Creating Authentication Chain using OpenSSO ssoadm CLI


You can use ssoadm CLI to automate the OpenSSO service configuration.  In the next few blog entries I am planning to give some examples on how to perform certain configuration changes using the ssoadm CLI. In this article I am going to show you how to create an Authentication Chain. You should have configured the CLI  as a prerequisite.



Here is the scenario:



  • Create an LDAP auth module with Name "MyLDAP" pointing to the ldapserver myldap.example.com:5389  with BIND DN "cn=myldap manager"

  • Create an Authentication Chain 'myauthcfg' with MyLDAP as the required module


Creating LDAP Authentication Module



  • ./ssoadm create-auth-instance -m MyLDAP -t LDAP -u amadmin -f /tmp/.pass -e /


 Update the LDAP Server Properties


Add the ldap server configuration details to the newly created auth module 'MyLDAP'




  • ./ssoadm update-auth-instance -e / -m MyLDAP -u amadmin -f /tmp/.pass -a "iplanet-am-auth-ldap-server=myldap.example.com:5389" "iplanet-am-auth-ldap-bind-dn=cn=myldap manager"



Create the Authentication Chain


When you create the auth chain there will be no modules added to it, you need add it later


Create the Auth Chain named 'myauthcfg'





  • ./ssoadm create-auth-cfg -e / -m myauthcfg -u amadmin -f /tmp/.pass


Add Auth Instances to  Auth chain 


Add the MyLDAP as the required module to the auth chain 'myauthcfg'





  • ./ssoadm update-auth-cfg-entr -m myauthcfg -e / -u amadmin -f /tmp/.pass
    -a "MyLDAP|REQUIRED"


Listing Auth Chains



You can list the available authentication configurations in a realm using the list-auth-cfgs  sub command.


./ssoadm list-auth-cfgs -e / -u amadmin -f /tmp/.pass


Authentication Configurations:

ldapService

myauthcfg

Listing Authentication Instances


You can also list the available authentication instances in a realm using the list-auth-instances sub command



  • ./ssoadm list-auth-instances -e / -u amadmin -f /tmp/.pass




Authentication Instances:
WSSAuthModule, [type=WSSAuthModule]
MyLDAP, [type=LDAP]
Federation, [type=Federation]
LDAP, [type=LDAP]
HOTP, [type=HOTP]
DataStore, [type=DataStore]
SAE, [type=SAE]






Comments:

Post a Comment:
Comments are closed for this entry.
About

Indira Thangasamy, I manage the OpenSSO Quality engineering team.

Search

Archives
« April 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today