The OpenSSO Bootstrap File Deconstructed

Since build 2, OpenSSO uses a file for bootstrapping itself. Previously, AMConfig.properties held server configuration information but now bootstrap points to a centralized data store that holds the OpenSSO server configuration information.

After deploying the OpenSSO WAR and running the configurator, OpenSSO server configuration data is written to a central instance of OpenDS by the service management (com.sun.identity.sm) API. A setup servlet also creates a file named bootstrap in the top-level /opensso directory. This file contains information that points to the location from which OpenSSO can retrieve configuration data to bootstrap itself. The content in bootstrap can be either of the following:
  • A directory local to OpenSSO (for example, /export/SUNWam) indicates the server was configured with a previous release. The directory is where AMConfig.properties resides.
  • A URL that points to a directory service using the following format:
    ldap://ds-host:ds-port/server-instance-name?pwd=encrypted-amadmin-password&embeddedds=path-to-directory-service-installation&basedn=basedn&dsmgr=directory-admin&dspwd=encrypted-directory-admin-password
    For example:
    ldap://ds.samples.com:389/http%3A%2F%2Fowen2.red.sun.com%3A8080%2Fopensso?pwd=AQIC5wM2LY4Sfcxi1dVZEdtfwar2vhWNkmS8&embeddedds=%2Fopensso%2Fopends&dsbasedn=dc%3Dopensso%2Cdc%3Djava%2Cdc%3Dnet&dsmgr=cn%3DDirectory+Manager&dspwd=AQIC5wM2LY4Sfcxi1dVZEdtfwar2vhWNkmS8
    where:
    • ds.samples.com:389 is the host name and port of the machine on which the directory is installed
    • http%3A%2F%2Fowen2.red.sun.com%3A8080%2Fopensso is the instance name
    • AQIC5wM2LY4Sfcxi1dVZEdtfwar2vhWNkmS8 is the encrypted password of the OpenSSO administrator
    • %2Fopensso%2Fopends is the path to the directory installation
    • dc%3Dopensso%2Cdc%3Djava%2Cdc%3Dnet is the base DN
    • cn%3DDirectory+Manager is the directory administrator
    • BQIC5xM2LY4SfcximdVZEdtfwar4vhWNkmG7 is the encrypted password for the directory administrator
    OpenSSO supports Microsoft's Active Directory, Sun's Directory Server, and the open source OpenDS.
  • Flat files are no longer supported for configuration data but configuration data store failover is supported via the bootstrap file. If more than one URL is present in bootstrap and OpenSSO is unable to connect or authenticate to the data store at the first URL, the bootstrapping servlet will try the second (and so on). Another feature of bootstrap is that the number sign [#] can be used to exclude a URL as in:

    #ldap://ds.samples.com:389/http%3A%2F%2Fowen2.red.sun.com%3A8080%2Fopensso?pwd=AQIC5wM2LY4Sfcxi1dVZEdtfwar2vhWNkmS8&embeddedds=%2Fopensso%2Fopends&dsbasedn=dc%3Dopensso%2Cdc%3Djava%2Cdc%3Dnet&dsmgr=cn%3DDirectory+Manager&dspwd=AQIC5wM2LY4Sfcxi1dVZEdtfwar2vhWNkmS8

    And, for some extracurricular bootstrapping, take the Replacements, some Lou Reed, a dash of early Bowie, a pinch of Violent Femmes, some 60s surf sounds, a big garage with the door closed, and you have the British band Bootstrap and their song Streetlight. The video uses scenes from Faster Pussycat Kill Kill, the classic film by Russ Meyer. A configuration made in heaven!

Comments:

[Trackback] Bookmarked your post over at Blog Bookmarker.com!

Posted by violent femmes on February 05, 2008 at 07:29 PM PST #

Hi.
is there any guide to tell me how to set OpenSSO V4 using Microsoft Active Directory(2003 or 2008) as a DataStore(Remote Directory).
I can successfully install OpenSSO V4 on glassfish v2 with an embedded OpenDS, as well as add Active Directory datastore to use.
But i want to use Active Directory from the very beginning...:(
So what should i do...

Posted by Handsome on May 04, 2008 at 07:06 PM PDT #

Hey, handsome. (That's what people usually say to me!) Sorry for the delay; I lost this comment in the JavaOne hulabaloo of the previous week. Here's a link to info from 7.1: http://docs.sun.com/app/docs/doc/819-5899/gghwi?a=view
Other than that I thought it should be relatively easy to configure AD from the beginning using the configurator. I don't have AD set up so I don't have the knowledge. Are you not able to do this with the confiugrator?

Posted by DocTeger on May 19, 2008 at 06:39 AM PDT #

Thank you very much.
I have read the document carefully, and get a Java ES installed on my computer(Windows XP success, Windows Server 2008 failed, the DSEE and Indentiy not work).
but there is a patch1 needed for the Access Manager 7.1, but i cannot apply the patch(the patch readme maybe too simple for me).
So the LDIF files:
amAuthAccountLockout_ad_schema.ldif
amAuthConfig_ad_schema.ldif
amSession_ad_schema.ldif
amUser_ad_schema.ldif
am_remote_ad_schema.ldif
that i needed to import ot AD never came out...
i wanner does Mr. DocTeger have the files listed above. If you have got them, would you please do me a favour to e-mail to me?
my email address is: anyonetff@doramail.com

Posted by Handsome on May 28, 2008 at 06:08 PM PDT #

i another way, i've tried to import this file:

opensso/ldif/fam_ad_schema.ldif

to Active Directory successfully.
Then the OpenSSO configurating goes almost success - failed in some final steps...

Posted by Handsome on May 28, 2008 at 06:42 PM PDT #

Hi Handsome. Sorry but not only do I not use AD but I do not use Windows either (Solaris and Mac). My suggestion is to take your questions to the OpenSSO alias: users@opensso.dev.java.net. (You will need to be a member and subscribe to the alias.) Others on this mailing list will be able to help you with your specific deployment questions.

Posted by DocTeger on May 29, 2008 at 12:08 AM PDT #

Hi
when iam configure the webservice sercurity with j2ee agent it ask for keystore details like 'keystorepathname', 'Filecontainingencryptedkeystorepassword','filecontainingencryptedkey','keyaliasname'.
Where exactly these details will be stored in opensso.

Posted by praveen on February 15, 2009 at 01:41 PM PST #

Post a Comment:
Comments are closed for this entry.
About

docteger

Search

Categories
Archives
« April 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today