In this chapter, we have seen how OpenSSO is designed to support the commercially available LDAP servers. There are certain Identity Repository plugins that enable the server to perform better without looking for any external input. We have discussed the caching and notification-related properties that form the key to achieving the optimal performance of the overall system. For consistent repeatability there is a property file for each type of supported LDAP server provided along with the code bundle. This would greatly ease the creation of the data stores. Finally we have dealt with the process of extending the OpenLDAP server schema to adapt it to work with OpenSSO as an identity store. The schema file is the core part of this process that needs to be properly added as given in the procedure. You can create more than one data store of the same type or varying types to meet the specific deployment architecture. One can fine-tune the permissions and type of entries that can be stored in an identity store.

Identity services is becoming the buzz word in the industry. All the access and identity management product vendors are compelled to provide the identity web services feature. To that effect OpenSSO supports both SOAP and REST-based identity web services. In the next chapter we will be learning about the identity web services features provided by the OpenSSO server. Specifically the REST-based identity web services will be covered extensively.