Chapter 10 Managing the Portal Server Single Sign-On Adapter
This chapter describes how to configure the single sign-on (SSO) adapter in order to adjust options available to end users. This chapter contains the following sections:
Overview of the Single Sign-On Adapter
The single sign-on adapter service allows end users to use applications, such as a portal server provider or any other web application, to gain authenticated access to various resource servers after signing in once. The resource servers that can be accessed depend on the implementations of the SSO Adapter interface that are available in the system.
Portal Server provides SSO Adapters for the following resource servers: Address Book, Calendar, and Mail. Single Sign-On for the Instant Messaging channel is not achieved through SSO Adapter but through the use of the Sun Java System Portal Server authentication method. For information on this method, see the authMethod property in Instant Messaging Channel . The Address Book, Calendar, and Mail services are available through the products:
-
Sun Java System Calendar Server 5.1.1, 6.0, 6 2006Q2
-
Sun Java System Sun Java System Messaging Server 5.2, 6.0, 6 2006Q2
Resource servers are typically accessed by an application using a standard application programming interface (API), such as the JavaMailTM API for accessing a mail server. To create an authenticated connection using the API, the API must be provided the configuration data for the connection. The purpose of the SSO Adapter is to provide this configuration data, and the SSO Adapter service is used to store that data.
The SSO Adapter service defines two levels of data, meta-adapters and adapters. A meta-adapter defines a class of connections that are going to be made available to users. A single meta-adapter is used by many users. It defines data values that are the same for all users that use the meta-adapter including default values and identification of what values can be edited by a user. Therefore, meta-adapters are defined at a global service level.
An adapter builds upon a meta-adapter by providing data values that are specific to an organization, role, or user. An adapter references a meta-adapter, and takes data values from the meta-adapter for those properties that are not editable by the user. When an end user changes the user-editable properties of an adapter, that adapter would then apply only to that one user.
A Sun Java System Sun Java System Portal Server communication channel that uses the SSO Adapter service references either a meta-adapter or an adapter to get data values needed to obtain a connection to a resource server. If the channel references a meta-adapter, and the user saves configuration information, the reference is changed to refer to an adapter instead. The adapter then references the meta-adapter.
All administration for the SSO Adapter is done either through the Portal Server console web application or the psadmin command-line interface. The default deployment URI for Portal Server console is /psconsole. The default location for the psadmin CLI is /opt/SUNWportal/bin for Solaris.
Managing Meta-Adapters
A meta-adapter defines a class of connections that are going to be made available to users. A single meta-adapter is used by many users.
You can perform the following tasks using meta-adapters:
To View Meta-Adapters
Equivalent psadmin Command
To Create a Meta-Adapter
-
Select the SSO Adapter tab.
-
From List of Meta-Adapters click New Meta—Adapter to launch the wizard.
-
Follow the instructions and then click OK to create the specified Meta-Adapter.
Equivalent psadmin Command
psadmin create-ssoadapter-template
To View Adapters
Equivalent psadmin Command
Note –
The only list of adapters allowed by the CLI is by DN.
Managing Adapters
An adapter builds upon a meta-adapter by providing data values that are specific to an organization, role, or user. An adapter references a meta-adapter, and takes data values from the meta-adapter for those properties that are not editable by the user. When an end user changes the user-editable properties of an adapter, that adapter would then apply only to that one user.
You can perform the following tasks using SSO Adapter configurations:
To Create an Adapter
-
Select the SSO Adapter tab.
-
Select a meta-adapter under List of Meta-adapters.
-
Click View Adapters for Selected Meta-adapter.
-
Click New Adapter.
The New adapter page appears.
-
Provide the configuration attributes as necessary.
-
Click OK.
Equivalent psadmin Command
To Edit an Adapter Configuration Property
-
Select the SSO Adapter tab.
-
Click View Adapters for Locations.
-
From the Select DN drop-down menu, choose any DN.
The list of Adapters appears.
-
Select an adapter and modify the configuration attributes as necessary.
-
Click OK.
Equivalent psadmin Command
psadmin set-ssoadapter-property
Creating Anonymous Users
Without logging in, end users have access to any read-only communication channels that administrators have configured. However, end users are usually prevented from editing these channels.
To Create a List of Anonymous Users
-
Select the SSO Adapter tab.
-
From SSO Adapter Tasks, click Edit list of users allowed to access SSO Adapters without authentication.
-
From User locations, click Add Users.
-
From Users Found table, choose users.
-
Click Add Selected Users.
Note –The Anonymous Users function is available only through Portal Server management console.
- © 2010, Oracle Corporation and/or its affiliates