Configuring multiple OpenSSO servers with Configuration store as Directory Server Enterprise Edition


This document specifically addresses the workaround for the
opensso issue 4094, yet this document can be used to configure the
Opensso Server against an existing Sun Java System Directory Server
Enterprise Edition. (DSEE). FYI. Issue 4094 is already fixed in the OpenSSO nightly that happened after Nov 6th 2008.


1.0 Prerequisites




      In order to successfully configure two or more of the OpenSSO
      server web applications pointing to a DSEE server, one should have
      done the following







    • Installed and configured the DSEE (in this case
      is-x86-07.sp-dseeprovider.net)




    • Created a empty root suffix, this would be the suffix of
      OpenSSO server(in this case dc=opensso,dc=java,dc=net)




    • A valid DN that has the read/write access to the suffix and
      has a privilege to load custom LDAP schema( in this case I am
      using cn=directory manager for simplicity, in the production
      customers will be using the least privileged user than the
      directory manager)




    • Deployed two instances of OpenSSO servers(in this case
      openss1.example.net ans openss2.example.net)




    • OpenSSO admin user amadmin's password (secret12)is different
      from DSEE Bind DN(dssecret)





2.0 Configure first OpenSSO server


To configure the first server simply access the configurator
using a supported web browser, for eg: Firefox 2, I have annotated the images where ever appropriate, I hope there is no further explanation is required.


Step 1




Step 2






Step 3





Step 4





Step 5






Step 6






Step 7





Step 8





3.0 Configuring the second OpenSSO


Before proceeding with the second server configuration , you should make sure the first server is up and running , by logging in to the console as amadmin.  When you are there copy the encryption key from server one , this key will be used  while configuring the second server.


How can you obtain the encryption key(am.encryption.pwd)





Step 9





Step 10





Step 11




In the next screen you will be noticing two Radio buttons, usually for the second and more servers addition to an existing configuration one would select the Add to Existing deployment, this will work perfectly fine in all the scenarios except the scenario as described in the issue 4094. Issue 4094 is already fixed in the OpenSSO nightly that happened after Nov 6th 2008. In build 6 to workaround the issue 4094 Please dont select the option of 'Add to Existing deployment' instead follow the rest of this procedure







Step 12





Step 13






Even though we are again entering the same information there will no duplicate datastore entry will be created in the configuration,


so here we need to enter this again to make the configurator happy:-)





Step 14







Step 15









Step 16





Step 17







Step 18






Finally you need to restart both servers to complete the multi server configuration with site. After restart you will be able to access the


servers using the individual URLs as well as from the LB url http://is-lb-3.red.iplanet.com:80/opensso/console

















Comments:

Post a Comment:
Comments are closed for this entry.
About

Indira Thangasamy, I manage the OpenSSO Quality engineering team.

Search

Archives
« April 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today