OpenSSO Agent:

OpenSSO SP is one web application itself, and I have to an non SSO application that are currently exist.  We want to combine and be able to do SSO to my current application but there are two different sessions (two different domain cookies), how do we pass the userToken (username) from one application to the other? For this, we need to install the OpenSSO Agent, it will intercepts the userToken session attribute and put them on the response parameter headers and send over to other application URL.  Here is the link that you need to download and install the agent: https://opensso.dev.java.net/public/use/agents.html.  The agent can be installed under web container like Tomcat, weblogic... or on the apache load balance servers. 

After you have the agent installed, you need to do some configuration to get your OpenSSO tto alks to the Agent.  I will guide you this part:

First, Login to OpenSSO SP url http://opensso.sp.com:8080/sp using amadmin and click on Access Control tab.  Click on Top Level Realm link.

agent1.jpg

 

Click on Policies tab and click on New Policy button.

agent2.JPG

 

Giive the name to this policies, Name: 2qpolicies

agent3.jpg

Go to Rules section and click New button to create new rules.  Service Type is URL Policy Agent for Step 1.  On step 2, Name: 2qssologin (name of your rule) and Resource Name: http://www.2qvideo.com:8080/ssoLoginToken.action is the url that your application will lookup on the request header UserToken parameter to get username.  Check box Get and Post on the Actions with values Allow.

agent4.JPG

agent5.JPG

On the Subjects section, click New button to config.  Subject type is Authenticated Users for Step 1.  On Step 2, Give a name: 2qauthenuser for this new subject and click Finish.

agent6.JPG

agent7.JPG

agent8.JPG

You just finished create Policy under Name 2qpolicies.

agent9.JPG

Let move to Agents tab, here is where you will config this opensso to talk to the agent (Your Agent must be installed before this step).  Click New Agent to config the agent, Name is your agent name, password is your agent password, serverurl is opensso sp url and agent url is your agent url.  Something like this:

agent10.JPG

 

In side the Agents, click on Application tab, add http://www.2qvideo.com:8080/ssoLoginToken.action to Not Enforced Urls and set Invert Not Enforced URLs: Enabled. 

agent11.JPG


We want the Agent to pass the UserToken (userName) from the Session in  Domain Cookie  to other web application, so we need to go the Session Attributes Processing and set Session Attribute Fetch Mode:and set Session Attribute Map UserToken=UserToken

agent12.JPG