Contents

List of Figures

List of Tables

List of Procedures

About This Guide

Who Should Read This Guide

What You Need to Know

How This Book is Organized

Document Conventions Used in This Guide

Monospaced Font

Italicized Font

Square or Straight Brackets

Command-Line Prompts

Where to Find Related Information

Related Third-Party Web Site References

Where to Find This Guide Online

Chapter 1   Introduction to Sun ONE Portal Server, Secure Remote Access

Overview of Secure Remote Access

Open Mode

Secure Mode

Secure Remote Access Components

The Gateway

The Rewriter

The NetFile

The Netlet

Administering Secure Remote Access

Configuring Secure Remote Access Attributes

Setting Conflict Resolution

Supported Applications

Chapter 2   The Gateway

Overview of the Gateway

Creating a Gateway Profile

Understanding the platform.conf File

Starting and Stopping the Gateway

Restarting the Gateway

Specifying a Proxy to Contact the Identity Server

Running the Gateway in the chroot Environment

Restarting the Gateway in the chroot Environment

Creating Multiple Instances of a Gateway

Using Web Proxies

Using Proxy Auto Configuration

Using a Netlet Proxy

Creating Instances of a Netlet Proxy

Enabling a Netlet Proxy

Restarting a Netlet Proxy

Using a Rewriter Proxy

Creating Instances of a Rewriter Proxy

Enabling a Rewriter Proxy

Restarting a Rewriter Proxy

Using a Reverse Proxy with the Gateway

Obtaining Client Information

Using Authentication Chaining

Using Wild Card Certificates

Disabling Browser Caching

Customizing the Gateway Service User Interface

Using Federation Management

Federation Management Scenario

Configuring Federation Management Resources

Chapter 3   The Rewriter

Overview of the Rewriter

Rewriter Usage Scenarios

URLScraper

The Gateway

Writing Rulesets

Public Interface (RuleSet DTD)

Sample XML DTD

Procedure to Write Rules

Ruleset Guidelines

Defining the RuleSet Root Element

Defining Language Based Rules (Defining Rules)

Rules for HTML Content

Rules for JavaScript Content

Rules for XML Content

Rules for Cascading Style Sheets

Rules for WML

Configuring the Rewriter in the Gateway Service

Basic Tasks

Advanced Tasks

Troubleshooting Using Debug Logs

Setting the Rewriter Debug Level

Debug File Names

Working Samples

Samples for HTML Content

Samples for JavaScript Content

Sample for XML Attributes

Case Study

Mapping of 6.x RuleSet with 3.0

Chapter 4   The NetFile

Overview of the NetFile

Supported File Access Protocols

Enabling Access to the NetFile

Enabling Logging for the NetFile

Configure Unix Authentication

Customizing the NetFile

Chapter 5   The Netlet

Overview of the Netlet

Netlet Components

Netlet Usage Scenario

Working With Netlet

Defining Netlet Rules

Types of Rules

Netlet Rule Examples

Sample Netlet Rules

Enabling Netlet Logging

Terminating the Netlet at Logout

Customizing the Netlet

Running Netlet in a Sun Ray Environment

New HTML File

Deprecated HTML File:

Chapter 6   The Netlet With PDC

Configuring Netlet for PDC

Chapter 7   Certificates

Overview of SSL Certificates

Certificate Files

Certificate Trust Attributes

CA Trust Attributes

The certadmin Script

Generating Self-Signed Certificates

Generating a Certificate Signing Request (CSR)

Adding a Root CA Certificate

Installing SSL Certificates From the Certificate Authority

Ordering a Certificate from a CA

Installing a Certificate from a CA

Deleting a Certificate

Modifying the Trust Attributes of a Certificate

Listing Root CA Certificates

Listing All Certificates

Printing a Certificate

Chapter 8   Configuring URL Access Control

Set up a URL Deny List

Set up a URL Allow List

Manage Single Sign-On

Customize the Access List Interface

Chapter 9   Configuring the Gateway

The Core Tab

Enable HTTP and HTTPS Connections

Enable and Create a List of Rewriter Proxies

Enable Netlet

Enable and Create a List of Netlet Proxies

Enable Cookie Management

Enable HTTP Basic Authentication

Enable Persistent HTTP Connections

Specify the Maximum Number of Request per Persistent Connection

Specify Timeout After Closure of Persistent Sockets

Specify Grace Timeout to Account for Turnaround Time

Create List of Forward Cookie URLs

Specify the Maximum Connection Queue Length

Specify the Gateway Timeout

Specify the Maximum Thread Pool Size

Specify the Cached Socket Timeout

Create List of Portal Servers

Specify Server Retry Interval

Enable Storage of External Server Cookies

Enable Obtaining of a Session from a URL

Enable Marking Cookies as Secure

The Proxies Tab

Enable Usage of Web Proxies

Create List of URLS for Webproxies

Create List of URLs for Proxies not to be Used

Create List of Proxies for Domains and Subdomains

Create List of Proxy Passwords

Enable Proxy Auto Config (PAC) Support

Specify PAC File Location

Enable Tunnel Netlet via Web Proxy

The Security Tab

Create List of Non-authenticated URLs

Create List of Certificate-Enabled Gateway Hosts

Allow 40-bit Browser Connections

Enable SSL Version 2.0

Enable SSL Cipher Selection

Enable SSL Version 3.0

Disable Null Ciphers

Create List of Trusted SSL Domains

Configure Personal Digital Certificate (PDC) Authentication

The Rewriter Tab

Enable Rewriting of All URLs

Create List of URIs to RuleSet Mappings

Create List of Parser to MIME Mappings

Specify the Default Domain and Subdomain

Create List of URIs Not to Rewrite

Enable MIME Guessing

Create List of Parser to URI Mappings

Enable Obfuscation

Specify the Obfuscator Seed String

Create List of URIs Not to Obsure

Make a Gateway Protocol the Same as the Original URI Protocol

The Logging Tab

Enable Logging

Enable Netlet Logging

Chapter 10   Configuring the NetFile

The Hosts Tab

Specify the OS Character Set

Specify Host Detection Order

Configure a Common Hosts List

Specify the Default Domain

Specify the Windows Domain/Workgroup

Specify the Default WINS/DNS Server

Specify Access to Different Types of Hosts

Configure the Allowed Hosts List

Configure the Denied Hosts List

The Permissions Tab

The View Tab

Specify the NetFile Window Size

Specify the NetFile Window Location

The Operations Tab

Specify the Temporary Files Directory

Set the File Upload Size Limit

Specify the Search Directories Limit

Specify Compression Attributes

The General Tab

Specify the MIME-types Configuration File Location

Enable Debugging for the NetFile

Chapter 11   Configuring the Netlet

Assign the Netlet Service to a User

Add a Netlet Rule

Modify an Existing Netlet Rule

Delete a Netlet Rule

Specify the Default Encryption Cipher

Assign the Default Loopback Port

Enable Reauthentication for Connections

Disable Warning Popup for Connections

Enable the Show Checkbox in Port Warning Dialog

Set the Keep Alive Interval

Set the Terminate Netlet at Portal Logout Option

Define Access to Netlet Rules

Denying Access to Netlet Rules

Allow Access to Hosts

Deny Access to Hosts

Appendix A   Configuring SSL Accelerators

Overview

Sun Crypto Accelerator 1000

Enable Crypto Accelerator 1000

Configure Crypto Accelerator 1000

Sun Crypto Accelerator 4000

Enable Crypto Accelerator 4000

Configure Crypto Accelerator 4000

External SSL Device and Proxy Accelerators

Enable an External SSL Device Accelerator

Configure an External SSL Device Accelerator

Appendix B   Country Codes
Appendix C   Configuration Attributes

Access List Service

Gateway Service

Core

Proxies

Security

Rewriter

Logging

NetFile Service

Hosts

Permissions

View

Operations

General

Netlet Service

Copyright      Index      Next

---

Copyright 2003 Sun Microsystems, Inc. All rights reserved.