Previous      Contents      Index      Next
Sun Java Enterprise System 2003Q4 Deployment Example Series: Evaluation Scenario

Chapter 7
Configuring Proxy Authentication

This chapter describes how to configure proxy authentication for the portal desktop, the messaging service, and the calendar service.

This chapter contains the following sections:

Configuring the Portal Calendar Channel for Proxy Authentication
Configuring the Portal Mail Channel for Proxy Authentication
Configuring Messaging Server for Proxy Authentication
Configuring Calendar Server for Proxy Authentication
Verifying Proxy Authentication

---

About Proxy Authentication

The default portal desktop has mail and calendar channels that connect to services provided by Messaging Server and Calendar Server. Each time a user refreshes the portal desktop, the mail and calendar channels connect to their respective back-end services and retrieve mail and calendar information.

Configuring proxy authentication for these channels enables a fuller display of mail and calendar information in the portal desktop. It also enables users to launch Messenger Express and Calender Express directly from the portal desktop.

To enable proxy authentication you must perform the following configuration:

Configure both portal channels to use the SSO Adapter service, and define proxy users for both channels.
Configure Messaging Server and Calendar Server to accept requests from the proxy users.

The proxy user account acts as a trusted agent on behalf of end users. The proxy user accounts in Messaging Server and Calendar Server exist to provide end-user authentication without the need for authentication of end-user passwords.

When you register the proxy user’s name and password with the Portal Server Mail and Calendar channel SSO Adapter templates, end users who access the portal desktop can launch the mail and calendar services from the desktop without logging in again.

---

Configuring the Portal Calendar Channel for Proxy Authentication

To enable proxy authentication for the sample portal Calendar channel, configure the SSO Adapter Service through the Identity Server console.

    To Configure the Portal Calendar Channel for the SSO Adapter Service

In your web browser, open this URL:

http://allinone.example.com:81/portal/

The Identity Server login page opens.

In the Identity Server login page, enter the following values:
User Name: amadmin
Password: password

Click Log In. The Identity Server console window opens.

Click the Service Configuration tab.

The Identity Server Services are displayed.

Scroll down in the left pane. Locate the SSO Adapter, and then click the arrow symbol that follows the name SSO Adapter.

The display refreshes. The right pane displays the SSO Adapter Service properties. Your display should resemble Figure 7-1.

Figure 7-1  SSO Adapter Properties



Edit the SUN-ONE-CALENDAR configuration properties. In the Global Properties section, find the SSO Adapter Templates field. Click the line that contains the SUN-ONE-CALENDAR configuration properties. This line is selected in Figure 7-1.

An editable copy of the line is displayed in the editable field below the list of Global Properties. Use this editable field to edit the text:

Tip	Use a text editor to make the changes. Go to the editable field below the list of properties and select the entire properties string. Right-click the selected properties string and choose Copy. Paste the text into a text editor window and make the changes described in Step 5.

Find merge=host&. Change the value to default=host&.
Find merge=port&. Change the value to default=port&.
Find merge=clientPort&. Change the value to default=clientPort&.
Find enableProxyAuth=false&. Change the value to enableProxyAuth=true&.
Find proxyAdminUid=[PROXY-ADMIN-UID]&. Change the value to proxyAdminUid=calmaster&.
Find proxyAdminPassword=[PROXY-ADMIN_PASSWORD]&. Change the value to proxyAdminPassword=password&.
Find userAttribute=uid. Change the value to userAttribute=uid&.

Add the & at the end.

Add the following name/value pair entries to the end of the properties string:

host=allinone.example.com&
clientPort=89&
port=89

There is no & at the end of the last entry.

Tip	After you use a text editor make the changes described in Step 5, select the text in the editor and copy it. Paste the text back into the Identity Server console window’s editable field.

After you edit the text in the editable field, click Add.

A new line is added to the Adapter SSO Templates field. Notice that the original line is not changed or deleted.

Locate the original parameter line and click Remove.

The original line is deleted.

Click Save to apply your changes.

---

Configuring the Portal Mail Channel for Proxy Authentication

To enable proxy authentication for the sample portal Mail channel, you configure the SSO Adapter Service through the Identity Server console.

    To Configure the Portal Mail Channel for the SSO Adapter Service

Edit the SUN-ONE-MAIL IMAP configuration properties. In the Global Properties section, click the entry that contains the default|imap:///?configName=SUN-ONE-MAIL configuration properties.

An editable copy of the entry is displayed in the editable field below the list of Global Properties. Edit the text in the editable field:

Tip	Use a text editor to make the changes. Go to the editable field below the list of properties and select the entire properties string. Right-click the selected properties string and choose Copy. Paste the text into a text editor window and make the changes described in Step 1.

Find merge=host&. Change the value to default=host&.
Find merge=clientPort&. Change the value to default=clientPort&.
Find enableProxyAuth=false&. Change the value to enableProxyAuth=true&.
Find proxyAdminUid=[PROXY-ADMIN-UID]&. Change the value to proxyAdminUid=admin&.
Find proxyAdminPassword=[PROXY-ADMIN_PASSWORD]&. Change the value to proxyAdminPassword=password&.
Find default=domain. Change the value to default=domain&.

Add the & at the end.

Add the following name/value pair entries to the end of the properties string:

host=allinone.example.com&
clientPort=88

There is no & at the end of the last entry.

Tip	After you use a text editor make the changes described in Step 1, select the text in the editor and copy it. Paste the text back into the Identity Server console window’s editable field.

After you edit the text in the editable field, click Add.

A new line is added to the Adapter SSO Templates field. Notice that the original line is not changed or deleted.

Locate the original parameter line and click Remove.

The original line is deleted.

Click Save to apply your changes.
Navigate to the Sun ONE Application Server directory:

cd /var/opt/SUNWappserver7/domains/domain1/server1/bin

Stop and restart Application Server:

./stopserv

./startserv

Restarting Application Server also restarts Portal Server.

---

Configuring Messaging Server for Proxy Authentication

    To Configure Messaging Server for Proxy Authentication

Navigate to the Sun ONE Messaging Server directory:

cd /opt/SUNWmsgsr/sbin

Run the following configutil commands for the mail configuration.

./configutil -o store.admins admin

su mailsrv

./configutil -o service.http.allowadminproxy -v yes

The first configutil command permits the admin user ID to be able to manage the Messaging Server message store. The message store contains the user mailboxes for a particular Messaging Server instance. The second configutil command enables admin proxy authentication.

Stop Sun ONE Messaging Server.

./stop-msg

Restart Sun ONE Messaging Server.

./start-msg

---

Configuring Calendar Server for Proxy Authentication

    To Configure Calendar Server for Proxy Authentication

Cd to the Calendar Server directory:

cd /etc/opt/SUNWics5/config

Edit the /ics.conf file as follows:
Find the service.http.allowadminproxy parameter. Make sure it is uncommented. Make sure its value is set to yes:

service.http.allowadminproxy=”yes”

Find the service.admin.calmaster.userid parameter. Make sure it is uncommented. Make sure its value is set to calmaster:

service.admin.calmaster.userid=”calmaster”

Find the service.admin.calmaster.cred parameter. Make sure it is uncommented. Make sure its value is set to password. If you are using a different password, remember to substitute your password value.

service.admin.calmaster.cred=”password”

Cd to the Sun ONE Calendar Server directory.

cd /opt/SUNWics5/cal/sbin

Stop Sun ONE Calendar Server.

./stop-cal

Restart Sun ONE Calendar Server.

./start-cal

---

Verifying Proxy Authentication

In this section, you log in to the portal desktop and verify that you can access Messenger Express and Calendar Express.

    To Verify Proxy Authentication

In your web browser, open this URL:

http://allinone.example.com:81/portal

This opens the sample portal desktop.

Tip	Remember to substitute the host and domain that you are using.

In the sample portal desktop, use the Member Login fields to log in. Type the following values:
User Name: scott
Password: password
The sample desktop refreshes. The Calendar and Mail channels display the appropriate information for your Java Enterprise System user. Your display should resemble Figure 7-2.

Figure 7-2  Sample Portal Desktop



Click Launch Calendar.

The Calender Express main window opens. This verifies that proxy authentication is configured correctly for Sun ONE Calendar Server.

Click Launch Mail.

The Messenger Express main window opens. This verifies that proxy authentication is configured correctly for Sun ONE Messaging Server.

Click Log out.

You have completed the evaluation deployment example.

Previous      Contents      Index      Next

---

Copyright 2004 Sun Microsystems, Inc. All rights reserved.