0

I'm trying to apply OpenAM to our Web Applications for SSO.

From the last month I got familiar with OpenAM, so I thought that I'm almost getting to the end.

But another constraint has arisen.

One Application has deeper dependency to Winstone Servlet Container, but it's not on OpenAM's Java EE Agents lists.

My solution was 'Using Apache Web Server : Apache+Winstone', but my colleague rejected my suggestion.

Is there any other solution for OpenAM+Winstone?

(I could not find it with Googling. In fact I didn't know Winstone itself until my colleague said that.)

user1859006
  • 86
  • 9

1 Answers1

1

If you don't need J2EE security in your application you could just use the 'servlet-filter' part of the 'J2EE Agent' filter (e.g. Tomcat Agent). You just need to specify a JVM option to point to the boostrap directory and add the agent libs to the classpath.

Bernhard Thalmayr
  • 2,674
  • 1
  • 11
  • 7
  • Ah, You mean that 'servlet-filter' part(library) of the JavaEE Agents can be applied to all(Tomcat, Jetty, Winstone, ...) Servlet Container equally? I'll read the manual more carefully... Thank you so much. ^^ – user1859006 Sep 21 '14 at 22:35
  • 1
    That's not documented because it can not be officially supported by Forgerock, but the servlet-filter is the same for all JEE agents. Only the JEE (JAAS) part of the JEE agent is deployment container specific. – Bernhard Thalmayr Sep 22 '14 at 06:28
  • Thank you again. ^^ I understand more exactly... I'm doing Trials & Errors and not yet get the end. (Maybe configuration files are needed by hand.) – user1859006 Sep 22 '14 at 10:41
  • 1
    yes a configuration file is needed as I posted in my first comment ... you specify the config directory and the code will search for OpenSSOAgentBootstrap.properties file. You should install a Tomcat agent to see how it has to look like. Most important properties are the value for com.sun.identity.agents.app.username as this links to the Agent profile in OpenAM com.iplanet.am.service.secret this is the encrypted password for the agent profile, (you need cryptit) which is using am.encryption.pwd com.sun.identity.agents.config.organization.name which specifies the realm of the profil – Bernhard Thalmayr Sep 22 '14 at 19:58
  • 1
    com.sun.identity.agents.config.profilename should be the same as com.sun.identity.agents.app.username – Bernhard Thalmayr Sep 22 '14 at 20:03