Introduction
When deployed OpenSSO or Access Manager to secure Web Applications often times it is desirable to "know" what attributes are being returned from OpenSSO to determine certain behavior of a particular application. The Webspace Server provides with an add-on to integrate with OpenSSO and implements Client SDK to accomplish the authentication with OpenSSO. This has been explained in detail at http://wikis.sun.com/display/websynergy/OpenSSO+add-on.
In case, the authentication issues come up where a user successfully authenticates against OpenSSO but can't login into Web Space server it is very likely that the required attributes are not returned from the OpenSSO via client sdk. The Web Space server logs provide the necessary information about the attributes returned and other related messages. This might require administration access to the log files on the file system.
This Wiki provides information about a tool "GetAMAttrs" which is a web application that would display the attributes returned from OpenSSO/AM. This helps debug any authentication related issues that stem from the returned attributes. The tool requires an authenticated session in the browser. Essentially, a user will authenticate to the OpenSSO before accessing CheckAMAttrs application. Following picture depicts the sample output.
In the above picture, user with login ID "tuser3" has populated with all required attributes sn,cn,givenName and mail. This user should have no problem logging into Webspace server.
 | Note If the OpenSSO add-on is mapped with different attributes then look for those configured attributes. |
Installation
- Download the CheckAMAttrs.war file.
- Extract the AMConfig.properties file
jar xf CheckAMAttrs.war WEB-INF/classes/AMConfig.properties
- Update/Replace AMConfig.properties file extracted above
cp <GF Install Dir>/domains/domain1/applications/j2ee-modules/webspace/WEB-INF/classes/AMConfig.properties WEB-INF/lib/
- Extract the lib directory
jar xf CheckAMAttrs.war WEB-INF/lib
- Obtain the openssso-clientsdk.jar from either opensso website or from the existing deployed webspace directory.
cp <GF Install Dir>/domains/domain1/applications/j2ee-modules/webspace/WEB-INF/lib/openssoclientsdk-8.0.b6.jar WEB-INF/lib/
- Update the CheckAMAttrs.war file
jar uf CheckAMAttrs.war WEB-INF/classes/AMConfig.properties jar uf CheckAMAttrs.war WEB-INF/lib/openssoclientsdk-8.0.b6.jar
- Deploy the CheckAMAttrs.war file to GlassFish server either by copying into autodeploy directory or using amadmin command.
- Access the application at /ChckAMAttrs context. For example, http://webspace.mydomain.com:8080/CheckAMAttrs
| Important It is important to copy the client sdk jar and AMConfig.properties from the existing opensso addon-on install directory, though the opensso client sdk downloaded from the opensso web site would work. It is to ensure that both opensso add-on and CheckAMAttrs are using the same version of the client sdk initially to debug any potential login issues. |
How to Use
- Goto OpenSSO login page and authenticate as a user. For example, http://opensso.mydomain.com:8080/opensso/UI/Login
- After successful authentication, access GetAMAttrs application. For example, http://webspace.mydomain.com:8080/CheckAMAttrs
If the following is displayed on the Browser,
then it means that
the OpenSSO/AM authentication has not happened and user must authenticate to display the attributes. or
possible configuration issue in AMConfig.properties