OpenSSO with OpenDS for the impatient

I would like to insist that you wait for the official notification for OpenDS support with OpenSSO. For the impatient I made some fixes so that you can configure the OpenDS as your configuration store for the openSSO. For this excercise I have used
  • OpenDS build 17
  • OpenSSO cvs source of 11/28/06
  • Tomcat Servlet container

Server version: Apache Tomcat/5.5.12
Server built:   Sep 23 2005 09:40:42
Server number:  5.5.12.0
OS Name:        SunOS
OS Version:     5.10
Architecture:   sparc
JVM Version:    1.5.0_04-b05
JVM Vendor:     Sun Microsystems Inc.

As of today (11/28/06) OpenDS does not support schema modification over the LDAP protocol. OpenSSO configurator relies on this feature so out of box OpenSSO cannot be configured with OpenDS. To make this work we need to prepare the OpenDS to accept the OpenSSO configuration data. OpenSSO delivers specific LDAP schema for its configuration data as well as for user data. For this excercise I have only adapted the configuration[am_sm_ds_schema.ldif] schema to OpenDS, I have not yet started working on the user schema. [sunone_schema2.ldif and ds_remote_schema.ldif]

Step1:
Check out the source tree and build the war for the amserver. Modify the code as necessary if the issue 143 has not been resolved.
Step2:
Install the OpenDS
Step3:
Copy the OpenSSO 99-am_sm_ds_schema.ldif configuration data schema file in to the OpenDS config/schema directory.( Restart the OpenDS.).
You can also copy and paste the text below if you are not able to download the schema file.


##The contents of this file are subject to the terms
##of the Common Development and Distribution License
##(the License). You may not use this file except in
##compliance with the License.
##
##You can obtain a copy of the License at
##https://opensso.dev.java.net/public/CDDLv1.0.html or
##opensso/legal/CDDLv1.0.txt
##See the License for the specific language governing
##permission and limitations under the License.
dn: cn=schema
objectClass: top
objectClass: ldapSubentry
objectClass: subschema
attributeTypes: ( 1.3.6.1.4.1.42.2.27.9.1.78 
               NAME ( 'sunserviceschema' ) 
               DESC 'SMS Attribute to Store xml schema of a particular service' 
               SYNTAX 1.3.6.1.4.1.1466.115.121.1.15  
               SINGLE-VALUE X-ORIGIN 'Sun Java System Identity Management' )
attributeTypes: ( 1.3.6.1.4.1.42.2.27.9.1.79 
               NAME ( 'sunserviceid' ) 
               DESC 'Attribute to store the reference to the inherited object' 
               SYNTAX 1.3.6.1.4.1.1466.115.121.1.15  
               SINGLE-VALUE X-ORIGIN 'Sun Java System Identity Management' )
attributeTypes: ( 1.3.6.1.4.1.42.2.27.9.1.81 
               NAME ( 'sunsmspriority' ) 
               DESC 'To store the priority of the service with respect to its siblings' 
               SYNTAX 1.3.6.1.4.1.1466.115.121.1.27  
               SINGLE-VALUE X-ORIGIN 'Sun Java System Identity Management' )
attributeTypes: ( 1.3.6.1.4.1.42.2.27.9.1.82 
               NAME ( 'sunpluginschema' ) 
               DESC 'To store the plugin schema information' 
               SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 
               X-ORIGIN 'Sun Java System Identity Management' )
attributeTypes: ( 1.3.6.1.4.1.42.2.27.9.1.83 
               NAME ( 'sunkeyvalue' ) 
               DESC 'Attribute to store the encoded key values of the services' 
               SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 
               X-ORIGIN 'Sun Java System Identity Management' )
attributeTypes: ( 1.3.6.1.4.1.42.2.27.9.1.84 
               NAME ( 'sunxmlkeyvalue' ) 
               DESC 'Attribute to store the key values in xml format' 
               SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 
               X-ORIGIN 'Sun Java System Identity Management' )
objectClasses: ( 1.3.6.1.4.1.42.2.27.9.2.25 
              NAME 'sunservice' 
              DESC 'object containing service information' 
              SUP top STRUCTURAL 
              MUST ou 
              MAY ( labeleduri $ sunserviceschema $ sunkeyvalue $ sunxmlkeyvalue $ sunpluginschema $ description ) 
              X-ORIGIN 'Sun Java System Identity Management' )
objectClasses: ( 1.3.6.1.4.1.42.2.27.9.2.104 
              NAME 'sunRealmService' 
              DESC 'object containing service information for realms' 
              SUP top 
              STRUCTURAL 
              MAY ( o $ labeleduri $ sunkeyvalue $ sunxmlkeyvalue $ description ) 
              X-ORIGIN 'Sun Java System Identity Management' )
objectClasses: ( 1.3.6.1.4.1.42.2.27.9.2.27 
             NAME 'sunservicecomponent' 
             DESC 'Sub-components of the service' 
             SUP organizationalUnit 
             STRUCTURAL  
             MUST ou 
             MAY ( labeleduri $ sunserviceid $ sunsmspriority $ sunkeyvalue $ sunxmlkeyvalue $ description ) 
             X-ORIGIN 'Sun Java System Identity Management' )
Step4:
Deploy the amserver.war on to the Tomcat

access the configurator page, enter the required details for the configurator to proceed as show in the image
SSoConfigScreen


After successful configuration you should be able to login to the OpenSSO console as user 'amadmin'. Out of box it uses the DataStore authentication, you need to create the LDAPv3 data stores if you want to use any LDAP store for user data.


NOTE
In the OpenSSO configuration the event services are disabled by default. If you want to enable it you need to set the following AMConfig.properties
  • com.sun.am.event.connection.disable.list=
  • out of box this property value will be
  • com.sun.am.event.connection.disable.list=aci,sm,um

  • Make sure you have created the bind users(as configured in the serverconfig.xml) in the configuration Directory server.

    BTW, I have not done extensive testing with OpenDS as configuration data store for OpenSSO. All I have done is minimal verification.

    Comments:

    Great stuff, Indira. Looking forward to trying this when I get a moment...

    Posted by Pat on November 29, 2006 at 07:11 AM PST #

    Great stuff, Indira. An interesting step forward could be to try to embed OpenDS in the OpenSSO server, to give OpenSSO a fast and scalable local repository :-) Ludo

    Posted by Ludo on November 29, 2006 at 04:34 PM PST #

    thanks Ludo for the suggestion of embedding OpenDS with OpenSSO. I think it is worth to give a thought about it

    Posted by indira on November 30, 2006 at 02:38 AM PST #

    Post a Comment:
    Comments are closed for this entry.
    About

    Indira Thangasamy, I manage the OpenSSO Quality engineering team.

    Search

    Archives
    « April 2014
    SunMonTueWedThuFriSat
      
    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    21
    22
    23
    24
    25
    26
    27
    28
    29
    30
       
           
    Today