Home Page Icon
Home Page
Table of Contents for
OpenAM
Close
OpenAM
by Indira Thangasamy
OpenAM
OpenAM
OpenAM
Credits
About the Author
Acknowledgement
About the Reviewers
www.PacktPub.com
Support files, eBooks, discount offers and more
Why Subscribe?
Free Access for Packt account holders
Preface
What this book covers
What you need for this book
Who this book is for
Conventions
Reader feedback
Customer support
Errata
Piracy
Questions
1. Getting Started
History of OpenSSO
OpenSSO vs. OpenAM
OpenSSO—an overview
OpenSSO services
Federation services
Web Services Security and Secure Token Service
OpenSSO Entitlements Service
What kind of problems does OpenSSO solve?
Access management
Federation
Securing web services
Entitlements
Summary
2. OpenSSO Deployment and Configuration
Deployment requirements for OpenSSO web application
Containers and operating systems support
Java SDK support
Disk and memory requirements
Browser requirements
Configuration store versus Identity Store
Configuration store
Embedded configuration store
External Sun Directory Server Enterprise Edition configuration store
Identity store
How to obtain OpenSSO
Building OpenSSO from source
Downloading OpenSSO binary
Configuring OpenSSO
Installing and configuring Apache Tomcat 6.0.20
OpenSSO one click configuration
Verifying OpenSSO configuration
What just happened?
OpenSSO configuration choices
Single server configuration-using embedded configuration store
Layout of the configuration directory
Single server configuration-using external configuration store
Multi-server configuration-embedded configuration store
Prerequisites for multi-server configuration
Adding OpenSSO to an existing deployment
Verification of multi-server deployment
Configuring using command line configurator
Configuring OpenSSO with SSL/TLS
Configuring command line tools
Uninstalling OpenSSO
OpenSSO release and support model
Summary
3. Administrating OpenSSO
Administration interfaces
Accessing the administrative console
Console views and privileges
Console landing page-common tasks
Access control tab
General
Authentication
Service
Data stores
Privileges
Policies
Subjects
Managing users from the command line tool
Managing groups from a command line tool
Agents
Configuration
Retrieving all the server properties
Updating server configuration properties
Removing properties from server configuration
Sessions tab
Managing sessions using ssoadm
Customizing the console
Extending LDAP schema
Customizing OpenSSO User Service
Adding attributes to amUser.xml
Removing User Service schema
Adding the updated User Service schema
Adding the labels
Adding the custom attributes to data store configurations
Updating privileges
Testing the changes
Summary
4. Authentication and Session Service
Authentication process
Cookies in OpenSSO
Authentication types and URL parameters
Module
Level
Service
User
Role
Realm
Resource
Other authentication URL parameters
IDToken parameter
goto and gotoOnFail parameters
locale parameter
arg parameter
iPSPCookie parameter
ForceAuth parameter
PersistAMCookie parameter
Authentication modules, instances, and chains
LDAP authentication
Creating an authentication instance
Updating an authentication instance
Reading an authentication instance
Using an authentication instance
Deleting an authentication instance
Authentication chains
Creating an authentication chain
Updating an authentication chain
Reading an authentication chain
Using an authentication chain
Performing a user-based authentication
Deleting an authentication chain
Authentication modules
LDAP
Active Directory
Data store
Anonymous
Certificate (X.509)
Configuring Tomcat in SSL using CA signed certificate
HTTP basic authentication
Membership
JDBC
HOTP
SecurID
SafeWord
RADIUS
Unix
Windows NT
Windows Desktop SSO
Core
User profile requirement
Setting user profile attributes in an SSO token
Adding custom authentication modules
Session Service
Session Service schema
Updating Session Service
Session life cycle
Session structuring
Session state transition
Session properties
Session change notification and polling
Session persistence and constraints
Summary
5. Password Reset and Account Management
Account lockout
Configuring account lockout
Physical lockout
In-memory lockout
Applying a password reset
Prerequisites
Configuring the password reset service in OpenSSO
Assigning service and update service attributes
Creating and assigning OpenDS password policy
Creating OpenDS policy
Assigning the policy to a user
Forcing password change after reset
Behind the scenes
Location of secret questions
Summary
6. Protecting a Simple Web Application to Provide SSO
OpenSSO Policy Framework
Protecting a sample application on Tomcat
Creating the agent profile
Installing and configuring the agents
Deploying and configuring the Java application
Creating policies and associated identities
Testing the SSO
Fetching user profile attributes
Summary
7. Integrating Salesforce and Google Apps
Integrating OpenSSO with Salesforce applications
Configuring hosted identity provider and circle of trust
Configuring OpenSSO metadata for Salesforce.com
Configuring users for Salesforce.com
Verifying the SSO
Integrating with Google Apps
Configuring the hosted identity provider
Configuring SSO parameters at Google Apps
Configuring users for Google Apps
Verifying SSO
Summary
8. Identity Stores
Identity store types
Caching and notification
Persistent search-based notification
Time-to-live based notification
TTL-specific properties for Identity Repository cache
Supported identity stores
User schema
Access Manager Repository plugin
Creating an Access Manager Repository plugin data store
Displaying the data store properties
Updating data store properties
Deleting data stores
Removing the Access Manager Repository plugin
Oracle Directory Server Enterprise Edition
Creating a data store for Oracle DSEE
Updating the data store
Deleting the data store
Data store for OpenDS
Data store for Tivoli DS
Data store for Active Directory
Data store for Active Directory Application Mode
Datastore for OpenLDAP
Configuring an OpenLDAP suffix
Extending the schema
Preparing the suffix with necessary entries
Creating an OpenLDAP data store
Testing the data store
Multiple data stores
Summary
9. RESTful Identity Services
Prerequisites
Invoking REST interfaces
Authentication
Authenticating with URL parameters
Validating an SSO token
Invalidating session (logout)
Creating log events
Authorization
Identity CRUD operations
Searching identities
Searching for user identities
Searching groups
Searching for agents
Retrieving identity attributes
Creating agent identities
Creating user identities
Creating group identities
Updating identities
Deleting identities
Deleting user identities
Deleting group identities
Deleting the agent identities
Other REST interfaces
Summary
10. Backup, Recovery, and Logging
Backing up configuration data
Backing up the OpenSSO configuration files
Backing up the OpenSSO configuration data
Crash recovery and restore
Test to production
Performing the configuration change
Configuring the export test server
Configuring OpenSSO on the production server
Adapting the test configuration data
Importing into the production system
OpenSSO audit and logging
Enabling debug (trace) level logging
Audit logging
Enabling and disabling audit logging
File-based logging
Database logging
Remote logging
Secure logging
Creating the keystore
How to verify
Summary
11. Troubleshooting and Diagnostics
OpenSSO diagnostic tools
Installing and configuring the tool
Invoking the tool
Troubleshooting
Installation and configuration
Scenario 1
Scenario 2
Scenario 3
How to Fix
Scenario 4
Authentication and session areas
Scenario 1
Scenario 2
Scenario 3
Scenario 4
Identity repository and password reset
Scenario 1
Scenario 2
Scenario 3
Scenario 4
Scenario 5
Policy and agents
Scenario 1
Scenario 2
Scenario 3
Command line tools
Scenario 1
Scenario 2
Summary
Search in book...
Toggle Font Controls
Playlists
Add To
Create new playlist
Name your new playlist
Playlist description (optional)
Cancel
Create playlist
Sign In
Email address
Password
Forgot Password?
Create account
Login
or
Continue with Facebook
Continue with Google
Sign Up
Full Name
Email address
Confirm Email Address
Password
Login
Create account
or
Continue with Facebook
Continue with Google
Prev
Previous Chapter
Cover
Next
Next Chapter
OpenAM
OpenAM
Add Highlight
No Comment
..................Content has been hidden....................
You can't read the all page of ebook, please click
here
login for view all page.
Day Mode
Cloud Mode
Night Mode
Reset