Sun Java logo     Previous      Contents      Index      Next     

Sun logo
Sun Java Enterprise System 2004Q2 Deployment Example Series: Evaluation Scenario 

Chapter 6
Configuring and Using Single Sign-On

This chapter describes how to set up Identity Server single sign-on (SSO) for the portal, messaging, and calendar services on your evaluation_host.

This chapter contains the following sections:

About Sign-On

When single sign-on is enabled, Java ES users log in to the first service they access. After that, they can use any other single sign-on enabled service without logging in again. In the evaluation scenario, single sign-on is enabled for the Java ES portal, messaging, and calendar services. In a production environment, Identity Server also supports single sign-on for other kinds of services, including your custom applications.

The gateway for single sign-on is Identity Server. When a user first accesses a single-sign on enabled service, he or she is authenticated by Identity Server. When the user accesses another single sign-on enabled service, Identity Server confirms that the user has already been authenticated. The user is able to access the next service without logging in again.

Configuring Messaging Server for Single Sign-On

This section describes configuring Messaging Server for single sign-on (SSO).

    To Configure Messaging Server for SSO
  1. Change directory to the Messaging Server directory:

    2. cd /opt/SUNWmsgsr/sbin

  2. Run the following variations of the Messaging Server configuration command:
    1. ./configutil -o local.webmail.sso.amnamingurl
      -v http://      evaluation_host/amserver/namingservice
    2. ./configutil -o local.webmail.sso.amcookie
      -v iPlanetDirectoryPro
    3. ./configutil -o local.webmail.sso.singlesignoff -v 1
    4. ./configutil -o service.http.ipsecurity -v no
  3. Run the command to stop Messaging Server:

    4. ./stop-msg

  4. Run the command to restart Messaging Server:

    5. ./start-msg

    The startup process displays a series of startup messages. The startup process might take a few moments. When startup is complete, the following message is displayed:

    starting job-controller server

You have configured Messaging Server for SSO.

Configuring Calendar Server for Single Sign-On

This section describes configuring Calendar Server for SSO.

    To Configure Calendar Server for SSO
  1. Change directory to the Calendar Server configuration directory:

    2. cd /etc/opt/SUNWics5/config

  2. Edit the ics.conf file.

    3. Find each of the following parameters and make the described changes. In some cases this means changing the value and uncommenting the line. In other cases, it simply means uncommenting the line.

    1. Find local.calendar.sso.amcoookiename. Uncomment the item. Leave its value set to iPlanetDirectoryPro.
    2. Find local.calendar.sso.amnamingurl. Uncomment the item and set its value to http://evaluation_host:80/amserver/namingservice.
    3. Find local.calendar.sso.singlesignoff. Uncomment the item. Leave its value set to yes.
    4. Find local.calendar.sso.logname. Uncomment the item. Leave its value set to am_sso.log.
    5. Find service.http.ipsecurity. Uncomment the item. Change its value to no.
    6. Find render.xslonclient.enable. Change its value to no.
  3. Save the ics.conf file and exit.
  4. Change directory to the Calendar Server directory:

    5. cd /opt/SUNWics5/cal/sbin

  5. Run the command to stop Calendar Server:

    6. ./stop-cal

  6. Run the command to restart Calendar Server:

    7. ./start-cal

    The startup process displays a series of startup messages. The startup process might take a few moments. When startup is complete, the following message is displayed:

    Calendar services were started.

You have configured Calendar Server for SSO.

Using Single Sign-on

This section describes how to log in and use single sign-on authentication.

    To Log In to Portal, Messaging, and Calendar Services with SSO.
  1. In your web browser, log in to portal services. Open the following URL:

    2. http://evaluation_host/portal/dt

    The Portal Server sample desktop is displayed.

  2. Using the Member Login fields, log in as Test User. Type the following values:
    • User ID: TestUser
    • Password: password

      • Click the Login button. The desktop displays the user’s first name and last name. This verifies that you are logged in.

      Note

      Logging in to Portal Server sets SSO cookies, which enable the user to access messaging and calendar services without logging in again.

  3. In your web browser, access messaging services. Open the following URL:

    4. http://evaluation_host:88

    The Messenger Express main window is displayed, but you are not prompted to log in a second time. You are authenticated by SSO.

  4. In your web browser, access calendar services. Open the following URL:

    5. http://evaluation_host:89

    The Calender Express main window is displayed, but you are not prompted to log in a second time. You are authenticated by SSO.

  5. In the Calendar Express main window, click Logout (in the upper right corner of the window).

    6. The Calendar Express Login page is displayed. You are now logged out of all SSO-enabled services.

  6. In your web browser, attempt to access portal services again. Open the following URL:

    7. http://evaluation_host/portal/dt

    The sample portal Desktop page is displayed. It displays the Member Login channel and prompts you to log in. This demonstrates that logging out of one SSO-enabled service logs you out all SSO-enabled services.

You have now configured your Java ES services for single sign-on and used single sing-on authentication.



Previous      Contents      Index      Next     

Part No: 817-5417-10.   Copyright 2004 Sun Microsystems, Inc. All rights reserved.