GoVeg.com

Friday, February 27, 2009

Using IDM 8.0 - part 5 - Administering Identity Manager

This is a screenshot of http://identity-manager-80.catalogne.org:8080/idm/login.jsp

Using IDM 8.0 - part 4 - Documentation

IDM_Release_Notes_8-0.pdf
IDM_Resource_Reference_8-0.pdf
IDM_SPE_Deployment_8-0.pdf
IDM_Technical_Deployment_Overview_8-0.pdf
IDM_Administration_8-0.pdf
IDM_Tuning_Troubleshooting_8-0.pdf
IDM_DeploymentTools_8-0.pdf
IDM_Upgrade_8-0.pdf
IDM_Installation_8-0.pdf
IDM_Workflows_Forms_Views_8-0.pdf

You can get the doc in the same location that the software(sun.com).

Using IDM 8.0 - part 3 - Software

  • Identity Manager 8.0
IDM_8_0_0_0.zip
  • MySQL 5 (on OpenSolaris 2008.11)
mysql-5.1.31-solaris10-i386.tar
  • Apache Tomcat 6
apache-tomcat-6.0.18.zip
  • Java Activation Framework
jaf-1_0_2-upd2.zip
and more specifically activation.jar to be copied into /opt/apache-tomcat-6.0.18/webapps/idm/WEB-INF/lib
  • Java Mail
javamail-1_4_1.zip
and more specifically mail.jar to be copied into /opt/apache-tomcat-6.0.18/webapps/idm/WEB-INF/lib
  • Open Message Queue
mq4_3-installer-SunOS_X86.zip
and more specifically jms.jar to be copied into /opt/apache-tomcat-6.0.18/webapps/idm/WEB-INF/lib
  • MySQL jdbc driver
mysql-connector-java-5.1.6-bin.jar to be copied into /opt/apache-tomcat-6.0.18/webapps/idm/WEB-INF/lib

The 4 jars(activation.jar, mail.jar, jms.jar and mysql-connector-java-5.1.6-bin.jar) were archived for later use.

Using IDM 8.0 - part 2 - Displaying the waveset database

  • Displaying the contents of waveset

root@identity-manager-80:/opt/mysql-5.1.31# bin/mysqlshow waveset
+------------+
| Tables |
+------------+
| account |
| acctattr |
| acctchange |
| attribute |
| entattr |
| entchange |
| entitle |
| log |
| logattr |
| objchange |
| object |
| org |
| orgattr |
| orgchange |
| qattr |
| qchange |
| queue |
| roleattr |
| rolechange |
| roleobj |
| slogattr |
| syslog |
| task |
| taskattr |
| taskchange |
| userattr |
| userchange |
| userobj |
+------------+


Using IDM 8.0 - part 1 - Starting and Stopping MySQL and Tomcat

  • Starting MySQL

root@identity-manager-80:~# cd /opt/mysql-5.1.31
root@identity-manager-80:/opt/mysql-5.1.31# bin/mysqld_safe --user=mysql
090227 15:22:19 mysqld_safe Logging to '/opt/mysql-5.1.31/data/identity-manager-80.err'.
090227 15:22:19 mysqld_safe Starting mysqld daemon with databases from /opt/mysql-5.1.31/data


Comment(s) :

  1. It seems not possible to start mysql
    with /opt/mysql-5.1.31/bin/mysqld_safe --user=mysql
    a cd is necessary in /opt/mysql-5.1.31
    or maybe using a environment variable ?
  • Starting Identity Manager(Tomcat)
-Edit catalina.sh and and define the JAVA_HOME environment variable or define the variable into your environment.
JAVA_HOME=/usr/jdk/latest

root@identity-manager-80:~# /opt/apache-tomcat-6.0.18/bin/catalina.sh run
Using CATALINA_BASE: /opt/apache-tomcat-6.0.18
Using CATALINA_HOME: /opt/apache-tomcat-6.0.18
Using CATALINA_TMPDIR: /opt/apache-tomcat-6.0.18/temp
Using JRE_HOME: /usr/jdk/latest
Feb 26, 2009 1:39:11 PM org.apache.catalina.core.AprLifecycleListener init
INFO: The APR based Apache Tomcat Native library which allows optimal performance in production environments was not found on the java.library.path: /usr/jdk/instances/jdk1.6.0_12/jre/lib/i386/server:/usr/jdk/instances/jdk1.6.0_12/jre/lib/i386:/usr/jdk/instances/jdk1.6.0_12/jre/../lib/i386:/usr/jdk/packages/lib/i386:/lib:/usr/lib
Feb 26, 2009 1:39:11 PM org.apache.coyote.http11.Http11Protocol init
INFO: Initializing Coyote HTTP/1.1 on http-8080
Feb 26, 2009 1:39:11 PM org.apache.catalina.startup.Catalina load
INFO: Initialization processed in 637 ms
Feb 26, 2009 1:39:11 PM org.apache.catalina.core.StandardService start
INFO: Starting service Catalina
Feb 26, 2009 1:39:11 PM org.apache.catalina.core.StandardEngine start
INFO: Starting Servlet Engine: Apache Tomcat/6.0.18
Feb 26, 2009 1:39:12 PM org.apache.catalina.loader.WebappClassLoader validateJarFile
INFO: validateJarFile(/opt/apache-tomcat-6.0.18/webapps/idm/WEB-INF/lib/j2ee.jar) - jar not loaded. See Servlet Spec 2.3, section 9.7.2. Offending class: javax/servlet/Servlet.class
Constructing Startup Servlet...
Initializing Startup Servlet...
Defining system properties...
StartupServlet: programmatically derived waveset.home=file:/opt/apache-tomcat-6.0.18/webapps/idm/
StartupServlet: Defining properties from web.xml
Starting: Identity Server...
...Finished starting Startup Servlet
Feb 26, 2009 1:39:18 PM org.apache.coyote.http11.Http11Protocol start
INFO: Starting Coyote HTTP/1.1 on http-8080
Feb 26, 2009 1:39:18 PM org.apache.jk.common.ChannelSocket init
INFO: JK: ajp13 listening on /0.0.0.0:8009
Feb 26, 2009 1:39:18 PM org.apache.jk.server.JkMain start
INFO: Jk running ID=0 time=0/12 config=null
Feb 26, 2009 1:39:18 PM org.apache.catalina.startup.Catalina start
INFO: Server startup in 7312 ms


  • Stopping MySQL

root@identity-manager-80:~# cd /opt/mysql-5.1.31/
root@identity-manager-80:/opt/mysql-5.1.31# bin/mysqladmin -u root shutdown

  • Stopping Tomcat

root@identity-manager-80:~# /opt/apache-tomcat-6.0.18/bin/shutdown.sh
Using CATALINA_BASE: /opt/apache-tomcat-6.0.18
Using CATALINA_HOME: /opt/apache-tomcat-6.0.18
Using CATALINA_TMPDIR: /opt/apache-tomcat-6.0.18/temp
Using JRE_HOME: /usr/jdk/latest

  • What does happen if mysql is not running ?
Identity Manager does not work at all(of course !)
Starting: Identity Server...
com.waveset.util.ConfigurationError:
==> com.mysql.jdbc.exceptions.jdbc4.CommunicationsException: Communications link failure

Last packet sent to the server was 0 ms ago.
...
...
...

  • URLs to access Identity Manager :
http://identity-manager-80.catalogne.org:8080/idm/login.jsp
http://identity-manager-80.catalogne.org:8080/idm/user/login.jsp

*configurator/configurator*---renamed to config
config/secret---don't use it
*administrator/administrator*---renamed to admin
admin/secret---don't use it

users to be used(for security reason)
myconfig/password
myadmin/password

Two new users were created. myconfig and myadmin and the original configurator and administrator were renamed to config and admin. The password of config and admin were changed.

Friday, February 6, 2009

Support of OpenSSO enterprise

Bert Van Beeck :

You get opensso express support when you have the opensso enterprise licence.

Opensso express is more than just the community support.
It's the same support you get from the commercial version (you are able to call sun support for help, etc ...) - which you can not in the pure opensource mode.
The only difference with the enterprise support is that you can not get hot patches to install on top of your express build, for that you need to wait till the next stable express build and deploy the new version.
(this is now easy as it is a full .war file).

Enterprise support means sun makes hot patches and makes those available immediatly. We can not make hot stable patches on a product that is still evolving, but we can help out with questions and issues.

so in a nutshell:

opensso community : only irc, mailinglists, blogs, everything you can find on the internet
opensso express : same as community + the ability to call sun for support for particular "express builds" of opensso
opensso enterprise : same as express + the availability of hot patches

The main difference is that you now get support for a product in development,
which is a huge difference than it was before.

It allows companies that wanna have the latest and best features from an express build (release very regularly) to still have a form of support and indemnification, whereas with the enterprise version they need to wait for it to release.

Rudy :

"You get opensso express support when you have the opensso enterprise licence."
so express support means having an enterprise license... you cannot buy express support apart...

more at Sun OpenSSO Express - wikis.sun.com

-Rudy-

OpenSSO express VS OpenSSO Enterprise

excerpt from Sun OpenSSO Express - wikis.sun.com

Q: What is the difference between "Sun OpenSSO Enterprise" and "Sun OpenSSO Express"?

"OpenSSO Enterprise" corresponds to a commercial build, that is released every 12 - 15 months and has undergone extensive automated testing and manual testing by Sun QA Engineering. "OpenSSO Express" builds are released every 3 months and receive extensive automated testing and moderate manual testing by Sun QA Engineering.

- "OpenSSO Express" builds are stable, but "OpenSSO Enterprise" benefits from more rigorous testing. For "OpenSSO Enterprise", more deployment scenarios are tested and additional performance tests are conducted.
- Customers can avail support from Sun for both "Sun OpenSSO Express" and "Sun OpenSSO Enterprise", but patches/upgrades are provided for "Sun OpenSSO Enterprise" only. With "OpenSSO Express", the fixes are made available in one of future express builds - which may include new features built since the last express release.
- Upgrade path for "OpenSSO Enterprise" is available, where as no upgrade path is provided between one "OpenSSO Express" build and another. Similarly, there is no upgrade path provided between "OpenSSO Express" and "OpenSSO Enterprise".
- Both "OpenSSO Express" and "OpenSSO Enterprise" guarantee backward compatibility with a prior commercial release - but backward compatibility is not guaranteed for new features added in Express releases. These new features are appropriately detailed in release notes.

-Rudy-