Configuring Sun Convergence With Sun OpenSSO Enterprise 8.0 for Authentication and SSO

This article describes the steps to configure Sun OpenSSO Enterprise 8.0 with Convergence. Convergence supports OpenSSO Enterprise 8.0 starting Sun Convergence 1 Update 2 release.

Prerequisites:

• You must have Sun OpenSSO Enterprise 8.0 installed and configured. For more information, see Sun OpenSSO Enterprise 8.0 Installation and Configuration Guide .
• Convergence must be installed and configured (minimum version Sun Convergence 1 Update 2).

Configuring Sun OpenSSO Enterprise 8 with Convergence

Configuring OpenSSO with Sun Convergence involves configuration for both OpenSSO and Convergence.

Configuring OpenSSO

To configure OpenSSO with Convergence, enable cookie encoding and set up a Realm.

Enabling Cookie Encoding

To enable cookie encoding, perform the following steps:

1. Log in to OpenSSO console as user amAdmin.
2. Click Configuration -> Server and Sites.
3. Click the link corresponding to the server on which OpenSSO is deployed.
4. Click Security -> Cookie. By default the cookie encoding is set to No.
5. Click the Inheritance Settings button.
6. Deselect Encode Cookie Value.
7. Click Save.
   You can now change the cookie encoding option.
8. Set the value of Cookie Encoding Value to Yes. See step 4.
9. Click Save to save your changes.
10. Restart the application server on which OpenSSO is deployed.

Setting Up the Realm

You must set up a Realm in OpenSSO to enable authentication. To do this, you must perform the following steps:

1. Create a Realm.
   To learn more about how to create Realms in OpenSSO, see Chapter 2 Managing Realms in the Sun OpenSSO Enterprise 8.0 Administration Guide.
2. Create a Data Store. The type of the Data Store must be "Sun DS with OpenSSO Schema".
   To learn more about how to create Data Stores in OpenSSO, see Chapter 3 Data Stores in the Sun OpenSSO Enterprise 8.0 Administration Guide.
3. Configure the realm for OpenSSO Enterprise authentication service. The LDAP service must be configured and the criteria must be set to REQUIRED.
   To learn more about configuring the authentication service, see Chapter 4 Managing Authentication in the Sun OpenSSO Enterprise 8.0 Administration Guide.

Configuring Convergence

To configure Sun Convergence, perform the following steps:

1. Copy the AMConfig.properties.template as AMConfig.properties. By default, this exists in the /opt/sun/comms/iwc/config directory.

   cp AMConfig.properties.template AMConfig.properties
   

2. Edit the AMConfig.properties file and set the following properties:

   com.iplanet.am.naming.url=http://<your_host_name>:<portnumber>/opensso/namingservice
   com.iplanet.am.notification.url=http://<your_host_name>:<portnumber>/opensso/notificationservice
   com.iplanet.services.debug.directory=/<path>/<to>/<debug>/<directory>
   

Enabling OpenSSO Authentication

To use OpenSSO as the authentication provider for Convergence, perform the following steps:

1. Set the value of the auth.opensso.enable parameter to true.

   iwcadmin -u <adminuserid> -w <adminpassword> -o auth.opensso.enable -v true
   

2. Set the value of the auth.opensso.cookiedomain parameter to the domain on which Sun Convergence is deployed.

   iwcadmin -u <adminuserid> -w <adminpassword> -o auth.opensso.cookiedomain -v <domain_name>
   

   Note You must restart the application server after making configuration changes.

Enabling OpenSSO Single SignOn in Convergence

To enable OpenSSO Single SignOn, you must set the sso.opensso.enabe parameter to true.

iwcadmin -u <adminuserid> -w <adminpassword> -o sso.opensso.enable -v true

Note You must restart the application server after making configuration changes.