Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. Top Level Realm > Data Stores > OpenDJ:  Click "Load schema when saved" and click Save.  This will create the schema within OpenDJ.
  2. Top Level Realm > Subjects > Groups: I usually add a group called "Accessors".
  3. Users: Add at least two users, one a member of group Accessors and another who isn't.  Note that you won't get the demo user for free.
  4. Top Level Realm > Agents > JEE: Create a J2EE agent with an appropriate password.  Don't forget the Server URL is the load balancer URL, i.e. http://openam.example.com:8080/openam
  5. Global: Agent Root URL for CDSSO: Add the load balancer URL to the existing JASPA URL, i.e. http://openam.example.com:8080/ openam/NOTE: trailing "/" is important!
  6. Global: General: Agent Debug Level: Set to message
  7. Don't forget to save.
  8. SSO: Cross Domain SSO: ensure the correct load balancer path is in the CDSSO Servlet URL (it will have cdcservlet stuck on the end of it).
  9. SSO: CDSSO Trusted ID Provider: Remove the URL containing the load balancer path and add the cdcservlet URL for EACH ONE of your OpenAM instances (this is necessary for LARES to work with Agent 3.x)
  10. SSO: CDSSO Domain List: Add the JASPA domain.
  11. Don't forget to save.
  12. Top Level Realm > Authorization > Policy Sets> Default Policy Set: Add a policy specifying that only "accessors" have access.  The policy URI can just be the default with all the stars in it.

...