Sun Java logo     Previous      Contents      Index      Next     

Sun logo
Sun Java Enterprise System 2003Q4 Deployment Example Series: Evaluation Scenario 

Chapter 6
Configuring Single Sign-On

This chapter describes how to set up Identity Server single sign-on (SSO) for the portal, messaging, and calendar services.

This chapter contains the following sections:

Single Sign-On Overview

When single sign-on is enabled, Java Enterprise System users log on once, with a user ID and a system password. Users log on to the first service they access. After that, they can navigate to any other Java Enterprise System service without logging in again.

The gateway for accessing Java Enterprise System services is Identity Server. When a user first accesses a Java Enterprise System service, he or she is authenticated by Identity Server. When the user navigates to another Java Enterprise System service, Identity Server confirms that the user has already been authenticated. The user is able to access the next service without logging in again.

Configuring Messaging Server for Single Sign-On

This section describes how to configure Messaging Server for SSO.

    To Configure Messaging Server for SSO
  1. Navigate to the Messaging Server directory:

    2. cd /opt/SUNWmsgsr/sbin

  2. Run the following variations of the configutil command:
    1. ./configutil -o local.webmail.sso.amnamingurl
      -v http:allinone.example.com:81/amserver/namingservice

      2. Tip

      Remember to substitute the host and domain that you are using.

    2. ./configutil -o local.webmail.sso.amcookie
      -v iPlanetDirectoryPro
    3. ./configutil -o local.webmail.sso.singlesignoff -v 1
    4. ./configutil -o service.http.ipsecurity -v no
  3. Stop Messaging Server:

    4. ./stop-msg

  4. Restart Messaging Server:

    5. ./start-msg

Configuring Calendar Server for Single Sign-On

This section describes how to configure Calendar Server for SSO.

    To Configure Calendar Server for SSO
  1. Navigate to the Sun ONE Calendar Server directory:

    2. cd /etc/opt/SUNWics5/config

  2. Edit the ics.conf file. Find each of the following parameters and make the following changes. In some cases this means changing the value and uncommenting the line. In other cases, it simply means uncommenting the line.
    1. Find local.calendar.sso.amcoookiename. Uncomment the item. Leave its value set to iPlanetDirectoryPro.
    2. Find local.calendar.sso.amnamingurl. Uncomment the item and set its value to http://allinone.example.com:81/amserver/namingservice.
    3. Find local.calendar.sso.singlesignoff. Uncomment the item. Leave its value set to yes.
    4. Find local.calendar.sso.logname. Uncomment the item. Leave its value set to am_sso.log.
    5. Find service.http.ipsecurity. Uncomment the item. Change its value to no.
    6. Find render.xslonclient.enable. Change its value to no.
  3. Save the ics.conf file and exit.
  4. Navigate to the Sun ONE Calendar Server directory:

    5. cd /opt/SUNWics5/cal/sbin

  5. Stop Sun ONE Calendar Server:

    6. ./stop-cal

  6. Restart Sun ONE Calendar Server:

    7. ./start-cal

Verifying Single Sign-on Configuration

This section describes how to verify the single sign-on configuration.

    To Verify End User Access to Services With SSO
  1. In your web browser, open the following URL:

    2. http://allinone.example.com:81/portal/

    Tip

    Remember to substitute the host and domain that you are using.

    The Portal Server sample desktop opens.

  2. Using the Member Login fields, log in as the end user you created in Chapter 4. Use the following values:
    • User ID: scott
    • Password: password

      • Click the Login button. The Desktop is refreshed, and displays information about the user. This verifies that you created and configured the user correctly.

      Note

      Logging in to Portal Server sets SSO cookies, which enable the user to access messaging and calendar services without logging in again.

  3. In your web browser open the following URL:

    4. http://allinone.example.com:88

    The Messenger Express main window opens, but you are not prompted to log in a second time. This verifies that you configured SSO correctly.

  4. In your web browser, open the following URL:

    5. http://allinone.example.com:89

    The Sun ONE Calender Express main window opens, but you are not prompted to log in a second time. This verifies that you configured single sign-on correctly.

    Tip

    Remember to substitute the host and domain that you are using.

  5. In the Sun ONE Calendar Express main window, click Logout in the upper right corner of the window.

    6. The Calendar Express Login page is displayed.

  6. In your web browser, open this URL:

    7. http://allinone.example.com:81/portal/

    The sample portal Desktop page opens. It displays the Member Login channel and prompts you to log in. This verifies that logging out of Calendar Express logged you out of all Java Enterprise System services.



Previous      Contents      Index      Next     

Copyright 2004 Sun Microsystems, Inc. All rights reserved.