The administrative console can be accessed via a supported browser such as Firefox, by entering the URL<protocol>://servername:port/<deploy_uri>/console. It is possible to reach the console from the Login page entering the URL<protocol>://servername:port/<deploy_uri>/UI/Login, but there is a key difference in the authentication process while accessing from the Login page and the console page. The administrator can configure different authentication chains for the administrative console that could be different from the normal user login. The server determines this based on the configuration set in the root realm of the OpenSSO server. You can find more on the authentication process and different types of authentication in the next chapter.

In a typical deployment, the administrative console may be configured with a higher level of authentication. Users who access the administrative console have to authenticate multiple levels to get access to the administration page. This can be configured in the root realm, under (Access Control | Top Level Realm | Authentication) the Administrator Authentication Configuration as shown in the following screenshot. The Authentication Chain instance named as consleAccess is configured to authenticate using the LDAP authentication module, and will be invoked when the user accesses the<protocol>://servername:port/<deploy_uri>/console. On the same page there is Organization Authentication Configuration that is configured with the normalAccess authentication chain that will be authenticating against a RADIUS server. When users access the Login page with the URL of the form<protocol>://servername:port/<deploy_uri>/UI/Login, then the browser will redirect to the RADIUS authentication module. Generally, the administrative console will not be exposed to the end users of the OpenSSO server.

A realm is a unit that OpenSSO uses to organize configuration information. This should not be confused with the Java EE security realms.

In the out-of-the-box configuration, both administrator console and realm authentication configuration are set to be the same, so you will not notice any difference. Once you are authenticated as a valid user, OpenSSO is configured to redirect to the administrative console depending on the user type—whether administrator or non-administrator, and the respective page will be rendered.