Tuesday Mar 24, 2009

Entries in Application "web.xml" to activate the Agent

I have often been asked by customers and partners on what exactly needs to go into the application web.xml, to activate the policy agent.

Typically, developers just install the OpenSSO Policy Agent on an application container and expect that the application is protected by the agent 'auto-magically'. For a J2EE agent protecting an application on a J2EE container, here is what needs to go into the web.xml.

        <filter-class> com.sun.identity.agents.filter.AmAgentFilter

Restart the application container once these changes are made and the Policy Agent will be activated.

Note: The above entries suffice when you have the agent configured in "SSO Only" mode. 

Monday Jan 26, 2009

Role Manager and OpenSSO Integration

With the maturity of Role Management in medium and small Enterprises, we are now seeing a lot of requirements around an integrated Role Management, Provisioning and Access Management infrastructure.

Recently, I worked on a Proof-of-Concept for a customer where we implemented an end-to-end SRM-OpenSSO-IdM integration.

Here are some of the salient features of this integrated demo that was put in place.

  • Role Manager (SRM) is the provisioning and management point for Business Roles and IT Roles
  • Identity Manager is the provisioning and management point for Users.
  • OpenSSO protects a few sample Web based applications.
  • SRM is also the Policy Management point.
  • OpenSSO Policy agents are the PEP and the OpenSSO Server is the PDP.
  • OpenSSO Policies are Role based URL policies
  • DSEE is configured as the OpenSSO User Store; IT Roles are provisioned on the DSEE Store.
  • SRM creates Business Roles and IT Roles on IdM; creates IT Roles on the OpenSSO (DSEE) store using the IdRepo API.
  • IdM assigns Business Roles "and" IT Roles to Users. Assigned IT Roles are as per the roles provisioned in DSEE.
  • Policies created are based on IT Roles.
  • Policies provisioned using SRM are exported as XML, in a format specific to OpenSSO policies
  • OpenSSO imports these policies, using which AuthZ decisions are made.

Thanks to Anjan Shenoy for getting the Role provisioning on DSEE working and the Policy export from SRM.

This demo is available as a Virtual Box image and I would be more than happy to share this image and provide operational instructions on running this demo. More detailed documentation and white-papers are on the way!!

Wednesday Nov 12, 2008

OpenSSO Enterprise 8.0 released !

Sun OpenSSO Enterprise 8.0 has been released. The bits for the fully supported Enterprise 8.0 release can be downloaded from the usual OpenSSO Download site.

The official revenue release has been posted here on the Sun site. The documentation can be found here.

Kudos to all those folks who worked hard to build, test and get this release out. Hip ! Hip ! Hurray !!

Tuesday Sep 09, 2008

OpenSSO and J2EE Agents on WebLogic 10 on Mac.

Yes... I am a Mac user ! I had to build an OpenSSO demo using WebLogic 10 for a customer .... on my Mac. There is no official support for or a certified version of WebLogic for Mac . I did a little bit of digging around and I was able to get OpenSSO b5 up and running on WebLogic 10 and I was also able to install and configure the EA WebLogic Agent 3.0 to protect a sample app on WebLogic .... all this natively on my Mac.

Here is how you do it:

Before we start, an official warning :-) ... THIS IS FOR DEMO PURPOSES ONLY !! I have not had any issues so far, but does not mean I have fully tested this for stability, reliability or performance.. 

Installing WebLogic: 

1. Download the WebLogic 10 bits. You will need to get the package installer from here

   Scroll down to " WebLogic Server Package Installer" and choose "WebLogic Server 10.0 MP1"

   Most importantly, from the "Please select an OS" drop down, choose "IBM AIX (5.2, 5.3, pSeries)"

2. Once the bits are downloaded, use the following command to install the server

java -Dos.name=unix -jar server1001_generic.jar

The installer will take you through the install after asking you the usual questions.

3. Once WebLogic Server is installed, you need to edit the file "setDomainEnv.sh"

     This file will be under "<install-home>/bea/wlserver_10.0/samples/domains/wl_server/bin"

     Edit this file to add the declaration  -XX:MaxPermSize=128m under MEM_ARGS.

    After adding the declaration, the MEM_ARGS parameter should look like " MEM_ARGS="-Xms256m -Xmx512m -XX:MaxPermSize=128m"

4. Start the WebLogic 10 server using the following command:

    # <install-home>/bea/wlserver_10.0/samples/domains/wl_server/bin/startWebLogic.sh

5. Point your browser to "http://localhost:7001" and you should see the WebLogic Server "Getting Started Page".

  Click on "Start the Administration Server console". Login as weblogic/weblogic and verify that you are able to login.

Now, your WebLogic Server is up and running on your Mac.

Installing OpenSSO on WebLogic: 

1. Start the Weblogic Admin console and login as "weblogic / weblogic"

2. Click on "Lock & Edit" in the "Change Centre" window.

3. Click on "Deployments" in the "Domain Structure" window.

4. You will see all installed apps in the "Summary of Deployments" page.

5. Click "Install"

6. The Server will say it cannot find any files. Click on "Upload File"

7. Browse to your opensso.war file. Select this "opensso.war" to upload

8. Once uploaded, click on the "opensso.war" radio-button and hit "Next"

9.  On the next page, choose "Install this deployment as an application"

10. In the "optional Settings" page, choose a name for the deployment. Default is "opensso". The same can be retained. All other options can be default.

11. In the "Additional Configurations" page, choose "Yes, take me to the deployment configuration"

12. Hit "FINISH"

13. Once the WAR file is deployed, click on "Activate Changes" in the "Change Center" window.

Configure OpenSSO the usual way either using default or custom configuration. 

That's it !!! You have your favorite OpenSSO deployed and running on Weblogic...on your Mac !! :-)

Installing the WebLogic J2EE Agent:

If you want to protect applications using on this WebLogic server, download and install the EA WebLogic PA 3.0 from here. Follow the install docs for the agent install.

Monday Aug 25, 2008

"OpenDS Cannot be started" during Configuration.

During Configuration of OpenSSO after deployment of the WAR file, there are times when the Custom Configuration will fail with the error "Failed to start OpenDS instance".

This usually happens when you attempt the configuration for the second time without removing the earlier configuration settings.

To resolve this problem:

  • Undeploy the OpenSSO WAR file
  • Remove ( rm -r) the OpenSSO Config directory containing the OpenSSO and the OpenDS folders
  • Re-deploy the WAR file
  • Run the Custom Configuration

Configuration should go through fine using all default settings.

Tuesday Aug 19, 2008

Deployment Training for OpenSSO

Deployment Training for OpenSSO is now available for FREE !! These training modules are a great resource set along with the Early Access documentation to build your expertise on OpenSSO.

The training material contains five different modules to take you through some detailed deployment instructions. The deployment training includes Secure Services setup (SSL), Load balanced environment setup using Software Load Balancer, Policy configuration and Session Failover.

The training announcement can be found on the OpenSSO Training site.

For more details, please refer to our friend David Goldsmith's blog.

Wednesday Jul 23, 2008

OpenSSO Express announced

Sun today announced OpenSSO Express - an early access to next release of a combined Access Manager and Federation Manager product. These early access builds are fully tested and certified by the OpenSSO community.

Enterprises can now download, evaluate and use the latest builds of OpenSSO and obtain support for these builds from Sun. This is a big leap forward for the OpenSSO community.

The OpenSSO Express announcement details the Support Model and also includes Tech talks from the experts.  More details can be found at the OpenSSO site.




« July 2016