Getting Started with OpenSSO and Policy Agents
This is a rough draft of an unofficial tutorial to get you started with opensso and the policy agents.
This is a work in progress.
0. Create some Fully Qualified Domain Names (FQDN) to use
The AM/FAM/opensso server and policy agents requires FQDN for the host name of the machines where you will do your installations. You can NOT use a host name like "localhost" and can NOT use numeric IP addresses like "129.777.777.123" as host names either, else it will cause problems in installation, configuration and usage. You have to use FQDNs, for example like my.test.domain.com in your URLs such as http ://my.test.domain.com:6948/opensso for url values you use in agent installers etc.
PLEASE, set up some alias for the host names of the machines where you plan to do your installation. It is easy to do.
See this tip on how to set up some FQDNs to use 
1. Download the OpenSSO server
opensso.war is a web application that provides security services. You deploy this Java web application on a web container. Then often if you have web applications that you want to be protected, you can download a policy agent. Check out this download page to help you decide which versions to download.
If you are not picky about what server you use, I recommend using GlassFish as the installation works very well on this server, and the instructions I will post will follow an installation I did on GlassFish.
2. Install opensso.war
See this article for details on this step. Note, this article is about installing opensso.war for AM 7.1 but it is a very similar process for opensso.war FAM 8.0 server as well.
Installing, Configuring, and Deploying Sun Java System Access Manager the Simple Way
If you want lots of detail and documents for OpenSSO server AM 7.1, see the official set of docs for Access Manager 7.1
Install a recent build of FAM 8 opensso See Installing build 4 of opensso.war on glassfish
3. Choose and Install an agent.
3-a. Choose an agent to download
Choose an agent to download for the web container you would like to run some sample applications on. I would recommend using on of the Java agents since these instructions have been tried on them, I haven't tried them on the non-Java Agents.
Check out this download page to help you decide which agent and versions to download.
3-b. Install agents
After you have downloaded an agent, then unzip it under some directory like C:\myagents\ and then explore the unzipped agent download a bit.
Currently the installation process for agents 2.2 and agents 3.0 is somewhat similiar, but the offical documents are only available for agents 2.2 so you can use them to get started and the agent installed. Mostly chapters 3 and 4 describe the installation using the "agentadmin --install" command and then the post installation steps.
This agent install step is a little bit tricky and takes some time. Please see the official agent installation guide documents , if you have not done it before.
If you are installing a 3.0 agent for build 3 from opensso,
here are some instructions to install opensso glassfish agent 3.0 b3
If you are installing a 3.0 agent for build 2 from opensso,
here are some instructions to install opensso glassfish agent 3.0 b2
3-c. Avoid redirect problem
There is an intermittent issue that causes browser redirect issues with am server and agents occssionally, I recommend setting this the property to avoid this issue.
See the solution section of this faq
4. Create an Agent Profile
As described in the policy agent docs, you need to create an agent profile.
If using the Access Manager AM 7.1 server, then you can create an agent profile using the console UI. The steps for this are available in the offical documents for agents 2.2
If you are using the fam/opensso server version 8.0 (early access) then you need to follow these instructions since the official documents are not yet available.
5. Sample application of policy agents
The polciy agents come with a sample web application with a readme file that explains how to deploy the sample app and then to configure it to be secure.
This really is the best way to get started, and once you finish it is easy to then make your own sample apps and then use opensso to try and more things.
Check out the agent sample page for more detail.
6. Try simple single sign-on (SSO)
You could try this step before setting up and using the sample application, but the sample application uses many features.
The agents focus mostly on cookie-based single sign on. For federation based sign on or SAML, see the AM/FAM documentation. We will focus on cookie-based single sign on, for example between web applications deployed in the sample company which can use the same cookie for authentication. Once a user has signed in to one application and a cookie has been established, then they can automatically access other web apps with having to sign on again.
It is easy to use single sign on when using policy agents. Basically, once you have installed the agent on a domain instance, then any application(s) deployed in that domain are automatically. Lets consider some examples:
For SSO between web applications deployed within the same domain, using J2EE agents, see the example steps on simple sso example page .
For Cross Domain Single SignOn CDSSO, the agents can also handle this. see the documentation on enabling CDSSO in the agents.
