OpenSSO/OpenDS on RHEL 5

So this will be a technical post. Just ignore this if you want to.

At work we are trying to make managing application security easier to handle. So I started searching for a tool that will allow all of our web application to use a single sign on for authentication. After searching for a while on how Facebook and Twitter do this, I found a application that can do this for us. OpenSSO from Oracle. But they recently stopped support this and decided to move to another piece of software. A company called ForgeRock picked up the software and renamed it to OpenAM. I was finally able to get one of my web applications working on OpenAM using OpenDS for the data store. Just wanted to write some gotchas before I forgot them.

I installed OpenAM Release 9 (2010-February-07) build with OpenDS 2.2.  Both are load-balanced/Replicated on two servers. The first catch was that the particular release of OpenDS has a bug with JDK 1.6.0_21. I had to user an earlier verson in order to get replication working. Once I got OpenDS working, installing OpenAM was a little bit easier. I am still waiting on some URL changes from our LAN/WAN group so that I can setup our Apache QA servers as load-balancers for the OpenAM servers. Once I am finished, I hope to have the following setup below.

Once I have some more time, I will post instructions on how I got everything up and running.


  1. When you say you had to use an earlier version, you meant you had to use an earlier version of the Java run time, not OpenDS.
    This said, this is now fixed in OpenDS trunk and I’ve just posted a warning on my blog today.

Comments are closed.