0 Replies Latest reply: Apr 22, 2010 3:35 AM by 807573 RSS

    Trying to configure OpenSSO SP on WebLogic server 10.3.2

    807573
      I tried configuring SP based on OpenSSO (SAML2 spec.) and found that I need to configure:
      - OpenSSO SP (from OpenSSO server admin console)
      - Policy Agent Administrator ( again from OpenSSO console)
      - Agent Profile (OpenSSO console)
      - Installing WebLogic Server Policy Agent (using "agentadmin" utility)
      - Deploying the Agent Application (using weblogic admin console or deployer utility)

      What I did:
      h4. 1) Created a plain WLS domain with only with one server (AdminServer listening on 141.144.176.71:9001)
      h4. 2) Deployed opensso.war onto AdminServer
      h4. 3) configured custom opensso server as:
      amAdmin pass= weblogic1
      SSL Enabled   No
      Host Name   localhost
      Listening Port   50389
      Root Suffix   dc=opensso,dc=java,dc=net
      User Name   cn=Directory Manager
      Directory Name       D:/bea/wls1032/opensso1
      UrlAccessAgent  pass = weblogic1

      h4. 4) Created a "Policy Agent Administrator" on OpenSSO server as:
      +"agentadminuser" pass = weblogic1+

      h4. 5) Created a J2EE agent profile as:
      name = WLS10Agent
      pass = weblogic1
      Configuration = local
      Server URL = http://141.144.176.71:9001/opensso
      Agent URL = http://141.144.176.71:9001/agentapp

      h4. 6) Ran the agentadmin.bat --custom-install as:
      Startup script location :
      D:\bea\wls1032\user_projects\domains\Local_SP\startWebLogic.cmd
      WebLogic Server instance name : AdminServer
      WebLogic home directory : D:\bea\wls1032\wlserver_10.3
      OpenSSO server URL : http://141.144.176.71:9001/opensso
      Agent Installed on Portal domain : false
      Agent URL : http://141.144.176.71:9001/agentapp
      Encryption Key : PE6CjWgYhRn3eqLRNKe66Oq30G9aZjK+
      Agent Profile name : WLS10Agent
      Agent Profile Password file name : D:\wl10agentpw (this file is plain text with weblogic1 as passowrd)


      h5. The output that I get when the agentadmin completes the run is:
      Copy amauthprovider.jar to
      D:\bea\wls1032\wlserver_10.3/server/lib/mbeantypes ...DONE.

      Creating directory layout and configuring Agent file for Agent_001
      instance ...DONE.

      Reading data from file D:\wl10agentpw and encrypting it ...DONE.

      Generating audit log file name ...DONE.

      Creating tag swapped OpenSSOAgentBootstrap.properties file for instance
      Agent_001 ...DONE.

      Configure
      D:/bea/wls1032/user_projects/domains/Local_SP/setAgentEnv_AdminServer.cmd
      +...DONE.+

      Configure
      D:/weblogic_v10_agent_3/j2ee_agents/weblogic_v10_agent/config/OpenSSOAgentBootst
      rap.properties
      +...DONE.+

      Creating the Agent Profile WLS10Agent ...DONE.


      SUMMARY OF AGENT INSTALLATION

      Agent instance name: Agent_001
      Agent Bootstrap file location:
      D:/weblogic_v10_agent_3/j2ee_agents/weblogic_v10_agent/Agent_001/config/OpenSSOA
      gentBootstrap.properties
      Agent Configuration file location
      D:/weblogic_v10_agent_3/j2ee_agents/weblogic_v10_agent/Agent_001/config/OpenSSOA
      gentConfiguration.properties
      Agent Audit directory location:
      D:/weblogic_v10_agent_3/j2ee_agents/weblogic_v10_agent/Agent_001/logs/audit
      Agent Debug directory location:
      D:/weblogic_v10_agent_3/j2ee_agents/weblogic_v10_agent/Agent_001/logs/debug

      h5. This is all with reference to http://docs.sun.com/app/docs/doc/820-4580/6ng1lok82?a=view
      h4. 7) Now, I modify the startWebLogic.cml located at <DOMAIN_HOME>/bin to make a call to "%DOMAIN_HOME%\setAgentEnv_%SERVER_NAME%.cmd
      h4. 8) Restarting the admin server for changes to take effect:
      Now when I restart AdminServer, opensso application fails to get deployed (state=failed). This makes an odd situation wherein I can have either the agent app or the opensso app deployed successfully. What I mean by this is that when I set the ( call "%DOMAIN_HOME%\setAgentEnv_%SERVER_NAME%.cmd" ) in the startWebLogic.cmd and bounce the server, it causes the OpenSSO deployed on same server to fail. And when I comment it out, OpenSSO app comes up but agent app fails to deploy (which is expected owing to the absence of proper classpath as set by the script "%DOMAIN_HOME%\setAgentEnv_%SERVER_NAME%.cmd").

      h5. The error that I am getting when bouncing WLS server (while the script "%DOMAIN_HOME%\setAgentEnv_%SERVER_NAME%.cmd" is being called from startWebLogic.cmd) is:
      +<Apr 21, 2010 9:51:59 PM GMT+05:30> <Error> <Deployer> <BEA-149231> <Unable to s+
      +et the activation state to true for the application 'opensso.war'.+
      +weblogic.application.ModuleException: [HTTP:101216]Servlet: "AMSetupServlet" fai+
      +led to preload on startup in Web application: "opensso.war".+
      +com.sun.identity.security.AMSecurityPropertiesException: AdminTokenAction: FATA+
      +L ERROR: Cannot obtain Application SSO token.+
      +Check AMConfig.properties for the following properties+
      +com.sun.identity.agents.app.username+
      +com.iplanet.am.service.password+

      h5. and the nested exception is:
      +Caused By: com.sun.identity.security.AMSecurityPropertiesException: AdminTokenAc+
      +tion: FATAL ERROR: Cannot obtain Application SSO token.+
      +Check AMConfig.properties for the following properties+
      +com.sun.identity.agents.app.username+
      +com.iplanet.am.service.password+
      +at com.sun.identity.security.AdminTokenAction.run(AdminTokenAction.java:+
      +258)+
      +at com.sun.identity.common.configuration.ConfigurationBase.isLegacy(Conf+
      +igurationBase.java:184)+
      +at com.sun.identity.setup.AMSetupServlet.init(AMSetupServlet.java:170)+
      +at weblogic.servlet.internal.StubSecurityHelper$ServletInitAction.run(St+
      +ubSecurityHelper.java:283)+
      +at weblogic.security.acl.internal.AuthenticatedSubject.doAs(Authenticate+
      +dSubject.java:321)+

      h5. I followed up the workaround for above error mentioned at http://docs.sun.com/app/docs/doc/820-3745/ggyaj?a=view however the issue is still there.
      Can somebody point out what can be missing here?

      Thanks,
      Abid