Copyright      Index      Next
Sun Java System Portal Server 6 2004Q2 Secure Remote Access Administration Guide

Contents

List of Figures

List of Tables

List of Procedures

About This Guide

Who Should Read This Guide

What You Need to Know

How This Book is Organized

Document Conventions Used in This Guide

Monospaced Font

Italicized Font

Square or Straight Brackets

Command-Line Prompts

Where to Find Related Information

Related Third-Party Web Site References

Where to Find This Guide Online

Chapter 1   Introduction to Portal Server Secure Remote Access

Overview of SRA Software

Open Mode

Secure Mode

SRA Services

Gateway

Rewriter

NetFile

Netlet

Proxylet

Administering the SRA Product

Configuring SRA Attributes

Setting Conflict Resolution

Supported Applications

Chapter 2   The Gateway

Overview of the Gateway

Creating a Gateway Profile

Understanding the platform.conf File

Running the Gateway in the chroot Environment

Restarting Gateway in the chroot Environment

Creating Multiple Instances of a Gateway

Creating Multi-homed Gateway Instances

Creating Gateway Instances Using the Same LDAP

Starting and Stopping the Gateway

Restarting the Gateway

Specifying a Virtual Host

Specifying a Proxy to Contact the Identity Server

Using Web Proxies

Using Automatic Proxy Configuration

Using a Netlet Proxy

Creating Instances of a Netlet Proxy

Enabling a Netlet Proxy

Restarting a Netlet Proxy

Using a Rewriter Proxy

Creating Instances of a Rewriter Proxy

Enabling a Rewriter Proxy

Restarting a Rewriter Proxy

Using a Reverse Proxy with the Gateway

Obtaining Client Information

Using Authentication Chaining

Using Wild Card Certificates

Disabling Browser Caching

Customizing the Gateway Service User Interface

Using Federation Management

Federation Management Scenario

Configuring Federation Management Resources

Chapter 3   Proxylet and Rewriter

Overview of Proxylet

Advantages of Using Proxylet

Configuring Proxylet

Overview of Rewriter

Character Set Encoding

Rewriter Usage Scenarios

URLScraper

The Gateway

Writing Rulesets

Public Interface (RuleSet DTD)

Sample XML DTD

Procedure to Write Rules

Ruleset Guidelines

Defining the RuleSet Root Element

Using the Recursive Feature

Defining Language Based Rules (Defining Rules)

Rules for HTML Content

Rules for JavaScript Content

Rules for XML Content

Rules for Cascading Style Sheets

Rules for WML

Using the Recursive Feature

Configuring Rewriter in the Gateway Service

Basic Tasks

Advanced Tasks

Troubleshooting Using Debug Logs

Setting the Rewriter Debug Level

Debug File Names

Working Samples

Samples for HTML Content

Samples for JavaScript Content

Sample for XML Attributes

Case Study

Mapping of 6.x RuleSet with 3.0

Chapter 4   NetFile

Overview of NetFile

Supported File Access Protocols

Enabling Access to NetFile

Enabling Logging for NetFile

Configure UNIX Authentication

Chapter 5   Netlet

Overview of Netlet

Netlet Components

Netlet Usage Scenario

Working With Netlet

Downloading an Applet From a Remote Host

Defining Netlet Rules

Types of Rules

Netlet Rule Examples

Sample Netlet Rules

Enabling Netlet Logging

Running Netlet in a Sun Ray Environment

New HTML File

Deprecated HTML File:

Chapter 6   Netlet With PDC

Configuring Netlet for PDC

Chapter 7   Certificates

Overview of SSL Certificates

Certificate Files

Certificate Trust Attributes

CA Trust Attributes

The certadmin Script

Generating Self-Signed Certificates

Generating a Certificate Signing Request (CSR)

Adding a Root CA Certificate

Installing SSL Certificates From the Certificate Authority

Ordering a Certificate from a CA

Installing a Certificate from a CA

Deleting a Certificate

Modifying the Trust Attributes of a Certificate

Listing Root CA Certificates

Listing All Certificates

Printing a Certificate

Chapter 8   Configuring URL Access Control

Set up a Denied URLs List

Set up a Allowed URLs List

Manage Single Sign-On

Chapter 9   Configuring the Gateway

The Core Tab

Enable HTTP and HTTPS Connections

Enable and Create a List of Rewriter Proxies

Enable Netlet

Enable and Create a List of Netlet Proxies

Enable Proxylet

Enable Cookie Management

Enable HTTP Basic Authentication

Enable Persistent HTTP Connections

Specify the Maximum Number of Requests per Persistent Connection

Specify Timeout for Persistent Socket Connections

Specify Grace Timeout to Account for Turnaround Time

Create Forward User Session Cookie to the URL List

Specify the Maximum Connection Queue Length

Specify the Gateway Timeout

Specify the Maximum Thread Pool Size

Specify the Cached Socket Timeout

Create List of Portal Servers

Specify Server Retry Interval

Enable Storage of External Server Cookies

Obtaining of a Session from a URL

Enable Marking Cookies as Secure

The Proxies Tab

Enable Usage of Web Proxies

Create List of URLS for Webproxies

Create List of URLs for Proxies Not to be Used

Create List of Proxies for Domains and Subdomains

Create List of Proxy Passwords

Enable Automatic Proxy Configuration Support

Specify Automatic Proxy Configuration File Location

Enable Netlet Tunneling via Web Proxy

The Security Tab

Create List of Non-authenticated URLs

Create List of Certificate-Enabled Gateway Hosts

Allow 40-bit Encryption Connections

Enable SSL Version 2.0

Enable SSL Cipher Selection

Enable SSL Version 3.0

Enable Null Ciphers

Create List of Trusted SSL Domains

Configure Personal Digital Certificate (PDC) Authentication

The Rewriter Tab

Enable Rewriting of All URLs

Create List of URIs to RuleSet Mappings

Create List of MIME Types to Parse

Specify the Default Domain and Subdomain

Create List of URIs Not to Rewrite

Enable MIME Guessing

Create List of URI Mappings to Parse

Enable Masking

Specify the Masking Seed String

Create List of URIs Not to Mask

Make a Gateway Protocol the Same as the Original URI Protocol

The Logging Tab

Enable Logging

Enable Netlet Logging

Chapter 10   Configuring NetFile

The Hosts Tab

Specify the OS Character Set

Specify Host Detection Order

Configure a Common Hosts List

Specify the Default Domain

Specify the Windows Domain/Workgroup

Specify the Default WINS/DNS Server

Specify Access to Different Types of Hosts

Configure the Allowed Hosts List

Configure the Denied Hosts List

The Permissions Tab

The View Tab

Specify the NetFile Window Size

Specify the NetFile Window Location

The Operations Tab

Specify the Temporary Files Directory

Set the File Upload Size Limit

Specify the Search Directories Limit

Specify Compression

The General Tab

Specify the MIME-types Configuration File Location

Enable Debugging for NetFile

Chapter 11   Configuring Netlet

Assign Netlet Service to a User

Add a Netlet Rule

Modify an Existing Netlet Rule

Delete a Netlet Rule

Specify the Default Encryption Cipher

Assign the Default Loopback Port

Enable Reauthentication for Connections

Enable Warning Popup Dialog Box for Connections

Enable the Display Checkbox in Port Warning Dialog

Set the Keep Alive Interval

Set the Terminate Netlet at Portal Logout Option

Define Access to Netlet Rules

Denying Access to Netlet Rules

Allow Access to Hosts

Deny Access to Hosts

Proxy Configuration

Enable Debug Logging

Chapter 12   Configuring Proxylet

Configuring Proxylet

Chapter 13   Configuring SSL Accelerators

Overview

Sun Crypto Accelerator 1000

Enable Crypto Accelerator 1000

Configure Crypto Accelerator 1000

Sun Crypto Accelerator 4000

Enable Crypto Accelerator 4000

Configure Crypto Accelerator 4000

External SSL Device and Proxy Accelerators

Enable an External SSL Device Accelerator

Configure an External SSL Device Accelerator

Appendix A   Log Files
Appendix B   Configuration Attributes

Access List Service

Gateway Service

Core

Proxies

Security

Rewriter

Logging

NetFile Service

Hosts

Permissions

View

Operations

General

Netlet Service

Proxylet Service

Appendix C   Country Codes

Glossary

Copyright      Index      Next

---

Copyright 2004 Sun Microsystems, Inc. All rights reserved.