For a basic installation see http://fmanea.blogspot.ro/2013/10/install-and-configure-openam-for-spring.html up to creating the SP (current installation was done on Tomcat 8.0 as opposed to 7.0 for the above mentioned post).
OpenAM requirements for the container
In order to add required JVM start-up parameters edit Tomcat8.0\bin\service.bat by modifying the line: --JvmOptions "-Xdebug;-Xnoagent;-Djava.compiler=NONE;-Xrunjdwp:transport=dt_socket,server=y,suspend=n,address=5006;-Xmx1024m;... (also adds debug support which should be removed in production environment).
Stop the service, run service.bat remove, run service.bat install as administrator to reinstall service, start the sdervice
Add an AD based realm
- Log in into OpenAM.
- Go to Access Control.
- Add a new Realm as child of the Top Level Realm
- Use this post to configure the Realm.
- Clear
Persistent Search Base DN: text field (in DataStore attributes area) so that you will not get periodic (very often) searches against the AD user entries (sort of periodic browse)
- In Core Realm Attributes mark
User profile to Ignore
- In Realm's Authentication tab look for the Active Directory module you just configured;edit this entry:
- Uncheck
Return User DN to DataStore: so that sAMAcoounyName is returned instead of user's DN
Important notice
In order to check effects of this area configuration have a look at the classes in com.sun.identity.authentication.modules.ldap (OpenAM Auth LDAP module).
Authorization (not subject of this post series) looks like being handled in com.sun.identity.idm.plugins.ldapv3 package, module OpenAM Core.
PHA+Rm9yIGEgYmFzaWMgaW5zdGFsbGF0aW9uIHNlZSA8YSBocmVmPSJodHRwOi8vZm1hbmVhLmJsb2dzcG90LnJvLzIwMTMvMTAvaW5zdGFsbC1hbmQtY29uZmlndXJlLW9wZW5hbS1mb3Itc3ByaW5nLmh0bWwiPmh0dHA6Ly9mbWFuZWEuYmxvZ3Nwb3Qucm8vMjAxMy8xMC9pbnN0YWxsLWFuZC1jb25maWd1cmUtb3BlbmFtLWZvci1zcHJpbmcuaHRtbDwvYT4gdXAgdG8gY3JlYXRpbmcgdGhlIFNQIChjdXJyZW50IGluc3RhbGxhdGlvbiB3YXMgZG9uZSBvbiBUb21jYXQgOC4wIGFzIG9wcG9zZWQgdG8gNy4wIGZvciB0aGUgYWJvdmUgbWVudGlvbmVkIHBvc3QpLjwvcD4NCjxoMT5PcGVuQU0gcmVxdWlyZW1lbnRzIGZvciB0aGUgY29udGFpbmVyPC9oMT4NCjxwPkluIG9yZGVyIHRvIGFkZCByZXF1aXJlZCBKVk0gc3RhcnQtdXAgcGFyYW1ldGVycyBlZGl0IFRvbWNhdDguMFxiaW5cc2VydmljZS5iYXQgYnkgbW9kaWZ5aW5nIHRoZSBsaW5lOiA8Y29kZT4tLUp2bU9wdGlvbnMgJnF1b3Q7LVhkZWJ1ZzstWG5vYWdlbnQ7LURqYXZhLmNvbXBpbGVyPU5PTkU7LVhydW5qZHdwOnRyYW5zcG9ydD1kdF9zb2NrZXQsc2VydmVyPXksc3VzcGVuZD1uLGFkZHJlc3M9NTAwNjstWG14MTAyNG07Li4uPC9jb2RlPiAoYWxzbyBhZGRzIGRlYnVnIHN1cHBvcnQgd2hpY2ggc2hvdWxkIGJlIHJlbW92ZWQgaW4gcHJvZHVjdGlvbiBlbnZpcm9ubWVudCkuDQpTdG9wIHRoZSBzZXJ2aWNlLCBydW4gPGNvZGU+c2VydmljZS5iYXQgcmVtb3ZlPC9jb2RlPiwgcnVuIDxjb2RlPnNlcnZpY2UuYmF0IGluc3RhbGw8L2NvZGU+IGFzIGFkbWluaXN0cmF0b3IgdG8gcmVpbnN0YWxsIHNlcnZpY2UsIHN0YXJ0IHRoZSBzZGVydmljZTwvcD4NCjxoMT5BZGQgYW4gQUQgYmFzZWQgcmVhbG08L2gxPg0KPHVsPg0KPGxpPkxvZyBpbiBpbnRvIE9wZW5BTS48L2xpPg0KPGxpPkdvIHRvIEFjY2VzcyBDb250cm9sLjwvbGk+DQo8bGk+QWRkIGEgbmV3IFJlYWxtIGFzIGNoaWxkIG9mIHRoZSBUb3AgTGV2ZWwgUmVhbG08L2xpPg0KPGxpPlVzZSA8YSBocmVmPSJodHRwczovL3dpa2lzLmZvcmdlcm9jay5vcmcvY29uZmx1ZW5jZS9kaXNwbGF5L29wZW5hbS9Db25maWd1cmUrT3BlbkFNK3RvK3VzZStBY3RpdmUrRGlyZWN0b3J5K2ZvcitBdXRoZW50aWNhdGlvbithbmQrRGF0YVN0b3JlIj50aGlzIHBvc3Q8L2E+IHRvIGNvbmZpZ3VyZSB0aGUgUmVhbG0uDQo8dWw+DQo8bGk+Q2xlYXIgPGNvZGU+UGVyc2lzdGVudCBTZWFyY2ggQmFzZSBETjo8L2NvZGU+IHRleHQgZmllbGQgKGluIERhdGFTdG9yZSBhdHRyaWJ1dGVzIGFyZWEpIHNvIHRoYXQgeW91IHdpbGwgbm90IGdldCBwZXJpb2RpYyAodmVyeSBvZnRlbikgc2VhcmNoZXMgYWdhaW5zdCB0aGUgQUQgdXNlciBlbnRyaWVzIChzb3J0IG9mIHBlcmlvZGljIGJyb3dzZSk8L2xpPg0KPGxpPkluIENvcmUgUmVhbG0gQXR0cmlidXRlcyBtYXJrIDxjb2RlPlVzZXIgcHJvZmlsZTwvY29kZT4gdG8gSWdub3JlPC9saT4NCjxsaT5JbiBSZWFsbSdzIEF1dGhlbnRpY2F0aW9uIHRhYiBsb29rIGZvciB0aGUgQWN0aXZlIERpcmVjdG9yeSBtb2R1bGUgeW91IGp1c3QgY29uZmlndXJlZDtlZGl0IHRoaXMgZW50cnk6DQo8dWw+DQo8bGk+VW5jaGVjayA8Y29kZT5SZXR1cm4gVXNlciBETiB0byBEYXRhU3RvcmU6PC9jb2RlPiBzbyB0aGF0IHNBTUFjb291bnlOYW1lIGlzIHJldHVybmVkIGluc3RlYWQgb2YgdXNlcidzIEROPC9saT4NCjwvdWw+DQo8L2xpPg0KPC91bD4NCjwvbGk+DQo8L3VsPg0KPGgxPkltcG9ydGFudCBub3RpY2U8L2gxPg0KPHA+SW4gb3JkZXIgdG8gY2hlY2sgZWZmZWN0cyBvZiB0aGlzIGFyZWEgY29uZmlndXJhdGlvbiBoYXZlIGEgbG9vayBhdCB0aGUgY2xhc3NlcyBpbiA8Y29kZT5jb20uc3VuLmlkZW50aXR5LmF1dGhlbnRpY2F0aW9uLm1vZHVsZXMubGRhcDwvY29kZT4gKDxjb2RlPk9wZW5BTSBBdXRoIExEQVAgbW9kdWxlPC9jb2RlPikuPC9wPg0KPHA+QXV0aG9yaXphdGlvbiAobm90IHN1YmplY3Qgb2YgdGhpcyBwb3N0IHNlcmllcykgbG9va3MgbGlrZSBiZWluZyBoYW5kbGVkIGluIDxjb2RlPmNvbS5zdW4uaWRlbnRpdHkuaWRtLnBsdWdpbnMubGRhcHYzPC9jb2RlPiBwYWNrYWdlLCBtb2R1bGUgPGNvZGU+T3BlbkFNIENvcmU8L2NvZGU+LjwvcD4NCg==
No comments :
Post a Comment