Monday Jan 28, 2008

The OpenSSO Bootstrap File Deconstructed

Since build 2, OpenSSO uses a file for bootstrapping itself. Previously, AMConfig.properties held server configuration information but now bootstrap points to a centralized data store that holds the OpenSSO server configuration information.

After deploying the OpenSSO WAR and running the configurator, OpenSSO server configuration data is written to a central instance of OpenDS by the service management (com.sun.identity.sm) API. A setup servlet also creates a file named bootstrap in the top-level /opensso directory. This file contains information that points to the location from which OpenSSO can retrieve configuration data to bootstrap itself. The content in bootstrap can be either of the following:
  • A directory local to OpenSSO (for example, /export/SUNWam) indicates the server was configured with a previous release. The directory is where AMConfig.properties resides.
  • A URL that points to a directory service using the following format:
    ldap://ds-host:ds-port/server-instance-name?pwd=encrypted-amadmin-password&embeddedds=path-to-directory-service-installation&basedn=basedn&dsmgr=directory-admin&dspwd=encrypted-directory-admin-password
    For example:
    ldap://ds.samples.com:389/http%3A%2F%2Fowen2.red.sun.com%3A8080%2Fopensso?pwd=AQIC5wM2LY4Sfcxi1dVZEdtfwar2vhWNkmS8&embeddedds=%2Fopensso%2Fopends&dsbasedn=dc%3Dopensso%2Cdc%3Djava%2Cdc%3Dnet&dsmgr=cn%3DDirectory+Manager&dspwd=AQIC5wM2LY4Sfcxi1dVZEdtfwar2vhWNkmS8
    where:
    • ds.samples.com:389 is the host name and port of the machine on which the directory is installed
    • http%3A%2F%2Fowen2.red.sun.com%3A8080%2Fopensso is the instance name
    • AQIC5wM2LY4Sfcxi1dVZEdtfwar2vhWNkmS8 is the encrypted password of the OpenSSO administrator
    • %2Fopensso%2Fopends is the path to the directory installation
    • dc%3Dopensso%2Cdc%3Djava%2Cdc%3Dnet is the base DN
    • cn%3DDirectory+Manager is the directory administrator
    • BQIC5xM2LY4SfcximdVZEdtfwar4vhWNkmG7 is the encrypted password for the directory administrator
    OpenSSO supports Microsoft's Active Directory, Sun's Directory Server, and the open source OpenDS.
  • Flat files are no longer supported for configuration data but configuration data store failover is supported via the bootstrap file. If more than one URL is present in bootstrap and OpenSSO is unable to connect or authenticate to the data store at the first URL, the bootstrapping servlet will try the second (and so on). Another feature of bootstrap is that the number sign [#] can be used to exclude a URL as in:

    #ldap://ds.samples.com:389/http%3A%2F%2Fowen2.red.sun.com%3A8080%2Fopensso?pwd=AQIC5wM2LY4Sfcxi1dVZEdtfwar2vhWNkmS8&embeddedds=%2Fopensso%2Fopends&dsbasedn=dc%3Dopensso%2Cdc%3Djava%2Cdc%3Dnet&dsmgr=cn%3DDirectory+Manager&dspwd=AQIC5wM2LY4Sfcxi1dVZEdtfwar2vhWNkmS8

    And, for some extracurricular bootstrapping, take the Replacements, some Lou Reed, a dash of early Bowie, a pinch of Violent Femmes, some 60s surf sounds, a big garage with the door closed, and you have the British band Bootstrap and their song Streetlight. The video uses scenes from Faster Pussycat Kill Kill, the classic film by Russ Meyer. A configuration made in heaven!

About

docteger

Search

Categories
Archives
« April 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today