Configuring OpenSSO - The CURL'y way


The Following command line shows how to configure the OpenSSO server deployed on WebLogic9.2(container type immaterial) http://sso.red.iplanet.com:7001/fam with DSEE 6.x as the service configuration datastore.

curl -d "&deployuri=%2F/fam&ADMIN_PWD=secret12&ADMIN_CONFIRM_PWD=secret12& \\
AMLDAPUSERPASSWD=secret123&AMLDAPUSERPASSWD_CONFIRM=secret123& \\
SERVER_URL=http%3A%2F%2Fsso.red.iplanet.com%3A7001& \\
COOKIE_DOMAIN=.red.iplanet.com&PLATFORM_LOCALE=en_US& \\
AM_ENC_KEY=FederatedAccessManagerEncryptionKey& \\
BASE_DIR=/root/sso-config&DATA_STORE=dirServer& \\
ROOT_SUFFIX=dc=sun,dc=com&DIRECTORY_SERVER=dsee.red.iplanet.com&
DIRECTORY_PORT=7001&DS_DIRMGRDN=cn=Directory Manager&
DS_DIRMGRPASSWD=secret12&DS_UM_SCHEMA=sdkSchema&
AMConfig.button1=Configure" http://sso.red.iplanet.com:7001/fam/configurator.jsp\\?type=custom


Same opensso server can be configured with embedded store as service configuration store,
using the following command line

curl -d "&deployuri=%2F/fam&ADMIN_PWD=secret12&ADMIN_CONFIRM_PWD=secret12& \\
AMLDAPUSERPASSWD=secret123&AMLDAPUSERPASSWD_CONFIRM=secret123& \\
SERVER_URL=http%3A%2F%2Fsso.red.iplanet.com%3A7001& \\
COOKIE_DOMAIN=.red.iplanet.com&PLATFORM_LOCALE=en_US& \\
AM_ENC_KEY=FederatedAccessManagerEncryptionKey& \\
BASE_DIR=/root/sso-config&DATA_STORE=embedded& \\
ROOT_SUFFIX=dc=sun,dc=com&DIRECTORY_SERVER=sso.red.iplanet.com&
DIRECTORY_PORT=50389&DS_DIRMGRDN=cn=Directory Manager&
DS_DIRMGRPASSWD=secret12&DS_UM_SCHEMA=&
AMConfig.button1=Configure" http://sso.red.iplanet.com:7001/fam/configurator.jsp\\?type=custom

Description of the Fields

 Form Field Name
 Valid Values
 DescriptionExample
 deployuri Any valid webapp deployment URI preceded with a front slash(/)
This is the deployment URI of the OpenSSO WAR application
      eg: /opensso
 ADMIN_PWD valid password characters
 This is the password of the  'amadmin' top level admin user of OpenSSO system
mysecret
 ADMIN_CONFIRM_PWD valid password characters Confirm password for the 'amadmin' user

 AMLDAPUSERPASSWD valid password characters shared secret, traditionally called 'amldapuser'passwd

 AMLDAPUSERPASSWD_CONFIRM valid password characters confirm field

 SERVER_URL Valid  URL
 Web Container URL where opensso WAR is deployedhttp://dev.java.com:8080
 COOKIE_DOMAIN cookie domain value preceded with dot(.)
 This is the domain to which the SSO token will be set
.dev.java.com
 PLATFORM_LOCALE any valid locale
 en_US
 AM_ENC_KEY follows same norms as Sun Java ES  Access Manager
 mysecretencryptionkey
 BASE_DIR valid filesystem location
 this is the place where the opensso related configuration,debug and bootstrap files are placed after configuration
/root/opensso
 DATA_STORE Datastore type to hold the opensso configuration data

 embedded - OpenDS based embedded configuration store

dirServer - DSEE 6.x based directory stores, must be up and running bfore configuring the opensso


 ROOT_SUFFIX valid ldap suffix
 Service configuration suffix
dc=example,dc=com
 DIRECTORY_SERVER Directory Server Name
 Service configuration data Directory Server Name
 DIRECTORY_PORT Directory Server Port
 Service configuration data Directory Server port
1389
DIRMGRDNthe privielged user DN
this is used to connect to the Service configuration data Directory Server to load the schema and configuration data

cn=directory manager

in the embedded configuration cn=directory manager is assumed, but in the dirServer case this can be any valid DN

DS_DIRMGRPASSWDPassword for the DIRMGRDN
in the embedded configuration cn=directory manager is assumed and the password is set to same as of 'amadmin', but in the dirServer case this must be entered in the configurator
DS_UM_SCHEMA
sdkSchema - only in 'dirServer'

null for 'embedded' 

Whether to load the  amSDK compliant user schema
This will basically will load
sunone_schema2.ldif
ds_remote_schema.ldif
index.ldif
plugin.ldif
install.ldif
AMConfig.button1submit button

I guess so!

 

 Actually I have a shell script which would interactively ask for the serverconfig details then will post it accordingly if you want mail me. BTW, I have not tested this with HTTPS protocol yet, how ever I dont expect any problem because if the 'curl' knows the public key store of your container then it should work seamlessly. Tested this with

curl version 7.15.5

 

 

 

 



Comments:

Post a Comment:
Comments are closed for this entry.
About

Indira Thangasamy, I manage the OpenSSO Quality engineering team.

Search

Archives
« April 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today