Openam (prior opensso) ,by defaut use Sun OpenDS as a configuration data store.
For Opanam clustering , OpenDs need to be replicated for consistant configuration data on each Openam.
OpenDS replication recommends JAVA VERSION <= jdk1.6.0_20 . In our environment ,Glassfish v3 configured as web container for openam.war. and recommended to configure web container to point JAVA VERSION <=jdk1.6.0_20.
Assumption for my blog , openam.war deployed over web container and web container successfully started.
Openam uses one Directory server as USER DATASTORE ( user and group configuration).In our environment , using OpenLDAP 2.4 as USER DATASTORE.
Use following link OpenLDAP installation :
http://sanjivblogs.blogspot.com/2011/04/openldap-installation.html
you may configure Sun Directory Server as USER DATASTORE.
Each openam instance can be configured to stand behind balancer. Do add entry of balancer in configuration .In our environment, HAproxy has been user as balancer.
Download and setup sso Configurator Tools
Use following steps on each server node to download ssoConfiguratorTool
Preparing configuration file "configurationfile"
Edit from default configuration according to your environment , In my blog i have shown template and sample "configurationfile" for both primary and secondary openam node .
"sampleconfiguration" defauft configuration file have enough commented information about each parameter.
Here primary and secondary differ in such manner
Primary :: configured first.
Secondary :: join primary for clustering.
# configurationfile (Primary sso node configuration file template)
# configurationfile (secondary sso node configuration file template)
# configurationfile (Primary sso node configuration file sample)
Execute ssoConfigutor
after preparing "configurationfile" file on each node , depending upon primary or secondary . Execute following command to fire configurator.
Succesful message shows ,you are done with openam clustering.
congrats!!!
if Still facing issues, do add comments .
Hoping My litle bit afforts meaningfull to you.
For Opanam clustering , OpenDs need to be replicated for consistant configuration data on each Openam.
OpenDS replication recommends JAVA VERSION <= jdk1.6.0_20 . In our environment ,Glassfish v3 configured as web container for openam.war. and recommended to configure web container to point JAVA VERSION <=jdk1.6.0_20.
Assumption for my blog , openam.war deployed over web container and web container successfully started.
Openam uses one Directory server as USER DATASTORE ( user and group configuration).In our environment , using OpenLDAP 2.4 as USER DATASTORE.
Use following link OpenLDAP installation :
http://sanjivblogs.blogspot.com/2011/04/openldap-installation.html
you may configure Sun Directory Server as USER DATASTORE.
Each openam instance can be configured to stand behind balancer. Do add entry of balancer in configuration .In our environment, HAproxy has been user as balancer.
Download and setup sso Configurator Tools
Use following steps on each server node to download ssoConfiguratorTool
$ wget http://www.forgerock.org/downloads/openam_release9_20100207.zip
$ unzip openam_release9_20100207.zip
$ cd ./opensso/tools
$ unzip ssoConfiguratorTools.zip -d ./ ssoConfiguratorTools
$ cd ./ssoConfiguratorTools
$ cp sampleconfiguration configurationfile
Preparing configuration file "configurationfile"
Edit from default configuration according to your environment , In my blog i have shown template and sample "configurationfile" for both primary and secondary openam node .
"sampleconfiguration" defauft configuration file have enough commented information about each parameter.
Here primary and secondary differ in such manner
Primary :: configured first.
Secondary :: join primary for clustering.
# configurationfile (Primary sso node configuration file template)
########################################
# SERVER CONFIGURATION
########################################
SERVER_URL=http://<primary_domain_name>:<openam_port>
DEPLOYMENT_URI=/openam
BASE_DIR=<openam_base_dir>
locale=en_US
PLATFORM_LOCALE=en_US
AM_ENC_KEY=ZZexwxiHAgXHQhclhPkAUgARkv5KoZ/y
ADMIN_PWD=<password_for_amadmin_user>
AMLDAPUSERPASSWD=password
COOKIE_DOMAIN=.sso.com
#######################################
# CONFIGURATION DATASTORE CONFIGURATION
#######################################
DATA_STORE=embedded
DIRECTORY_SSL=SIMPLE
DIRECTORY_SERVER=<primary_host_name>
DIRECTORY_PORT=<opends_listen_post>
ROOT_SUFFIX=dc=opensso,dc=java,dc=net
DS_DIRMGRDN=cn=Directory Manager
DS_DIRMGRPASSWD=<password_for_amadmin_user>
##################################
# REPLICATION CONFIGURATION
##################################
DS_EMB_REPL_REPLPORT1=<opends_replication_port>
##################################
# USER DATASTORE CONFIGURATION
##################################
USERSTORE_TYPE=LDAPv3ForAD
USERSTORE_SSL=SIMPLE
USERSTORE_DOMAINNAME=bal.ldap.com
USERSTORE_HOST=<ldap_host>
USERSTORE_PORT=<ldap_port>
USERSTORE_SUFFIX=dc=mysso,dc=com
USERSTORE_MGRDN=cn=Manager,dc=mysso,dc=com
USERSTORE_PASSWD=<ldap_password>
##################################
# BALANCER CONFIGURATION
##################################
LB_SITE_NAME=<site_name>
LB_PRIMARY_URL=http://<balancerPrivateIP>:<balancer_port>/openam
# configurationfile (secondary sso node configuration file template)
############################################
# SERVER CONFIGURATION
############################################
SERVER_URL=http://<slave_domain_name>:<openam_port>
DEPLOYMENT_URI=/openam
BASE_DIR=<openam_base_dir>
locale=en_US
PLATFORM_LOCALE=en_US
AM_ENC_KEY=ZZexwxiHAgXHQhclhPkAUgARkv5KoZ/y
ADMIN_PWD=<password_for_amadmin_user>
AMLDAPUSERPASSWD=password
COOKIE_DOMAIN=.sso.com
############################################
# CONFIGURATION DATASTORE CONFIGURATION
############################################
DATA_STORE=embedded
DIRECTORY_SSL=SIMPLE
DIRECTORY_SERVER=<slave_host_name>
DIRECTORY_PORT=<opends_listen_post>
ROOT_SUFFIX=dc=opensso,dc=java,dc=net
DS_DIRMGRDN=cn=Directory Manager
DS_DIRMGRPASSWD=<password_for_amadmin_user>
############################################
# REPLICATION CONFIGURATION
############################################
DS_EMB_REPL_FLAG=embReplFlag
DS_EMB_REPL_REPLPORT1=<opends_replication_port>
DS_EMB_REPL_HOST2=<ldap_host>
DS_EMB_REPL_PORT2=<opends_listen_post>
DS_EMB_REPL_REPLPORT2=<opends_replication_port>
existingserverid=http://<primary_domaim_name>:<openam_port>/openam
############################################
# USER DATASTORE CONFIGURATION
############################################
USERSTORE_TYPE=LDAPv3ForAD
USERSTORE_SSL=SIMPLE
USERSTORE_DOMAINNAME=my.ldap.com
USERSTORE_HOST=<ldap_host>
USERSTORE_PORT=<ldap_port>
USERSTORE_SUFFIX=dc=mysso,dc=com
USERSTORE_MGRDN=cn=Manager,dc=mysso,dc=com
USERSTORE_PASSWD=<ldap_password>
############################################
# BALANCER CONFIGURATION
############################################
LB_SITE_NAME=<site_name>
LB_PRIMARY_URL=http://<balancerPrivateIP>:<balancer_port>/openam
# configurationfile (Primary sso node configuration file sample)
SERVER_URL=http://primary.sso.com
DEPLOYMENT_URI=/openam
BASE_DIR=/root/openam
locale=en_US
PLATFORM_LOCALE=en_US
AM_ENC_KEY=ZZexwxiHAgXHQhclhPkAUgARkv5KoZ/y
ADMIN_PWD=adminpassword
AMLDAPUSERPASSWD=password
COOKIE_DOMAIN=.sso.com
DATA_STORE=embedded
DIRECTORY_SSL=SIMPLE
DIRECTORY_SERVER=localhost
DIRECTORY_PORT=50389
ROOT_SUFFIX=dc=opensso,dc=java,dc=net
DS_DIRMGRDN=cn=Directory Manager
DS_DIRMGRPASSWD=adminpassword
DS_EMB_REPL_REPLPORT1=50889
USERSTORE_TYPE=LDAPv3ForAD
USERSTORE_SSL=SIMPLE
USERSTORE_DOMAINNAME=ldap.sso.com
USERSTORE_HOST=ldap.sso.com
USERSTORE_PORT=389
USERSTORE_SUFFIX=dc=mysso,dc=com
USERSTORE_MGRDN=cn=Manager,dc=mysso,dc=com
USERSTORE_PASSWD=ldappassword
LB_SITE_NAME=balancer
LB_PRIMARY_URL=http://balancer.sso.com:80/openam
SERVER_URL=http://secondary.sso.com
DEPLOYMENT_URI=/openam
BASE_DIR=/root/openam
locale=en_US
PLATFORM_LOCALE=en_US
AM_ENC_KEY=ZZexwxiHAgXHQhclhPkAUgARkv5KoZ/y
ADMIN_PWD=adminpassword
AMLDAPUSERPASSWD=password
COOKIE_DOMAIN=.sso.com
DATA_STORE=embedded
DIRECTORY_SSL=SIMPLE
DIRECTORY_SERVER=localhost
DIRECTORY_PORT=50389
ROOT_SUFFIX=dc=opensso,dc=java,dc=net
DS_DIRMGRDN=cn=Directory Manager
DS_DIRMGRPASSWD=adminpassword
DS_EMB_REPL_FLAG=embReplFlag
DS_EMB_REPL_REPLPORT1=50889
DS_EMB_REPL_HOST2=primary.sso.com
DS_EMB_REPL_PORT2=50389
DS_EMB_REPL_REPLPORT2=50889
existingserverid=http://primary.sso.com:8080/openam
USERSTORE_TYPE=LDAPv3ForAD
USERSTORE_SSL=SIMPLE
USERSTORE_DOMAINNAME=ldap.sso.com
USERSTORE_HOST=ldap.sso.com
USERSTORE_PORT=389
USERSTORE_SUFFIX=dc=mysso,dc=com
USERSTORE_MGRDN=cn=Manager,dc=mysso,dc=com
USERSTORE_PASSWD=ldappassword
LB_SITE_NAME=balancer
LB_PRIMARY_URL=http://balancer.sso.com:80/openam
Execute ssoConfigutor
after preparing "configurationfile" file on each node , depending upon primary or secondary . Execute following command to fire configurator.
${JAVA_HOME}/bin/java -jar configurator.jar -f configurationfile
Succesful message shows ,you are done with openam clustering.
congrats!!!
if Still facing issues, do add comments .
Hoping My litle bit afforts meaningfull to you.
No comments:
Post a Comment