OpenSSO Agent:

OpenSSO SP is one web application itself, and I have to an non SSO application that are currently exist.  We want to combine and be able to do SSO to my current application but there are two different sessions (two different domain cookies), how do we pass the userToken (username) from one application to the other? For this, we need to install the OpenSSO Agent, it will intercepts the userToken session attribute and put them on the response parameter headers and send over to other application URL.  Here is the link that you need to download and install the agent:  The agent can be installed under web container like Tomcat, weblogic... or on the apache load balance servers. 

After you have the agent installed, you need to do some configuration to get your OpenSSO tto alks to the Agent.  I will guide you this part:

First, Login to OpenSSO SP url using amadmin and click on Access Control tab.  Click on Top Level Realm link.



Click on Policies tab and click on New Policy button.



Giive the name to this policies, Name: 2qpolicies


Go to Rules section and click New button to create new rules.  Service Type is URL Policy Agent for Step 1.  On step 2, Name: 2qssologin (name of your rule) and Resource Name: is the url that your application will lookup on the request header UserToken parameter to get username.  Check box Get and Post on the Actions with values Allow.



On the Subjects section, click New button to config.  Subject type is Authenticated Users for Step 1.  On Step 2, Give a name: 2qauthenuser for this new subject and click Finish.




You just finished create Policy under Name 2qpolicies.


Let move to Agents tab, here is where you will config this opensso to talk to the agent (Your Agent must be installed before this step).  Click New Agent to config the agent, Name is your agent name, password is your agent password, serverurl is opensso sp url and agent url is your agent url.  Something like this:



In side the Agents, click on Application tab, add to Not Enforced Urls and set Invert Not Enforced URLs: Enabled. 


We want the Agent to pass the UserToken (userName) from the Session in  Domain Cookie  to other web application, so we need to go the Session Attributes Processing and set Session Attribute Fetch Mode:and set Session Attribute Map UserToken=UserToken