Main Page
Makefile and SSL Configuration for running samples
This Readme contains instructions on how to setup the client machine
and SSL configuration
information to run the samples in SSL mode.
API_SAMPLES_DIR
on different platforms:
- Solaris Sparc/x86 : <install_root>/SUNWam/samples/authenitcation/api
- Linux
: <install_root>/sun/identity/samples/authentication/api
- W2K : <install_root>\samples\authentication\api
CONFIG_DIR setting on different
Platforms:
- Solaris Sparc/x86 : /etc/opt/SUNWam/config
- Linux
: /etc/opt/sun/identity/config
PRODUCT_DIR setting on
different Platforms:
Steps to run compile and execute the Sample
Solaris
Sparc/x86
, Linux,Windows:
- To run the sample program you will need to
modify/verify the following in Makefile:
BASE_DIR |
where Access manager is installed |
JAVA_HOME |
where Java compiler is installed |
DOMAIN
|
organization to login to
|
SHARE_LIB
|
location of Access
Manager jars
|
JSS_JAR_PATH
|
location of
JSS jars
|
JSSPATH
|
location of JSS
libraries
|
Following applies to Cert Sample
only:
|
|
CERTNICKNAME
|
Certificate nick name
|
URL
|
Access Manger Server URL in
https://<host>.<domain>:<port> format
|
PASSWORD
|
Client Certificate DB Password
|
- Copy
AMConfig.properties from Access Manager
server installation machine location CONFIG_DIR to the
client
machine. (Note: For SSL check SSL
Configuration Setup , step 2).
- Update the classpath in Makefile to include location of
AMConfig.properties.
- Create directory "locale " and copy all the property files
from
Access Manager server installation machine's "locale"
directory to the client machine. The locale directory on
the server machine can be found under the PRODUCT_DIR.
- Update the classpath in Makefile to include location
of "locale" files.
- Include jaas.jar in your classpath
if you are using JDK version less than JDK1.4
- To compile,
- Solaris Sparc/x86 , Linux - gmake
- W2K
- make
- To run the sample program, execute
- Solaris Sparc/x86,Linux -
gmake run
- W2K
- make run
SSL Configuration
Setup
Common Configuration
for all SSL Setup
Following applies to LDAP and JCDI Samples :
com.iplanet.am.server.protocol to https
com.iplanet.am.server.port to the
appropriate port on the server machine
Common
Configuration for all JSSE Based Protocol Handler Setup
(Note: To use JSSE Based protocol handler, JDK1.5 or
later has to be used.)
Import trust CA certificate that issued the server certificate into jdk
trust store :
1. Enable a SSL for Cert
authentication as per Cert.txt
2. Get the CA certificate in base64 encoded
format and save as text file
3. Use java keytool to import this
certificate into "default" trust store under
$JAVA_HOME/jre/lib/security/cacerts or user defined trust store.
4. If user defined trust store is
used for the sample, following property has to be set :
-Djavax.net.ssl.trustStore=your-trust-store
5. For details, please reference Keytool
docs. and Configuring
Access Manager in SSL Mode.
Using JSS Based
Protocol Handler
- Enable a SSL port for Cert Authentication as per the
Cert readme file
instructions (if not already done).
- Add this JVM property to the Makefile in the "run"
target
-D
"java.protocol.handler.pkgs=com.iplanet.services.comm"
- Copy
AMConfig.properties from Access
Manager
server installation machine location CONFIG_DIR
to the
client
machine.Edit the following properties in AMConfig.properties
.
com.iplanet.am.admin.cli.certdb.dir=<certificate
database directory>
com.iplanet.am.admin.cli.certdb.prefix=<certificate
database prefix>
- Create or copy certificate database file to the
certificate db directory (directory name in "
com.iplanet.am.admin.cli.certdb.dir )
- Rename the file to have the prefix specified in
"
com.iplanet.am.admin.cli.certdb.prefix"
Using JSSE
Based Protocol Handler with JKS Keystore
- Do
common configuration for all SSL setup
- Do
Common Configuration for all JSSE Based Protocol Handler Setup
- Add this JVM property to the Makefile in the "run"
target
-Djava.protocol.handler.pkgs=com.sun.identity.protocol
-Djavax.net.ssl.keyStoreType=JKS
-Djavax.net.ssl.keyStore=your-jks-keystore
- If the ssl server port is client auth enabled, add this
JVM property to the Makefile in the "run"
target
or, application will prompt for password.
-Djavax.net.ssl.keyStorePassword=your-passwd
- Or,
-Djavax.net.ssl.keyStorePasswordFile=passwdfile
- Create or copy jks keystore file to the
keystore directory (directory name in "
javax.net.ssl.keyStore )
Using JSSE
Based Protocol Handler with PKCS#12 Keystore
- Do
common configuration for all SSL setup
- Do
Common Configuration for all JSSE Based Protocol Handler Setup
- Add this JVM property to the Makefile in the "run"
target
-Djava.protocol.handler.pkgs=com.sun.identity.protocol
-Djavax.net.ssl.keyStoreType=PKCS12
-Djavax.net.ssl.keyStore=your-keystore.p12
- If the ssl server port is client auth enabled, add this
JVM property to the Makefile in the "run"
target
or, application will prompt for password.
-Djavax.net.ssl.keyStorePassword=your-passwd
- Or,
-Djavax.net.ssl.keyStorePasswordFile=passwdfile
- Create or copy pkcs#12 keystore file to the
keystore directory (directory name in "
javax.net.ssl.keyStore )
Using JSSE
Based Protocol Handler with PKCS#11 Keystore
- Do
common configuration for all SSL setup
- Do
Common Configuration for all JSSE Based Protocol Handler Setup
- Create pkcs#11 configuration file
Example :
name = NSS
slot = 2
library =
/usr/lib/mps/secv1/libsoftokn3.so
nssArgs =
"configdir='dir-to-certdb' certPrefix='' keyPrefix=''
secmod='secmod.db' flags=readOnly"
disabledMechanisms = {
CKM_DSA_SHA1
}
- Add this pkcs#11 provider to the java.security file
Example :
security.provider.1=sun.security.pkcs11.SunPKCS11
/path-to-my-pkcs11/mypkcs11.cfg - Add this JVM property to the
Makefile in the "run"
target
-Djava.protocol.handler.pkgs=com.sun.identity.protocol
-Djavax.net.ssl.keyStoreType=PKCS11
-Djavax.net.ssl.keyStore=NONE
- If the ssl server port is client auth enabled, add this
JVM property to the Makefile in the "run"
target
or, application will prompt for password.
-Djavax.net.ssl.keyStorePassword=your-passwd
- Or,
-Djavax.net.ssl.keyStorePasswordFile=passwdfile
- Copy
AMConfig.properties from Access
Manager
server installation machine location CONFIG_DIR
to the
client
machine.Edit the following properties in AMConfig.properties
.
com.iplanet.am.admin.cli.certdb.dir=<certificate
database directory>
com.iplanet.am.admin.cli.certdb.prefix=<certificate
database prefix>
- Create or copy certificate database file to the
certificate db directory (directory name in "
com.iplanet.am.admin.cli.certdb.dir )
- Rename the file to have the prefix specified in
"
com.iplanet.am.admin.cli.certdb.prefix"
For the details, please reference the Remote Client API
Java Docs. |