OpenSSO server Installation and Setup:

For this article, we will set opensso with Apache Tomcat-6.x.   My real project is using Apache Geronimo-2.0.2, so Geronimo should work as well.

Add the follow line to catalina.bat (or sh) :

set JAVA_OPTS=-server -Xms512m -Xmx1024m -XX:PermSize=64m -XX:MaxPermSize=150m -Xverify:none -XX:+UseParallelGC -Dcom.iplanet.am.cookie.c66Encode=true -DenvProperty=dev                 -DconfigPath=/apps/famsso/sp-config

where:

-Xmx1024m and -Dcom.iplanet.am.cookie.c66Encode=true are recommended by OpenSSO

-DenvProperty and is for my environment and external configure.

Download the OpenSSO Express 8, you can either download from Sun (Oracle) or ForgeRock.  Oracle may remove the link because they want to kill this product.  ForgeRock rename OpenSSO to OpenAM, but they are the same product.

Sun (Oracle):  https://opensso.dev.java.net/public/use/index.html

ForgeRock : http://www.forgerock.com/downloads.html

For more information about how to set up the container and deploy opensso to the container, please refer to Sun Document at:

http://dlc.sun.com/pdf/820-3320/820-3320.pdf

Finally, we need to have two tomcats set up: one for the IDP and other is for SP.  We have to configured two different ports  (like 8080 for SP and 8081 for IDP).  Most important, we need to have two different Cookie Domain (like opensso.idp.com and opensso.sp.com) because the username is stored on the cookie and if we are using the same cookie domain, the idp username and sp username maybe override each other.

IDP setup:

We will use idp.com for Identity Provider (you can add 127.0.0.1 opensso.idp.com to your hosts file). To deploy Opensso to Tomcat, you just need to copy the opensso.war to webapps directory, rename the war to idp so that your context path will be http://opensso.idp.com:8081/idp (Change the port to 8081 to not conflict with SP port).

For this article purpose, we can use the Default configuration, enter the password for amAdmin and Agent and click Create Configuration button and we are done . 

opensso_install1.JPG

After we are done with the configuration, we should see the login screen:

opensso_login.JPG

Setup SP:

Similarly to IDP,  we will use opensso.sp.com url for Service Provider (you can add 127.0.0.1 opensso.sp.com to your hosts file).  To deploy Opensso to Tomcat, you just need to copy the opensso.war to webapps directory, rename the war to sp so that your context path will be http://opensso.sp.com:8080/sp.

Again, configure sp with Default Configuration and you should also see the login screen.