OpenAM Setup SSO v0.1

SSO

Add Realm

Just added, did not use any urls.

Add Users

Selected Realm then went to Subjects.

Question, looking in the directory the user looks normal. How can you tell what realm the user belongs to?

Don't use realms... until I know it... won't work.

Configure Trust with Realms

I figure there must be some kind of trust. The Agent setup has nothing about what realm is being used.

Java EE Policy Agent Setup

Profile

The instructions have some details missing.

Click Access Control.

You will see the default Top Level Realm. You can read more from Oracle on what a realm means.

What is the best practice around this? I assume a server usually is with an organization, but if you are a service provider you should create a realm per company you work with for example, dailyplanet and lexcrop. After that, within those realms you might have subrealms, like humanresources where you grant more access.

It looks like each realm also has its own data repository.

Values for the agent,

Name = jee
password = Adam's password + more
Configuration = Centralized
Server URL = http://openam.tin-pham.com:8080/openam = your instance of openam
Agent URL = http://tin-pham.com:8180/agentapp = the application you are protecting

Setup Agent Filter mode,

http://developers.sun.com/identity/reference/techart/policyagents.html

Setup Agent on Server

... running setup utility with tomcat

-----------------------------------------------
SUMMARY OF YOUR RESPONSES
-----------------------------------------------
Tomcat Server Config Directory : /opt/apache/tomcat.1/conf
OpenSSO server URL : http://openam.tin-pham.com:8080/openam
$CATALINA_HOME environment variable : /opt/apache/tomcat.1
Tomcat global web.xml filter install : true
Agent URL : http://tin-pham.com:8180/examples
Agent Profile name : jee
Agent Profile Password file name : /home/svradm/password.txt

Verify your settings above and decide from the choices below.
1. Continue with Installation
2. Back to the last interaction
3. Start Over
4. Exit
Please make your selection [1]:

Updating the /opt/apache/tomcat.1/bin/setenv.sh script with the Agent
configuration JVM option ...DONE.
DONE.

Creating directory layout and configuring Agent file for Agent_001
instance ...DONE.

Reading data from file /opt/j2ee_agents/tomcat_v6_agent/password.txt
and encrypting it ...DONE.

Generating audit log file name ...DONE.

Creating tag swapped OpenSSOAgentBootstrap.properties file for instance
Agent_001 ...DONE.

Creating a backup for file /opt/apache/tomcat.1/conf/server.xml ...DONE.

Creating a backup for file /opt/apache/tomcat.1/conf/web.xml ...DONE.

Adding OpenSSO Tomcat Agent Realm to Server XML file :
/opt/apache/tomcat.1/conf/server.xml ...DONE.

Adding filter to Global deployment descriptor file :
/opt/apache/tomcat.1/conf/web.xml ...DONE.

Adding OpenSSO Tomcat Agent Filter and Form login authentication to
selected Web applications ...DONE.

SUMMARY OF AGENT INSTALLATION
-----------------------------
Agent instance name: Agent_001
Agent Bootstrap file location:
/opt/openam-agents/j2ee_agents/tomcat_v6_agent/Agent_001/config/OpenSSOAgentBootstrap.properties
Agent Configuration file location
/opt/openam-agents/j2ee_agents/tomcat_v6_agent/Agent_001/config/OpenSSOAgentConfiguration.properties
Agent Audit directory location:
/opt/openam-agents/j2ee_agents/tomcat_v6_agent/Agent_001/logs/audit
Agent Debug directory location:
/opt/openam-agents/j2ee_agents/tomcat_v6_agent/Agent_001/logs/debug
Install log file location:
/opt/openam-agents/j2ee_agents/tomcat_v6_agent/installer-logs/audit/install.l

References

http://openam.forgerock.org/doc/agent-install-guide/OpenAM-Agent-Install-Guide.html

https://wikis.forgerock.org/confluence/display/openam/Add+Authentication+to+a+Website+using+OpenAM