Contents

List of Figures

List of Tables

List of Code Examples

About This Guide

Audience for This Guide

Identity Server 6.1 Documentation Set

Identity Server Core Documentation

Identity Server Policy Agent Documentation Set

Your Feedback on the Documentation

Documentation Conventions Used in This Guide

Typographic Conventions

Terminology

Related Information

Chapter 1   Introduction

What is Identity Management?

The Identity Management Infrastructure

The Life Cycle of an Identity Profile

Sun ONE Identity Server

Access Management

Single Sign-On (SSO)

Pluggable Authentication

Policy Evaluation

Federation Management

Liberty Alliance Project

Security Assertion Markup Language (SAML)

Identity Management

User Profile Management

Policy Configuration

Service Management

Auditing

Policy Agents

Identity Server Console

Programmatic Interfaces

Sun ONE Directory Server

Deploying Identity Server

Integrating Identity Server

Solaris™ Operating System

Windows 2000 Server

Linux

HPUX 11

Deployment Road Map

Deployment Guide Chapters

Related Identity Server Documentation

Chapter 2   Planning The Deployment

Defining Resources

Human Resources

Executive Sponsors

Team Lead

Project Management

Systems Analyst

LOB Application Administrators

System Administrators

Independent Software Vendors

Third Party Affiliates

Funding

Setting Goals

Gathering Information

Business Processes

IT Infrastructure

Virtual Data

Evaluating Applications

Platform Information

Security Models

Lifecycle Of A Session

Customization And Branding

Categorizing Data

Mapping To Authentication

Mapping To Authorization

Building Timelines

Deployment Design

Proof-of-Concept

Early Adoption

General Participation

Production Environment

Chapter 3   Identity Server Architecture

Overview

Integration Points

Policy Agents

Web And Proxy Server Agents

J2EE Agents

Identity Server SDK

SSO API

Authentication API And Authentication SPI

Policy API

Identity Managment SDK

Logging API and Logging SPI

Service Management SDK

Client Detection API

SAML SDK

Federation Management API

Functional Processes

Authentication and User Sessions

HTML Over HTTP(S) Interface

XML Over HTTP(S) Interface

Integrated Policy

Integrated Client Detection

CDSSO, SAML and Federation

CDSSO

SAML

Federation

Extending Identity Server

Web Containers

Multiple Directory Server Instances

LDAP Load Balancers

Chapter 4   Pre-Deployment Considerations

Deployment Options

Security

High Availability

Clustering

Scalability

Hardware Requirements

Software Requirements

Operating System Requirements

Patch Clusters for Solaris

Java™ Requirement

Resource Web Server Requirements

Web Browser Requirements

Understanding the Identity Server Schema

Marker Object Classes

Administrative Roles

Schema Limitations

People Containers

Only One Identity Server Organization Allowed

Unsupported Directory Trees

Chapter 5   Deployment Scenarios

Reference Deployment Scenario

To Install Multiple Identity Servers With ammultiserverinstall

Web Deployment

Java Application Deployment

Multiple JVM Environment

Replication Considerations

Configuring For Replication

Configuring With a Load Balancer

Replication Caveats

Implementing Federation Management

Appendix A   Installed Product Layout

The Sun Java Enterprise System 2003Q4 Base Directory

The SUNWam Directory

/opt/SUNWam/agents/

/opt/SUNWam/bin/

/config ---> /etc/opt/SUNWam/config/

/opt/SUNWam/console.war

/opt/SUNWam/docs

/opt/SUNWam/dtd

/opt/SUNWam/ldaplib

/opt/SUNWam/ldif

/opt/SUNWam/lib

/opt/SUNWam/locale

/opt/SUNWam/migration

/opt/SUNWam/password.war

/opt/SUNWam/public_html

/opt/SUNWam/samples

/opt/SUNWam/services.war

/opt/SUNWam/share

/opt/SUNWam/web-apps

Appendix B   The User Session Life Cycle

Overview

The Request

The Authentication

The Session Token

The Policy

The Requested Page

Single Sign-On Requests

Thread One: Single Sign-On

Thread Two: Cross Domain Single Sign-On

Terminating a Session

Appendix C   Authenticate Against Active Directory

Overview

Point to Existing LDAP Authentication Module

Create New Active Directory Authentication Module

Multiple LDAP Sub-Configurations

Setting Up Active Directory Authentication

Troubleshooting

Quick Access To Identity Server

Reconfigure Using Directory Server

Appendix D   Load Balancer Configuration

Load Balancer Overview

Sticky Sessions

Resonate Central Dispatch Installation

Configuring The Load Balancer

To Configure Central Dispatch for setcookie

To Configure Identity Server for setcookie

To Configure Central Dispatch with Load Balancer Cookies

To Configure Identity Server with Load Balancer Cookies

Confirming The Configuration

Appendix E   Authenticate Against RADIUS Servers

Overview

RADIUS Server Configuration

Identity Server Configuration

Appendix F   Installing in a chroot Environment

Overview

Before Creating chroot

Creating a chroot Environment

Installing Identity Server Under chroot

Starting Identity Server In chroot

Identity Server Log Files In chroot

Index

Previous      Index      Next

---

Copyright 2003 Sun Microsystems, Inc. All rights reserved.