Now that you have read about the SSO process, you should be able to set it up on a server configured with OpenAM and a web service protected by an OpenAM agent. The following procedure assumes that you know how to configure OpenAM, the Apache Web server, and associated OpenAM Apache agent.
Procedure 9.1. Configure SSO on One Domain
-
Install OpenAM as described in the OpenAM Installation Guide. This procedure uses a Server URL of
http://openam.example.net:8080/openam. -
Install the appropriate policy agent, as described in the OpenAM Web Policy Agent Installation Guide or OpenAM Java EE Policy Agent Installation Guide. This procedure uses an agent URL of
http://app.example.net:80, and an agent name ofwebagent1. -
Make sure that both URLs are configured with IP addresses, as described in the chapter on Installing OpenAM Core Services.
-
Return to the OpenAM server on
http://openam.example.net:8080/openam. Log in as the administrative user, normallyamadmin. To activate and configure the agent, follow the procedure described in the OpenAM Web Policy Agent Installation Guide or OpenAM Java EE Policy Agent Installation Guide. -
Now you can configure SSO Only mode. In the OpenAM console, click Access Control >
Realm Name> Agents >webagent1. Scroll down to SSO Only Mode and activate the Enabled box. -
Save your changes.
-
Make sure you have configured the SSO domain, in this case,
example.net. Click Configuration > System > Platform. Make sureexample.net(or your chosen domain) is selected as a cookie domain. -
Save your changes.
-
Restart the web server. The agent should be active. You should now be able to log out of the OpenAM server.
-
Verify the agent URL, in this case,
http://app.example.net. The OpenAM web agent should now redirect requests to the OpenAM server.
If you want to configure OpenAM and an application on two different cookie domains, such as example.org
and example.net, you will need to set up Cross-Domain SSO (CDSSO). For more
information, see the chapter on
Configuring Cross-Domain Single Sign On.
