Copyright      Index      Next
Sun Java System Identity Server 2004Q2 Deployment Planning Guide

Contents

List of Figures

List of Tables

List of Code Examples

About This Guide

Audience for This Guide

Identity Server 2004Q2 Documentation Set

Identity Server Core Documentation

Identity Server Policy Agent Documentation Set

Your Feedback on the Documentation

Documentation Conventions Used in This Guide

Typographic Conventions

Terminology

Related Information

Related Third-Party Web Site References

Chapter 1   Introduction

What is Identity Management?

The Identity Management Infrastructure

The Life Cycle of an Identity Profile

Sun Java System Identity Server

Access Management

Single Sign-On (SSO)

Pluggable Authentication

Policy Evaluation

Federation Management

Liberty Alliance Project

Security Assertion Markup Language (SAML)

Identity Management

User Profile Management

Policy Configuration

Service Management

Auditing

Policy Agents

Identity Server Console

Programmatic Interfaces

Sun Java System Directory Server

Deploying Identity Server

Integrating Identity Server Using a Policy Agent

Deployment Road Map

Deployment Planning Guide Chapters

Related Identity Server Documentation

Chapter 2   Planning The Deployment

Defining Resources

Human Resources

Executive Sponsors

Team Lead

Project Management

Systems Analyst

LOB Application Administrators

System Administrators

Independent Software Vendors

Third Party Affiliates

Funding

Setting Goals

Gathering Information

Business Processes

IT Infrastructure

Virtual Data

Evaluating Applications

Platform Information

Security Models

Lifecycle of a Session

Customization and Branding

Categorizing Data

Mapping To Authentication

Mapping To Authorization

Building Timelines

Deployment Design

Proof-of-Concept

Early Adoption

General Participation

Production Environment

Tuning Your Deployment

Chapter 3   Identity Server Architecture

Overview

Integration Points

Policy Agents

Web and Proxy Server Agents

J2EE Agents

Identity Server SDK

Identity Management SDK

Service Management SDK

Authentication API and Authentication SPI

Utility API

Logging API and Logging SPI

Client Detection API

SSO API

Policy API

SAML SDK

Federation Management API

Functional Processes

Authentication and User Sessions

HTML Over HTTP(S) Interface

XML Over HTTP(S) Interface

Integrated Policy

Integrated Client Detection

CDSSO, SAML and Federation

CDSSO

SAML

Federation

Extending Identity Server

Web Containers

Multiple Directory Server Instances

LDAP Load Balancers

Chapter 4   Pre-Deployment Considerations

Deployment Options

Security

High Availability

Clustering

Scalability

Hardware Requirements

Software Requirements

Operating System Requirements

Patch Clusters for Solaris

JDK Software Requirements

Web Container Requirements

Directory Server Requirements

Web Browser Requirements

Understanding the Identity Server Schema

Marker Object Classes

Administrative Roles

Administrator Passwords

Schema Limitations

Only One Type of Entry Can be Marked as an Organization

People Containers Must be Parent Entries for Users

Only One Organization Description is Allowed in the Identity Server XML

Examples of Unsupported DITs

Chapter 5   Deployment Scenarios

Multiple Servers Scenario

To Install Multiple Identity Server Instances

Web Deployment

Java Application Deployment

Multiple JVM Environment

Replication Considerations

Configuring For Replication

Configuring With a Load Balancer

Replication Caveats

Directory Server With a Firewall

Setting the Global Timeout Attribute

Setting the Timeout for Individual Client Connections

Session Failover for Identity Server

Overview of Session Failover

Requirements for Session Failover

Implementing Session Failover

Install Web Server 6.0 SP6 (for the Load Balancer Plug-in)

Install and Configure Application Server 7.0.0_01 EE

Install Identity Server Instances

Configure Identity Server 2004Q2

Identity Server and Portal Server Deployment

Installation on a Single Server

Installation on Multiple Servers

Federation Management

Appendix A   Installed Product Layout

Base Installation Directory

Product Directory

/agents Directory

/bin Directory

/docs Directory

/dtd Directory

/include Directory

/ldaplib/ Directory

/lib Directory

/locale Directory

/migration Directory

/public_html Directory

/samples Directory

/share Directory

/web-src Directory

/debug, /logs, and /tmp Directories

Configuration (/config) Directory

Appendix B   The User Session Life Cycle

Overview

The Request

The Authentication

The Session Token

The Policy

The Requested Page

Single Sign-On Requests

Thread One: Single Sign-On

Thread Two: Cross Domain Single Sign-On

Terminating a Session

Appendix C   Authenticate Against Active Directory

Overview

Point to Existing LDAP Authentication Module

Create New Active Directory Authentication Module

Multiple LDAP Sub-Configurations

Setting Up Active Directory Authentication

Troubleshooting

Quick Access To Identity Server

Reconfigure Using Directory Server

Appendix D   Installing in a chroot Environment
Appendix E   Load Balancer Configuration

Load Balancer Overview

Sticky Sessions

Resonate Central Dispatch Installation

Configuring The Load Balancer

To Configure Central Dispatch for setcookie

To Configure Identity Server for setcookie

To Configure Central Dispatch with Load Balancer Cookies

To Configure Identity Server with Load Balancer Cookies

Confirming The Configuration

Appendix F   Authenticate Against RADIUS Servers

Overview

RADIUS Server Configuration

Identity Server Configuration

Glossary

Index

Copyright      Index      Next

---

Copyright 2004 Sun Microsystems, Inc. All rights reserved.