Sun Java System Communications Express 6 2005Q4 Administration Guide

Setting up Messaging Single Sign-On

This section explains how to set up Communications Express with Messaging Single Sign-On. If you have chosen to adopt Sun Java System LDAP Schema, v.1 as the schema model, you need to enable Messaging SSO in Communications Express to use the Messaging Single Sign-On mechanism for authentication.

When configuring Communications Express, the configuration wizard does not set any of the mandatory SSO related parameters. You need to manually set the required parameters as explained below. Also, note that Messaging SSO does not support virtual domains and Messenger Express will not run in SSL mode when Messaging SSO is enabled.

If you have deployed Messenger Express as MEM, ensure that the value of the following parameters in Messaging Server are the same at the backend and frontend:

local.webmail.sso.id
local.webmail.sso.uwclogouturl
local.webmail.sso.uwchome
local.webmail.sso.ims.verifyurl
local.webmail.sso.prefix
local.sso.uwc.verifyurl
local.webmail.sso.cookiedomain
local.webmail.sso.enable
local.webmail.sso.uwcenabled
local.webmail.sso.uwcport
local.webmail.sso.singlesignoff
local.webmail.sso.uwccontexturi

To Enable Communications Express Using Messaging SSO

Steps

Open the uwc-deployed-path/WEB-INF/config/ uwcauth.properties file.

Modify the following mail specific parameters in uwcauth.properties file to enable Communications Express access Messenger Express.

Parameters	Purpose
uwcauth.appprefix	Specifies the prefix used to find cookies generated by other trusted applications for SSO. The prefix is used to find cookies generated by other trusted applications during single sign-on. If the deployment uses Messaging SSO, this attribute should be assigned the value of `local.webmail.sso.prefix` set during messaging server configuration. The default value is `iPlanetDirectoryPro`
uwcauth.appid	Specifies the application ID for Communications Express. The default value is uwc.
uwcauth.cookiedomain	Specifies the domain name saved as part of the single sign-on cookie.
uwcauth.messagingsso.enable	Enables or disables messaging single sign-on functionality. Set this parameter to `true` to enable single sign-on and `false` to disable single sign-on. Also, make sure that `uwcauth.messagingsso.enable` is set to `false` when setting up Communications Express for Access Manager Single Sign-On. The default value is true.
uwcauth.messagingsso.cookiepath	Specifies the URI path for which the single sign-on cookie is saved. The default value is `/.`
messagingsso.xxx.url	Specifies the URL used to verify the SSO cookie. The value of xxx should be replaced by the application ID of the server. For example, if you want to enable SSO with Messaging Server whose application ID is “msg60”, you need to add the following configuration parameter: `mesagingsso.msg60.url=http://servername/VerifySSO?` The value of `xxx` mentioned here should be identical to the value assigned in Messenger Express `local.webmail.sso.id`. The default value is `http://servername` `/VerifySSO?`
messagingsso.uwc.url	When Communications Express is not deployed under `/,` such as `/uwc`, the value of the parameter may look like: `http://servername:85/uwc/VerifySSO?`
messagingsso.appid	Specifies the Messaging Server application ID. The value of `messagingsso.appid` should be same as the `local.webmail.sso.id` set during messaging server configuration `.` The default value is ims.
messagingsso.ipsecurity	Determines whether or not to restrict session access login IP address. If set to `true` when the user logs in, the server remembers which IP address the user used to log in.Then it only allows that IP address to use the session cookie it issues to the user while establishing sso with messaging server. If set to `false`, Communications Express does not perform this IP address check and restricts the access to the session. The default value is `true.`

Once the parameters in are set in uwc-deployed-path /WEB-INF/config/uwcauth.properties file, Communication Express users will be able to access Messenger Express using the Messaging Single Sign-on mechanism for authentication.

To enable Messenger Express Using Messaging SSO

Steps

Run the configutil tool.

msg-svr_install_root/sbin/configutil

Set the following mail specific parameters using the configutil tool.

Parameter	Purpose
local.sso.<uwc-appid\>.verifyurl	When Communications Express is not deployed under `/`, such as `/uwc`, the default value of the parameter may look like: `http://siroe.example.com:85/uwc/VerifySSO?`
local.webmail.sso.id	Specifies the value that is used to identify Messenger Express to other applications.
local.webmail.sso.cookiedomain	The string value of this parameter is used to set the cookie domain value of SSO cookie by the Messenger Express HTTP server. The value must begin with a period (.), for example, “`.example.com` ” when the fully qualified hostname is `siroe.example.com` . Ensure that the value specified for this parameter is the same as that entered for `uwcauth.cookiedomain.` For example, `.example.com`
local.webmail.sso.enable	Enables or disables Messaging single sign-on functionality. Set the value to `0` to disable Messaging single sign-on functionality.
local.webmail.sso.prefix	Specifies the prefix used to find cookies generated by other trusted applications for SSO. Ensure this value corresponds to the value entered for `uwcauth.appprefix.`
local.webmail.sso.singlesignoff	If set to `1`, when the user logs out, the server removes all single sign-on cookies for the user matching the value of l`ocal.webmail.sso.apprefix.` If set to `0`, the server removes only its single sign-on user cookie.
local.webmail.sso.uwcenabled	Enables or disables Messenger Express access from Communications Express. Set to `1`, to enable Messenger Express access from Communications Express. Set to `0`, to disable Messenger Express access from Communications Express.
local.webmail.sso.uwclogouturl	Specifies the URL used by Messenger Express to invalidate the Communications Express session. f you have configured `local.webmail.sso.uwclogouturl` explicitly in Messenger Express then this value is used to logout. Otherwise, Messenger Express constructs the logout url based on the http host in the request header. For example, `http://siroe.example.com:85/base/UWCMain?op=logout` When Communications Express is not deployed under `/`, such as `/uwc`, the default value of the parameter may look like: `http://siroe.example.com:85/uwc/base/UWCMain?op=logout`
local.webmail.sso.uwcport	Specifies the Communications Express port. For example, `85`.
local.webmail.sso.uwccontexturi	Specifies the path in which Communications Express is deployed. Specify this parameter only when Communications Express is not deployed under `/`. For example, if Communications Express is deployed in `/uwc`, `local.webmail.sso.uwccontexturi=uwc` For example, `uwc.`
local.webmail.sso.uwchome	Specifies the url required to access the home link. For example, `http://www.sun.com`
local.webmail.sso.ims.verifyurl	Specifies the URL used to verify the SSO cookie. For example, `http://siroe.example.com/VerifySSO?` Here it is assumed that webmail is deployed on port `80`.

Communications Express users will now be able to access Messenger Express using Messaging Single Sign-on mechanism for authentication.