h1. Steps to install OpenSSO Agent 3.0 nightly build for Glassfish
Assume OpenSSO server has been deployed using the nightly build [OpenSSO nightly build download | https://opensso.dev.java.net/public/use/index.html]
The opensso server url is http://myhost.red.iplanet.com:8080/opensso.
The glassfish server instance is at http://myhost.red.iplanet.com:8090.
h2. How to install opensso agent 3.0 nightly build for glassfish
{noformat}
1. Download appserver_v9_agent_3.zip from the same nightly build mentioned above.
2. Unzip it to an install directory say /myagent.
Create a text file /myagent/passwordfile that contains the agent user password in clear text.
3. cd to /myagent/j2ee_agents/appserver_v9_agent/bin
4. chmod 755 agentadmin
5. Stop the agent container.
6. Start installation: ./agentadmin --install
************************************************************************
Welcome to the OpenSSO Policy Agent 3.0 for Sun Java System Application
Server 8.1/8.2/9.0/9.1.
************************************************************************
Enter the complete path to the directory which is used by Application Server
to store its configuration Files. This directory uniquely identifies the
Application Server instance that is secured by this Agent.
[ ? : Help, ! : Exit ]
Enter the Application Server Config Directory Path
[/opt/SUNWappserver/domains/domain1/config]: /space/products/glassfish/glassfish/domains/domain1/config
Enter the URL where the OpenSSO server is running. Please include the
deployment URI also as shown below:
(http://opensso.sample.com:58080/opensso)
[ ? : Help, < : Back, ! : Exit ]
OpenSSO server URL: http://myhost.red.iplanet.com:8080/opensso
Enter the Agent URL. Please include the deployment URI also as shown below:
(http://agent1.sample.com:1234/agentapp)
[ ? : Help, < : Back, ! : Exit ]
Agent URL: http://myhost.red.iplanet.com:8090/agentapp
Enter the Agent profile name
[ ? : Help, < : Back, ! : Exit ]
Enter the Agent Profile name: myagent1
Enter the path to a file that contains the password to be used for identifying
the Agent.
[ ? : Help, < : Back, ! : Exit ]
Enter the path to the password file: /myagent/passwordfile
-----------------------------------------------
SUMMARY OF YOUR RESPONSES
-----------------------------------------------
Application Server Config Directory :
/space/products/glassfish/glassfish/domains/domain1/config
Application Server Instance name : server
OpenSSO server URL : http://myhost.red.iplanet.com:8080/opensso
Agent URL : http://myhost.red.iplanet.com:8090/agentapp
Agent Profile name : myagent1
Agent Profile Password file name : /myagent/passwordfile
Verify your settings above and decide from the choices below.
1. Continue with Installation
2. Back to the last interaction
3. Start Over
4. Exit
Please make your selection [1]:
Creating a backup for file
/space/products/glassfish/glassfish/domains/domain1/config/login.conf
...DONE.
Creating a backup for file
/space/products/glassfish/glassfish/domains/domain1/config/server.policy
...DONE.
Adding Agent Realm to
/space/products/glassfish/glassfish/domains/domain1/config/login.conf
file ...DONE.
Adding java permissions to
/space/products/glassfish/glassfish/domains/domain1/config/server.policy
file ...DONE.
Creating directory layout and configuring Agent file for Agent_001
instance ...DONE.
Reading data from file /myagent/passwordfile and encrypting it ...DONE.
Generating audit log file name ...DONE.
Creating tag swapped OpenSSOAgentBootstrap.properties file for instance
Agent_001 ...DONE.
Creating a backup for file
/space/products/glassfish/glassfish/domains/domain1/config/domain.xml
...DONE.
Adding Agent parameters to
/space/products/glassfish/glassfish/domains/domain1/config/domain.xml
file ...DONE.
SUMMARY OF AGENT INSTALLATION
-----------------------------
Agent instance name: Agent_001
Agent Bootstrap file location:
/myagent/j2ee_agents/appserver_v9_agent/Agent_001/config/OpenSSOAgentBootstrap.properties
Agent Configuration file location
/myagent/j2ee_agents/appserver_v9_agent/Agent_001/config/OpenSSOAgentConfiguration.properties
Agent Audit directory location:
/myagent/j2ee_agents/appserver_v9_agent/Agent_001/logs/audit
Agent Debug directory location:
/myagent/j2ee_agents/appserver_v9_agent/Agent_001/logs/debug
Install log file location:
/myagent/j2ee_agents/appserver_v9_agent/installer-logs/audit/install.log
Thank you for using OpenSSO Policy Agent 3.0.
7. Agent install is done. Go to OpenSSO server to create an agent profile myagent1.
8. Login to OpenSSO server console as amadmin user: http://myhost.red.iplanet.com:8080/opensso
9. Navigate to "Access Control -> Realm Name -> Agents -> J2EE"
10. In the Agent section, click on New button
11. In the Name field, enter myagent1
Enter password (the same password as specified in /myagent/passwordfile, provided during agent install)
Reenter password
Enter http://myhost.red.iplanet.com:8080/opensso in Server URL field
Enter http://myhost.red.iplanet.com:8090/agentapp in Agent URL field
Then click on Create button at the top right corner.
12. The console displays the J2EE Agent page again with a link myagent1
click on the myagent1 link, the Edit myagent1 page shows up.
13. The agent profile is now created.
14. Now restart the agent container.
15. Deploy agentapp.war, it is located at /myagent/j2ee_agents/appserver_v9_agent/etc.
This is a housekeeping app for agent. It receives notifications from OpenSSO server and passes them on to the agent.
16. The agent should now function.
{noformat}
h2. How to set up the sample application
{noformat}
1. On the agent machine, cd /myagent/j2ee_agents/appserver_v9_agent/sampleapp
This directory has the sample app source and depolyable files.
if your OpenSSO server's root suffix is "dc=opensso,dc=java,dc=net", then you don't have to change anything.
Just deploy the agentsample.ear file located in dist directory.
If not, you need to modify sun-application.xml and sun-web.xml in etc directory by replacing
the "dc=opensso,dc=java,dc=net" with your root suffix.
Then you need to rebuild the ear file by following the instuction in the readme.txt section
"Compiling and Assembling the Application".
Now, deploy the agentsample.ear file located in dist directory.
2. Login to OpenSSO server console as amadmin user and navigate to "Access Control -> Realm Name -> Agents -> J2EE".
3. Click on myagent1 link, the myagent1 page shows up.
4. Under Application tab, "Access Denied URI Processing" section, property "Resource Access Denied URI", enter agentsample in the Map Key field, then enter /agentsample/authentication/accessdenied.html in the Corresponding Map Value field, and click on Add button.
5. Under Application tab, "Login Processing" section, property "Login Form URI", enter /agentsample/authentication/login.html in the New Value field and click on Add.
6. Under Application tab, "Logout Processing" section, property "Application Logout URI", enter agentsample in the Map Key field, then enter /agentsample/logout in the Corresponding Map Value field, and click on Add button.
7. Under Application tab, "Not Enforced URI Processing" section, property "Not Enforced URIs", enter and add the following URIs one by one.
/agentsample/public/*
/agentsample/images/*
/agentsample/styles/*
/agentsample/index.html
/agentsample/
/agentsample
Make sure you now click on the "Save" button on this page to save your changes.
8. Optionally under Global tab, "General" section, property "Agent Debug Level", set the debug level to message, so that the debug info will be logged at message level.
Make sure you now click on the "Save" button on this page to save your changes.
9. Go back to main console page, and click on Access Control tab
10. Click on realm name, click on Subjects tab, click on User tab. create a new user called "chris" with password "chris".
Click on Group tab, create groups "manager" and "employee". assign the user "chris" to both "manager" and "employee".
11. Go to Policies tab. create a new policy p1. create a rule r1 with resource name
http://myhost.red.iplanet.com:8090/agentsample/*, allow actions GET and POST.
Click on Save button to save the rule r1. Then in the same policy, create a Subject s1,
assign group "manager" and "employee" to the subject s1.
Save the subject, and most importantly save the policy p1.
12. The sample application setup is done.
Open up a browser and enter http://myhost.red.iplanet.com:8090/agentsample.
On the left hand side frame, there are four links.
J2EE Declarative Security
J2EE Security API
URL Policy Enforcement
Show HTTP Headers
Click on URL Policy Enforcement, on the right frame, a page shows up with a link saying
"Invoke a Servlet Protected by URL Policy". Click on the link, the agent will take you to the FAM login page.
Enter chirs/chris. The browser should show you a successful invocation page if things go well.
Exercise the other three links in the similar manner.
{noformat}
Assume OpenSSO server has been deployed using the nightly build [OpenSSO nightly build download | https://opensso.dev.java.net/public/use/index.html]
The opensso server url is http://myhost.red.iplanet.com:8080/opensso.
The glassfish server instance is at http://myhost.red.iplanet.com:8090.
h2. How to install opensso agent 3.0 nightly build for glassfish
{noformat}
1. Download appserver_v9_agent_3.zip from the same nightly build mentioned above.
2. Unzip it to an install directory say /myagent.
Create a text file /myagent/passwordfile that contains the agent user password in clear text.
3. cd to /myagent/j2ee_agents/appserver_v9_agent/bin
4. chmod 755 agentadmin
5. Stop the agent container.
6. Start installation: ./agentadmin --install
************************************************************************
Welcome to the OpenSSO Policy Agent 3.0 for Sun Java System Application
Server 8.1/8.2/9.0/9.1.
************************************************************************
Enter the complete path to the directory which is used by Application Server
to store its configuration Files. This directory uniquely identifies the
Application Server instance that is secured by this Agent.
[ ? : Help, ! : Exit ]
Enter the Application Server Config Directory Path
[/opt/SUNWappserver/domains/domain1/config]: /space/products/glassfish/glassfish/domains/domain1/config
Enter the URL where the OpenSSO server is running. Please include the
deployment URI also as shown below:
(http://opensso.sample.com:58080/opensso)
[ ? : Help, < : Back, ! : Exit ]
OpenSSO server URL: http://myhost.red.iplanet.com:8080/opensso
Enter the Agent URL. Please include the deployment URI also as shown below:
(http://agent1.sample.com:1234/agentapp)
[ ? : Help, < : Back, ! : Exit ]
Agent URL: http://myhost.red.iplanet.com:8090/agentapp
Enter the Agent profile name
[ ? : Help, < : Back, ! : Exit ]
Enter the Agent Profile name: myagent1
Enter the path to a file that contains the password to be used for identifying
the Agent.
[ ? : Help, < : Back, ! : Exit ]
Enter the path to the password file: /myagent/passwordfile
-----------------------------------------------
SUMMARY OF YOUR RESPONSES
-----------------------------------------------
Application Server Config Directory :
/space/products/glassfish/glassfish/domains/domain1/config
Application Server Instance name : server
OpenSSO server URL : http://myhost.red.iplanet.com:8080/opensso
Agent URL : http://myhost.red.iplanet.com:8090/agentapp
Agent Profile name : myagent1
Agent Profile Password file name : /myagent/passwordfile
Verify your settings above and decide from the choices below.
1. Continue with Installation
2. Back to the last interaction
3. Start Over
4. Exit
Please make your selection [1]:
Creating a backup for file
/space/products/glassfish/glassfish/domains/domain1/config/login.conf
...DONE.
Creating a backup for file
/space/products/glassfish/glassfish/domains/domain1/config/server.policy
...DONE.
Adding Agent Realm to
/space/products/glassfish/glassfish/domains/domain1/config/login.conf
file ...DONE.
Adding java permissions to
/space/products/glassfish/glassfish/domains/domain1/config/server.policy
file ...DONE.
Creating directory layout and configuring Agent file for Agent_001
instance ...DONE.
Reading data from file /myagent/passwordfile and encrypting it ...DONE.
Generating audit log file name ...DONE.
Creating tag swapped OpenSSOAgentBootstrap.properties file for instance
Agent_001 ...DONE.
Creating a backup for file
/space/products/glassfish/glassfish/domains/domain1/config/domain.xml
...DONE.
Adding Agent parameters to
/space/products/glassfish/glassfish/domains/domain1/config/domain.xml
file ...DONE.
SUMMARY OF AGENT INSTALLATION
-----------------------------
Agent instance name: Agent_001
Agent Bootstrap file location:
/myagent/j2ee_agents/appserver_v9_agent/Agent_001/config/OpenSSOAgentBootstrap.properties
Agent Configuration file location
/myagent/j2ee_agents/appserver_v9_agent/Agent_001/config/OpenSSOAgentConfiguration.properties
Agent Audit directory location:
/myagent/j2ee_agents/appserver_v9_agent/Agent_001/logs/audit
Agent Debug directory location:
/myagent/j2ee_agents/appserver_v9_agent/Agent_001/logs/debug
Install log file location:
/myagent/j2ee_agents/appserver_v9_agent/installer-logs/audit/install.log
Thank you for using OpenSSO Policy Agent 3.0.
7. Agent install is done. Go to OpenSSO server to create an agent profile myagent1.
8. Login to OpenSSO server console as amadmin user: http://myhost.red.iplanet.com:8080/opensso
9. Navigate to "Access Control -> Realm Name -> Agents -> J2EE"
10. In the Agent section, click on New button
11. In the Name field, enter myagent1
Enter password (the same password as specified in /myagent/passwordfile, provided during agent install)
Reenter password
Enter http://myhost.red.iplanet.com:8080/opensso in Server URL field
Enter http://myhost.red.iplanet.com:8090/agentapp in Agent URL field
Then click on Create button at the top right corner.
12. The console displays the J2EE Agent page again with a link myagent1
click on the myagent1 link, the Edit myagent1 page shows up.
13. The agent profile is now created.
14. Now restart the agent container.
15. Deploy agentapp.war, it is located at /myagent/j2ee_agents/appserver_v9_agent/etc.
This is a housekeeping app for agent. It receives notifications from OpenSSO server and passes them on to the agent.
16. The agent should now function.
{noformat}
h2. How to set up the sample application
{noformat}
1. On the agent machine, cd /myagent/j2ee_agents/appserver_v9_agent/sampleapp
This directory has the sample app source and depolyable files.
if your OpenSSO server's root suffix is "dc=opensso,dc=java,dc=net", then you don't have to change anything.
Just deploy the agentsample.ear file located in dist directory.
If not, you need to modify sun-application.xml and sun-web.xml in etc directory by replacing
the "dc=opensso,dc=java,dc=net" with your root suffix.
Then you need to rebuild the ear file by following the instuction in the readme.txt section
"Compiling and Assembling the Application".
Now, deploy the agentsample.ear file located in dist directory.
2. Login to OpenSSO server console as amadmin user and navigate to "Access Control -> Realm Name -> Agents -> J2EE".
3. Click on myagent1 link, the myagent1 page shows up.
4. Under Application tab, "Access Denied URI Processing" section, property "Resource Access Denied URI", enter agentsample in the Map Key field, then enter /agentsample/authentication/accessdenied.html in the Corresponding Map Value field, and click on Add button.
5. Under Application tab, "Login Processing" section, property "Login Form URI", enter /agentsample/authentication/login.html in the New Value field and click on Add.
6. Under Application tab, "Logout Processing" section, property "Application Logout URI", enter agentsample in the Map Key field, then enter /agentsample/logout in the Corresponding Map Value field, and click on Add button.
7. Under Application tab, "Not Enforced URI Processing" section, property "Not Enforced URIs", enter and add the following URIs one by one.
/agentsample/public/*
/agentsample/images/*
/agentsample/styles/*
/agentsample/index.html
/agentsample/
/agentsample
Make sure you now click on the "Save" button on this page to save your changes.
8. Optionally under Global tab, "General" section, property "Agent Debug Level", set the debug level to message, so that the debug info will be logged at message level.
Make sure you now click on the "Save" button on this page to save your changes.
9. Go back to main console page, and click on Access Control tab
10. Click on realm name, click on Subjects tab, click on User tab. create a new user called "chris" with password "chris".
Click on Group tab, create groups "manager" and "employee". assign the user "chris" to both "manager" and "employee".
11. Go to Policies tab. create a new policy p1. create a rule r1 with resource name
http://myhost.red.iplanet.com:8090/agentsample/*, allow actions GET and POST.
Click on Save button to save the rule r1. Then in the same policy, create a Subject s1,
assign group "manager" and "employee" to the subject s1.
Save the subject, and most importantly save the policy p1.
12. The sample application setup is done.
Open up a browser and enter http://myhost.red.iplanet.com:8090/agentsample.
On the left hand side frame, there are four links.
J2EE Declarative Security
J2EE Security API
URL Policy Enforcement
Show HTTP Headers
Click on URL Policy Enforcement, on the right frame, a page shows up with a link saying
"Invoke a Servlet Protected by URL Policy". Click on the link, the agent will take you to the FAM login page.
Enter chirs/chris. The browser should show you a successful invocation page if things go well.
Exercise the other three links in the similar manner.
{noformat}