worked for me.

The commands are just examples since operating systems vary. Even when one uses Solaris, as I did, the shell varies or some other aspect of the environment. So, the bottom line is that things will vary.

To Install Tomcat 6.x


The OpenSSO Release Notes page for OpenSSO build 4 are available at the following link:

The Instructions in this blog entry are for a nightly build between build 4 and 5 and the Release Notes apply, but you don't really need to go out to that page since I've pasted the relevant Release Note info for Tomcat 6.x in the box that follows:

Tomcat 6.x

1. Do NOT use Tomcat 6.0.16 as it does not work with OpenSSO Build 4

2. Increase JVM option -Xmx to 1024M

Okay, so the instructions follow next for installing Tomcat 6.x. I adhered to the guidelines in the box above.


  1. Set the JAVA_HOME variable to an appropriate version of JDK
    For example:
    # JAVA_HOME="/usr/jdk/jdk1.5.0_12"
    # export JAVA_HOME
    # env
    There must be a thousand ways to do this depending upon one's environment. The commands above worked for me. The env command lists all the environment variables, so you can check to make sure JAVA_HOME is set properly.

  2. Create a directory for the Tomcat 6 container.
    For example:
    # mkdir Tomcat-base

  3. Change directories into the newly created directory.
    For example:
    # cd Tomcat-base

  4. Download a Tomcat 6.x version supported by OpenSSO:
    I downloaded the following version:
    Here's the link to the page where this file is available:
    From that page, depending upon how your browser is set up to handle downloads, you might want to right click the option apache-tomcat-6.0.14.tar.gz and select "Copy Link Location." That way you can control the exact location to which the download goes.

  5. Uncompress the file.
    For example:
    # gunzip -c apache-tomcat-6.0.14.tar.gz | tar xvf -

    The above command is suggested by Pat Patterson. I added it to this entry after reading his comment (see his blog comment at the bottom of this entry).
    The below commands worked for me, but his command is clearly the way to go.
    # gunzip apache-tomcat-6.0.14.tar.gz
    # tar xvf apache-tomcat-6.0.14.tar
    I don't know much about such things. But I looked at the following
    page (There are many ways to uncompress a .tar.gz file. It took me a couple of attempts until I stumbled on those two commands above):

  6. Edit the following Tomcat file as shown in the substeps that follow:

    1. Open the file using your editor of choice.

    2. Add the following string  including the quotation marks to the line shown in the examples in this substep:
      Before Editing:
      JAVA_OPTS="$JAVA_OPTS "-Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager"
      After Editing:
      JAVA_OPTS="$JAVA_OPTS "-Xmx1G" "-Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager"

    3. Save and close the file.

  7. Start Tomcat as described in the substeps that follow.
    This is just to check that everything is working as expected.

    1. Change directories to the location of the Tomcat startup script.
      For Example:
      # cd /Tomcat-base/apache-tomcat-6.0.14/bin

    2. Issue the start up command.
      For example:
      # ./

  8. Use a browser to check that Tomcat has started:
    For example, in a browser window, go to the following location:

    Where TomcatHost is a place holder that you must replace with the name of the host machine to which you just installed Tomcat 6.0.14.

    If everything went properly, you will see the Apache Tomcat page.

  9. Shutdown Tomcat.
    For example:
    # ./

To Install OpenSSO (Jun 29, 2008 Build) on Tomcat 6.x


The OpenSSO downloads are available from this web page:

On the above listed web page, the periodic builds are listed in the section labeled as such:
"Periodic OpenSSO and Client SDK Builds"

I downloaded the OpenSSO Zip, which at that time had the following timestamp: Sun Jun 29 09:00:05 PDT 2008. I didn't create a directory for the installation. I just used the root "/" directory to download the file and unzipped it right there (I'll probably download and unzip files in a more organized fashion in the future).


  1. Download the newest available OpenSSO build.
    I downloaded the following version:
    Here's the link to the page where this file is available:

    From there, you can right click the file and select "Copy Link Location" to control where you download the file. That page gives you the latest builds of OpenSSO available. Since I installed on June 29, 2008, I got the June 29 build, which is a periodic build between builds 4 and 5.

  2. Unzip the file.
    For example:
    # unzip
    Since I unzipped the file in the root directory, this created the opensso directory at the following location: /opensso

  3. Copy the opensso.war file from the distributed opensso files to the Tomcat webapps directory.
    For example:
    cp /opensso/deployable-war/opensso.war /Tomcat-base/apache-tomcat-6.0.14/webapps

  4. Start Tomcat as described in the substeps that follow.
    Because the opensso.war file is in the Tomcat webapps directory, starting Tomcat deploys OpenSSO.

    1. Change directories to the location of the Tomcat startup script.
      For Example:
      # cd /Tomcat-base/apache-tomcat-6.0.14/bin

    2. Issue the start up command.
      For example:
      # ./

  5. Confirm that TomCat has started and OpenSSO has deployed as described in the substeps that follow:

    1. Use a browser to check that Tomcat has started:
      For example, in a browser window, go to the following location:

      If everything went properly, you will see the Apache Tomcat page.

    2. Add the string opensso to the URL in the browser window.
      For example:

      If everything went properly, you will see the Sun Federated Access Manager page labeled Configuration Options.

  6. Proceed with the configuration as described in the substeps that follow:
    You don't need to go with the default configuration, but that's what I did.

    1. Click the link for Default Configuration.

    2. Enter the same password for both of the Default User Fields: Password and Confirm.
      By the way, the password you enter here is used by you and other administrators to log into OpenSSO. At that Login page (which comes up when you visit, the value to enter for the User Name field is amAdmin while the password is the one you are creating in this substep.

    3. Enter the same password for both of the Default Agent Fields: Password and Confirm.
      Ensure that this password is different from the one you just created above.
      You might not ever need this password again. One situation you would need it is if you install Policy Agent 2.2 with this OpenSSO deployment. In that situation, this password would be needed. In that case, it is used in conjunction with the user name "UrlAccessAgent."

    4. Click OK.

      The configuration process continues for a couple of minutes and then shows a configuration complete message.

  7. Visit again to confirm that you get the Sun Federated Access Manager login page.

  8. Log in using the proper credentials.
    User Name is amAdmin and Password is the password you chose to go with amAdmin.
Ta da! That's it. You're in.

Nice work, John! A few minor points:

1) It's a good idea to create a directory such as /downloads and put the downloaded stuff there - keeps cruft out of the root dir.

2) You can combine the steps for unzipping and untarring the Tomcat tarball with:

gunzip -c apache-tomcat-6.0.14.tar.gz | tar xvf -

One advantage of this approach is that the Tomcat tarball stays compressed, occupying less space on your disk if you want to keep it around.

3) 'Default user' (amadmin) should be 'Admin user'.

4) The agent password might well be used again - for example, if you install a 2.2 agent, by default it will want to use this password with the username 'UrlAccessAgent'. It's probably a good idea to point out that this password must be different from the admin password, too.

5) Last sentence should be "You're in." Sorry. I'm a grammar Nazi :-)

Posted by Pat Patterson on June 29, 2008 at 02:22 PM PDT #


Thanks for the points. Hopefully, I've interpreted you're meaning properly ;-). I've made adjustments to the entry accordingly. Please let me know, if I misinterpreted.

Posted by John Domenichini on June 30, 2008 at 04:44 AM PDT #

To untar/unzip I always use
tar -zvxf file.tar.gz ... shorter, leaves original file compressed.
If using bz2 compressed tars files args are -jvxf.

Also, when configurating a 2.2 agent (specifically Sun Java System Access Manager Policy Agent 2.2-01 for BEA Weblogic Server/Portal 9.2 ) with opensso do I use the 'configuration'->'agents'-'2.2 agents' or 'configuration'->'agents'-'J2EE'. Documentation for using 2.2 agents with opensso seems very sparse.

Posted by Damien on July 02, 2008 at 10:52 AM PDT #


It's going to be the 2.2 Agents option. In the nightly builds since build 4, the Console structure changed.

Access Control > NameOfRealm > Agents > 2.2 Agents

You're right about the OpenSSO info regarding 2.2 Agents being sparse. By the way, early access docs are out for Federated Access Manager 8.0, which includes 3.0 agent docs:

One doc is for BEA WebLogic Server/Portal 10. Which isn't really helpful for your situation except perhaps for this paragraph:

Coexistence With Version 2.2 Policy Agents

Federated Access Manager supports both version 3.0 and version 2.2 agents in the same deployment. The version 2.2 agents, however, must continue to store their configuration data locally in the file. And because the version 2.2 agent configuration data is
local to the agent, Federated AccessManager centralized agent configuration is not supported
for version 2.2 agents. To configure a version 2.2 agent, you must continue to edit the agent's file.
For documentation about version 2.2 agents, see

hthal (hope this helps a little)

Posted by John Domenichini on July 03, 2008 at 02:53 AM PDT #

why download and use Why not download the bundle and deploy fam.war?

Posted by joe on July 22, 2008 at 11:03 PM PDT #

Post a Comment:
  • HTML Syntax: NOT allowed

What does this box do?


« April 2014