This document specifically addresses the workaround for the
opensso issue 4094, yet this document can be used to configure the
Opensso Server against an existing Sun Java System Directory Server
Enterprise Edition. (DSEE). FYI. Issue 4094 is already fixed in the OpenSSO nightly that happened after Nov 6th 2008.

1.0 Prerequisites

      In order to successfully configure two or more of the OpenSSO
      server web applications pointing to a DSEE server, one should have
      done the following

    • Installed and configured the DSEE (in this case

    • Created a empty root suffix, this would be the suffix of
      OpenSSO server(in this case dc=opensso,dc=java,dc=net)

    • A valid DN that has the read/write access to the suffix and
      has a privilege to load custom LDAP schema( in this case I am
      using cn=directory manager for simplicity, in the production
      customers will be using the least privileged user than the
      directory manager)

    • Deployed two instances of OpenSSO servers(in this case ans

    • OpenSSO admin user amadmin’s password (secret12)is different
      from DSEE Bind DN(dssecret)

2.0 Configure first OpenSSO server

To configure the first server simply access the configurator
using a supported web browser, for eg: Firefox 2, I have annotated the images where ever appropriate, I hope there is no further explanation is required.

Step 1

Step 2

Step 3

Step 4

Step 5

Step 6

Step 7

Step 8

3.0 Configuring the second OpenSSO

Before proceeding with the second server configuration , you should make sure the first server is up and running , by logging in to the console as amadmin.  When you are there copy the encryption key from server one , this key will be used  while configuring the second server.

How can you obtain the encryption key(am.encryption.pwd)

Step 9

Step 10

Step 11

In the next screen you will be noticing two Radio buttons, usually for the second and more servers addition to an existing configuration one would select the Add to Existing deployment, this will work perfectly fine in all the scenarios except the scenario as described in the issue 4094. Issue 4094 is already fixed in the OpenSSO nightly that happened after Nov 6th 2008. In build 6 to workaround the issue 4094 Please dont select the option of ‘Add to Existing deployment’ instead follow the rest of this procedure

Step 12

Step 13

Even though we are again entering the same information there will no duplicate datastore entry will be created in the configuration,

so here we need to enter this again to make the configurator happy:-)

Step 14

Step 15

Step 16

Step 17

Step 18

Finally you need to restart both servers to complete the multi server configuration with site. After restart you will be able to access the

servers using the individual URLs as well as from the LB url