Enable CDSSO For a Java EE Policy Agent – OpenAM

Procedure to Enable CDSSO For a Java EE Policy Agent
  1. In the OpenAM console, browse to Access Control > Realm Name > Agents > J2EE > Agent Name > SSO.
  2. Select Enable Cross Domain SSO.
  3. Check that the CDSSO Redirect URI is set.

    Depending on where you deployed your Java EE agent application, the default is something like/agentapp/sunwCDSSORedirectURI.

  4. Set the list of URLs for CDSSO Servlet URL to the Cross Domain Controller Servlet URLs of the servers the agent accesses, such as http://openam.example.com:8080/openam/cdcservlet.

    If the agent accesses OpenAM through a load balancer, use the load balancer URLs, such as http://load-balancer.example.com:8080/openam/cdcservlet.

  5. Leave the CDSSO Clock Skew set to 0.

    Make sure instead that the clocks on the servers where you run OpenAM and policy agents are synchronized.

  6. Set the list of URLs for CDSSO Trusted ID Provider to the Cross Domain Controller Servlet URLs of the OpenAM servers the agent accesses, such http://openam.example.com:8080/openam/cdcservlet.

    This list should include one CDC Servlet URL for every OpenAM server the agent might access. You do not need to include site or load balancer URLs.

  7. To protect the SSO token from network snooping, you can select CDSSO Secure Enable to mark the SSO token cookie as secure.

    If you select this, then the SSO token cookie can only be sent over a secure connection (HTTPS).

  8. Add the domains involved in CDSSO in the CDSSO Domain List.
  9. If necessary, update the Agent Root URL for CDSSO list on the Global tab page.

    If the policy agent is on a server with virtual host names, add the virtual host URLs to the list.

    If the policy agent is behind a load balancer, add the load balancer URL to the list.

  10. Save your work.

One thought on “Enable CDSSO For a Java EE Policy Agent – OpenAM

  • March 7, 2014 at 8:47 am

    I have deployed the agentapp war on same tomcat as J2EE agent is inatalled. And intermediate URI is /agentapp/sunwCDSSORedirectURI. During redirection the request processing/redirection is not happening. Instead of redirection I am being shown page with “OpenAM Policy Agent.” content. I dont know what I am doing wrong. If someone can help me I will be grateful.


Leave a Reply

Your email address will not be published. Required fields are marked *