Sun Java logo     Previous      Contents      Index      Next     

Sun logo
Sun Java Enterprise System 2004Q2 Deployment Example Series: Evaluation Scenario 

Chapter 7
Configuring and Using Proxy Authentication

This chapter describes how to configure proxy authentication for the portal, messaging, and calendar services on your evaluation_host.

This chapter contains the following sections:

About Proxy Authentication

The default portal desktop has mail and calendar channels that connect to mail and calender services provided by Messaging Server and Calendar Server. Each time a user refreshes the portal desktop, the mail and calendar channels connect to their respective back-end services and retrieve mail and calendar information.

Up to this point in the evaluation scenario, the portal desktop uses the individual user ID to authenticate to the mail and calendar service. An alternative is to use proxy authentication, which makes possible a more complete display of mail and calendar information in the portal desktop. Proxy authentication also makes it possible for users to launch Messenger Express and Calender Express directly from the portal desktop.

Proxy authentication substitutes a proxy user ID for the individual user’s ID. When the user logs in to the portal desktop, the portal service uses the proxy user ID to authenticate to the mail and calendar channels.

To enable proxy authentication you must perform the following configuration:

The proxy user accounts act as a trusted agents on behalf of portal users. When the portal accesses the messaging and calendar services, the portal channels authenticate with the proxy user IDs instead of the individual user ID.

This makes is possible for the portal channels to access messaging and calendar services without using the individual user IDs and passwords to authenticate. Users who access the portal desktop can launch the mail and calendar interfaces from the portal desktop without logging in again.

Configuring the Portal Calendar Channel for Proxy Authentication

To enable proxy authentication for the sample portal Calendar channel, you configure the SSO Adapter Service. You perform this configuration in the Identity Server console.

    To Configure the Portal Calendar Channel for the SSO Adapter Service
  1. In your web browser, open the following URL:

    2. http://evaluation_host/amconsole/index.html

    The Identity Server login page is displayed.

  2. Type your User Name (amadmin) and password (password).

    3. Click Log In. The Identity Server console window is displayed.

  3. Click the Service Configuration tab.

    4. The Identity Server Services are displayed.

  4. Scroll down in the left pane. Locate SSO Adapter, and then click the arrow symbol that follows the name SSO Adapter.

    5. The right pane displays the SSO Adapter Service properties. You see a display similar to Figure 7-1.

    Figure 7-1  SSO Adapter Properties
    Screen capture; In left pane, SSO Adapter is selected. In right pane, list of SSO Adapters is displayed, as described in text.

  5. Edit the SUN-ONE-CALENDAR configuration properties. Do the following:
    1. Locate the list of SSO Adapter Templates.
    2. Locate the line for the SUN-ONE-CALENDAR adapter. Click Edit Properties.

      3. The right pane displays property details.

  6. Locate the host property. Click Merge.

    7. The right pane displays the Edit Property Types display.

  7. Change the value of several properties from Merge to Default. Do the following:
    1. Select the host property. Click Move to Default.
    2. Select the port property. Click Move to Default.
    3. Select the clientPort property. Click Move to Default.

      4. Click Save. The list of SUN-ONE-CALENDAR adapter properties is displayed.

  8. Use the text fields to edit the values of the following properties:
    1. Locate the enableProxyAuth property. Change the value to true.
    2. Locate the proxyAdminUid property. Change the value to calmaster.
    3. Locate the proxyAdminPassword property. Change the value to password.
    4. Locate the host property. Change the value to evaluation_host.
    5. Locate the port property. Change the value to 89.
    6. Locate the clientPort property. Change the value to 89.

      7. Click Save to apply your changes.

You have configured the portal calendar channel for proxy authentication. You continue working in the Identity Server console.

Configuring the Portal Mail Channel for Proxy Authentication

To enable proxy authentication for the sample portal Mail channel, you configure the SSO Adapter Service. You perform this configuration in the Identity Server console.

    To Configure the Portal Mail Channel for the SSO Adapter Service
  1. In the left pane, click the arrow symbol that follows the name SSO Adapter.

    2. The right pane displays the SSO Adapter Service properties. You see a display similar to Figure 7-1.

  2. Edit the SUN-ONE-MAIL configuration properties. Do the following:
    1. Locate the list of SSO Adapter Templates.
    2. Locate the line for SUN-ONE-MAIL. Click Edit Properties.

      3. The right page displays the SUN-ONE-MAIL property details.

  3. Locate the host property. Click “merge.”

    4. The right pane displays the Edit Property Types display.

  4. Change the value of several properties from merge to default:
    1. Select the host property. Click Move to Default.
    2. Select the clientPort property. Click Move to Default.

      3. Click Save. The right pane displays the list of SSO Adapter properties.

  5. Use the text fields to edit the values of the following properties:
    1. Locate the enableProxyAuth property. Change the value to true.
    2. Locate the proxyAdminUid property. Change the value to admin.
    3. Locate the proxyAdminPassword property. Change the value to password.
    4. Locate the host property. Change the value to evaluation_host.
    5. Locate the clientPort property. Change the value to 88.
  6. Click Save to apply your changes.
  7. Log out of the console.
  8. At a command line, change directory to the Web Server directory:

    9. cd /opt/SUNWwbsvr/https_evaluation_host

  9. Run the command to stop Web Server:

    10. ./stop

  10. Run the command to restart Web Server:

    11. ./start

    The startup process displays a series of startup messages. The startup process might take a few moments. When startup is complete, the following message is displayed:

    startup: server started successfully

Restarting Web Server restarts Portal Server and applies all of your configuration changes.

Configuring Messaging Server for Proxy Authentication

To configure Messaging Server for proxy authentication, you run configuration commands in the command line.

    To Configure Messaging Server for Proxy Authentication
  1. Change directory to the Messaging Server directory:

    2. cd /opt/SUNWmsgsr/sbin

  2. Run the command to configure Messaging Server:

    3. ./configutil -o store.admins admin

    This command permits the admin user ID to manage the Messaging Server message store and access the user mailboxes.

  3. Run the command to switch to the mail server root:

    4. su mailsrv

  4. Run the command to configure Messaging Server:

    5. ./configutil -o service.http.allowadminproxy -v yes

    This command permits Messaging Server to authenticate proxy accounts.

  5. Run the command to exit from the mail server root:

    6. exit

  6. Run the command to stop Messaging Server.

    7. ./stop-msg

  7. Run the command to restart Messaging Server.

    8. ./start-msg

    The startup process displays a series of startup messages. The startup process might take a few moments. When startup is complete, the following message is displayed:

    starting job-controller server

You have configured Messaging Server to accept proxy authentication.

Configuring Calendar Server for Proxy Authentication

To configure Calendar Server to accept proxy authentication, you edit the Calendar Server configuration file with a text editor. You also run configuration commands in the command line.

    To Configure Calendar Server for Proxy Authentication
  1. Change directory to the Calendar Server directory:

    2. cd /etc/opt/SUNWics5/config

  2. Open the ics.conf file in a text editor.

    3. Find each of the following properties and make the changes described. In some cases this means changing the value and uncommenting the line. In other cases, it simply means uncommenting the line.

    1. Locate the service.http.allowadminproxy property. Make sure it is uncommented. Make sure its value is set to yes:

      2. service.http.allowadminproxy=yes”

    2. Locate the service.admin.calmaster.userid property. Make sure it is uncommented. Make sure its value is set to calmaster:

      3. service.admin.calmaster.userid=”calmaster”

    3. Locate the service.admin.calmaster.cred property. Make sure it is uncommented. Make sure its value is set to password.

      4. service.admin.calmaster.cred=”password”

    4. Save and close the ics.conf file.
  3. Change directory to the Calendar Server directory.

    4. cd /opt/SUNWics5/cal/sbin

  4. Run the command to stop Calendar Server.

    5. ./stop-cal

  5. Run the command to restart Calendar Server.

    6. ./start-cal

    The startup process displays a series of startup messages. The startup process might take a few moments. When startup is complete, the following message is displayed:

    Calendar services were started.

You have configured Calendar Server for proxy authentication.

Using Proxy Authentication

In this section, you log in to the portal desktop and use proxy authentication to open the Messenger Express and Calendar Express interfaces directly from the portal desktop.

    To Use the Proxy Authentication Feature
  1. In your web browser, open this URL:

    2. http://evaluation_host/portal/dt

    The sample portal desktop is displayed.

  2. Use the Member Login fields to log in. Type the following values:
    • User Name: TestUser
    • Password: password

      • Click Login. The portal desktop calendar and mail channels display mail and calendar information for TestUser. You see a display similar to Figure 7-2.

      Figure 7-2  Portal Desktop Displaying Calendar and Mail Services
      Screen capture; portal desktop; scrolled down to display calendar and mail channels, which display summary information as described in text.

  3. Notice that the calendar and mail channels now display information.
  4. Click Launch Calendar.

    5. The Calender Express main window is displayed. This verifies that proxy authentication is configured correctly for Calendar Server.

  5. Click Launch Mail.

    6. The Messenger Express main window is displayed. This verifies that proxy authentication is configured correctly for Messaging Server.

  6. Click Log out.

You have completed the evaluation scenario. You can continue to explore other features of your evaluation deployment.



Previous      Contents      Index      Next     

Part No: 817-5417-10.   Copyright 2004 Sun Microsystems, Inc. All rights reserved.