Configuring Sun Convergence With Sun OpenSSO Enterprise 8.0 for Authentication and SSO

h1. Configuring Sun Convergence With Sun OpenSSO Enterprise 8.0 for Authentication and SSO
This article describes the steps to configure Sun OpenSSO Enterprise 8.0 with Convergence. Convergence supports OpenSSO Enterprise 8.0 starting Sun Convergence 1 Update 2 release.

h2. Prerequisites:
* You must have Sun OpenSSO Enterprise 8.0 installed and configured. For more information, see [Sun OpenSSO Enterprise 8.0 Installation and Configuration Guide |http://docs.sun.com/app/docs/doc/820-3320].
* Convergence must be installed and configured (minimum version Sun Convergence 1 Update 2).

h2. Configuring Sun OpenSSO Enterprise 8 with Convergence
Configuring OpenSSO with Sun Convergence involves configuration for both OpenSSO and Convergence.

h3. Configuring OpenSSO
To configure OpenSSO with Convergence, enable cookie encoding and set up a Realm.

h4. Enabling Cookie Encoding
To enable cookie encoding, perform the following steps:
# Log in to OpenSSO console as user {{amAdmin}}.
# Click Configuration -> Server and Sites.
# Click the link corresponding to the server on which OpenSSO is deployed.
# Click Security -> Cookie. By default the cookie encoding is set to No.
# Click the Inheritance Settings button.
# Deselect Encode Cookie Value.

h4. Setting Up the Realm
You must set up a Realm in OpenSSO to enable authentication. To do this, you must perform the following steps:

# Create a Realm.
To learn more about how to create Realms in OpenSSO, see [Chapter 2 Managing Realms|http://docs.sun.com/app/docs/doc/820-3885/realms?a=view] in the [Sun OpenSSO Enterprise 8.0 Administration Guide|http://docs.sun.com/app/docs/doc/820-3885].
# Create a Data Store. The type of the Data Store must be "Sun DS with OpenSSO Schema".
To learn more about how to create Data Stores in OpenSSO, see [Chapter 3 Data Stores|http://docs.sun.com/app/docs/doc/820-3885/realms?a=view] in the Sun OpenSSO Enterprise 8.0 Administration Guide.
# Configure the realm for OpenSSO Enterprise authentication service. The LDAP service must be configured and the criteria must be set to {{REQUIRED}}.
To learn more about configuring the authentication service, see [Chapter 4 Managing Authentication|http://docs.sun.com/app/docs/doc/820-3885/authentication?a=view] in the Sun OpenSSO Enterprise 8.0 Administration Guide.

h3. Configuring Convergence
To configure Sun Convergence, perform the following steps:
# Copy the {{AMConfig.properties.template}} as {{AMConfig.properties}}. By default, this exists in the {{/opt/sun/comms/iwc/config}} directory.
{code}
cp AMConfig.properties.template AMConfig.properties
{code}
# Edit the {{AMConfig.properties}} file and set the following properties:
{code}
com.iplanet.am.naming.url=http://<your_host_name>:<portnumber>/opensso/namingservice
com.iplanet.am.notification.url=http://<your_host_name>:<portnumber>/opensso/notificationservice
com.iplanet.services.debug.directory=/<path>/<to>/<debug>/<directory>
{code}

h3. Enabling OpenSSO Authentication

To use OpenSSO as the authentication provider for Convergence, perform the following steps:
# Set the value of the {{auth.opensso.enable}} parameter to {{true}}.
{code}
iwcadmin -u <adminuserid> -w <adminpassword> -o auth.opensso.enable -v true
{code}
# Set the value of the {{auth.opensso.cookiedomain}} parameter to the domain on which Sun Convergence is deployed.
{code}
iwcadmin -u <adminuserid> -w <adminpassword> -o auth.opensso.cookiedomain -v <domain_name>
{code}
{info:title=Note} You must restart the application server after making configuration changes.{info}

h3. Enabling OpenSSO Single SignOn in Convergence

To enable OpenSSO Single SignOn, you must set the {{sso.opensso.enabe}} parameter to {{true}}.

{code}
iwcadmin -u <adminuserid> -w <adminpassword> -o sso.opensso.enable -v true
{code}
{info:title=Note} You must restart the application server after making configuration changes.{info}