So this will be a technical post. Just ignore this if you want to.

At work we are trying to make managing application security easier to handle. So I started searching for a tool that will allow all of our web application to use a single sign on for authentication. After searching for a while on how Facebook and Twitter do this, I found a application that can do this for us. OpenSSO from Oracle. But they recently stopped support this and decided to move to another piece of software. A company called ForgeRock picked up the software and renamed it to OpenAM. I was finally able to get one of my web applications working on OpenAM using OpenDS for the data store. Just wanted to write some gotchas before I forgot them.

I installed OpenAM Release 9 (2010-February-07) build with OpenDS 2.2.  Both are load-balanced/Replicated on two servers. The first catch was that the particular release of OpenDS has a bug with JDK 1.6.0_21. I had to user an earlier verson in order to get replication working. Once I got OpenDS working, installing OpenAM was a little bit easier. I am still waiting on some URL changes from our LAN/WAN group so that I can setup our Apache QA servers as load-balancers for the OpenAM servers. Once I am finished, I hope to have the following setup below.

Once I have some more time, I will post instructions on how I got everything up and running.