GateIn and OpenAM integration

Version 4

    WARNING: GateIn and OpenAM integration is now officially supported and it's documented in GateIn reference guide https://docs.jboss.org/author/display/GTNPORTAL35/OpenAM  where are latest informations. This wiki page is no longer maintained and may have outdated info.

    GateIn portal supports couple of SSO solutions. Namely it supports SSO frameworks CASJOSSO and OpenSSO. Exact steps for integration are described in reference guide in SSO section. So these 3 frameworks are officialy supported, but it's also possible to integrate GateIn with OpenAM framework.

     

    OpenAM project is maintained by ForgeRock and it is successor of OpenSSO project. OpenSSO has been created by Sun, but Oracle decide to discontinue development. So ForgeRock have renamed new project to OpenAM, because Oracle still have rights to the name OpenSSO. OpenAM is defacto based on OpenSSO and so many things are same or very similar. And integration of OpenAM with GateIn portal is also possible without doing any major tweaks or changes with comparison to OpenSSO. There are only some details, which are different for OpenAM.

     

    Steps for integration

     

    1) Download OpenAM WAR from http://forgerock.com/downloads.html . GateIn has been tested with OpenAM 9.5.2.

     

    2) Do steps for OpenSSO integration with GateIn as described in reference guide . We are assuming that GateIn portal is on JBoss on localhost:8080 and OpenAM is on Tomcat on localhost:8888 as described in reference guide.

     

    Only differences are:

     

    • Then do all steps in section 6.6.4 for OpenSSO. Since OpenAM user interface is little different than for OpenSSO, there is small change for section 6.6.4.1.2 and step 6 (Configure "gatein" realm) . In OpenAM you need to change UserProfile from "Required" to "Dynamic" in gatein realm by: Going to gatein realm -> Tab "Authentication" -> Button "All core settings" . There is no link "Advanced properties" as in OpenSSO. So this is only small difference in UI of OpenAM.

     

    • All other steps are same for OpenAM as for OpenSSO.

     

    Warning: It seems that OpenAM consumes more memory than OpenSSO. If you will see that OpenAM GUI is not responding and you will see OutOfMemoryError in log of Tomcat server where OpenAM is running (log is in file $TOMCAT_HOME/log/catalina.out ) , you will need to increase memory for OpenAM. It can be done in file $TOMCAT_HOME/bin/catalina.sh by adding options like -Xms1024m -Xmx1024m -XX:MaxPermSize=256m into line with JAVA_OPTS. Whole line can look like this

     

    JAVA_OPTS="$JAVA_OPTS -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Xms1024m -Xmx1024m -XX:MaxPermSize=256m"