Contents

List of Figures

List of Tables

List of Procedures

About This Guide

Who Should Read This Guide

What You Need to Know

How This Book is Organized

Document Conventions Used in This Guide

Monospaced Font

Italicized Font

Square or Straight Brackets

Command-Line Prompts

Where to Find Related Information

Where to Find This Guide Online

Chapter 1   Introduction to Sun ONE Portal Server, Secure Remote Access

Secure Remote Access

Open Mode

Secure Mode

Administering Secure Remote Access

Components of Secure Remote Access

Gateway

Netlet

NetFile

Rewriter

Configuring Secure Remote Access

Configuring URL Access Control

Setting up a URL Deny List

Setting up a URL Allow List

Managing Single Sign-On

Customizing the Access List Interface

Integrating Outlook Web Access

Chapter 2   Administering the Gateway

Overview of the Gateway

Creating a Gateway Profile

Starting and Stopping the Gateway

Creating Multiple Instances of a Gateway

Creating a New Instance on a Portal Server Node

Creating a New Instance on a Separate Node

Configuring a Proxy to Contact the Portal Server

Restarting the Gateway

Configuring the Gateway Attributes

Running in HTTP and HTTPS Modes

Enabling the Rewriter Proxy

Disabling Netlet

Enabling Netlet Proxy

Managing Proxies

Specifying URLS for Webproxies

Specifying URLs for which Proxies Should not be Used

Specifying the Default Domain and Subdomain

Specifying Proxy Authentication Information

Configuring Cookies

Enabling HTTP Basic Authentication

Configuring Persistent HTTP Connections

Forwarding Cookie Configuration

Specifying URLs that Bypass Authentication

Specifying the Maximum Connection Queue Length

Specifying the Gateway Timeout

Specifying the Maximum Number of Threads

Specifying the Cached Socket Timeout

Configuring Personal Digital Certificate (PDC) Authentication

Allowing 40-bit Browser Connections

Disabling SSL Version 2.0

Enabling Cipher Selection

Rewriting all URLs

Specifying the List of Configured Portal Servers

Specifying the Retry Interval for the Portal Server

Enabling Logging

Enabling Netlet Logging

Authentication Chaining

Wild Card Certificates

Disabling Browser Caching

Running the Gateway in the chroot Environment

Restarting the Gateway in the chroot Environment

Customizing the Gateway User Interface

Understanding the platform.conf File

Chapter 3   Configuring Netlet

Overview of Netlet

Netlet Components

Netlet Usage Scenario

Working With Netlet

Defining Netlet Rules

Netlet Rule Syntax

Types of Rules

Default Ports for Applications

Netlet Rule Examples

Creating a Netlet Rule

Modifying an Existing Netlet Rule

Deleting a Netlet Rule

Configuring Netlet Attributes

Netlet Attributes at the Service Configuration Level

Netlet Attributes at the Organization Level

Netlet Attributes at the User Level

Setting the Conflict Resolution Level

Specifying the Default Encryption Algorithm

Specifying the Key Size for Algorithms

Assigning the Default Loopback Port

Enabling Reauthentication for Connections

Disabling Warning Popup for Connections

Enabling the Show Checkbox in Port Warning Dialog

Setting the Keep Alive Interval

Setting the Terminate Netlet at Portal Logout Option

Defining Access to Netlet Rules

Denying Access to Netlet Rules

Allowing Access to Hosts

Denying Access to Hosts

Configuring the Netlet Proxy

Restarting the Netlet Proxy

Configuring Multiple Instances of the Netlet Proxy

Creating a New Instance on a Portal Server Node

Creating a New Instance on an Separate Server Node

Sample Netlet Rules

Enabling Netlet Logging

Customizing the Netlet

Chapter 4   Configuring NetFile

Overview of NetFile

Supported File Access Protocols

Enabling Access to NetFile

Configuring NetFile Attributes

Setting NetFile Attributes at the Service Configuration Tab

Setting NetFile Attributes at the Organization Level

Setting NetFile Attributes at the User Level

Specifying the Temporary Files Directory

Specifying the OS Character Set

Specifying the SMB Client Location

Specifying the MIME-types Configuration File Location

Setting the Conflict Resolution Level

Specifying the NetFile Window Size

Specifying the NetFile Window Location

Specifying the Default Domain

Specifying the Windows Domain/Workgroup

Specifying the Search Directories Limit

Specifying Access to Different Types of Hosts

Configuring a Common Hosts List

Configuring the Allowed Hosts List

Configuring the Denied Hosts List

Setting File Delete Permissions

Setting File Rename Permissions

Allowing User ID Change

Allowing NT Domain Change

Setting the File Upload Size Limit

Enabling Debugging for NetFile

Enabling Logging for NetFile

Configuring Unix Authentication

Chapter 5   Configuring Rewriter

Overview of Rewriter

Expanding Relative URLs to Absolute URLs

Prefixing the Gateway URL to the Existing URL

Target Audience

Supported URLs and Exceptions

Supported URLs

Exceptions

Defining Rewriter Rules and Rulesets

Pre-packaged Rulesets

Restoring the Pre-packaged Rulesets

Creating a Ruleset and Defining Rules

Configuring the Rewriter in the Gateway Service

Rewriting all URLs

Assigning Rulesets to Domains

Ruleset for Outlook Web Access

Specifying the MIME Mappings

Using Pattern-matching in Rules

Rules for HTML Content

Attribute Rules for HTML Content

JavaScript Token Rules for HTML Content

Form Rules for HTML Content

Applet Rules for HTML Content

Rules for JavaScript Content

Variables in JavaScript

Function Parameters in JavaScript

Rules for XML Content

Tag Text in XML

Attributes in XML

Cascading Style Sheets

Client-side Rewriting

Sample Ruleset

Case Study

Writing Rules for the Rewriter

Working Samples

Sample for Forms

Sample for HTML Attributes

Sample for Applets

Sample for HTML JavaScript Tokens

Sample for JavaScript URL Variables

Sample for JavaScript EXPRESSION Variables

Sample for JavaScript DHTML Variables

Sample for JavaScript DJS Variables

Sample for JavaScript SYSTEM Variables

Sample for JavaScript URL Functions

Sample for JavaScript EXPRESSION Functions

Sample for JavaScript DHTML Functions

Sample for JavaScript DJS Functions

Sample for XML Attributes

Ruleset DTD

Enabling Rewriter Debug Information

Mapping of Rules with SP4

Chapter 6   Working With Certificates

Certificate Management

Certificate Files

Trust Attributes

Certificate Authorities (CAs)

The certadmin Script

Generating a Self-signed SSL Certificate

Obtaining and Installing an SSL Certificate From a CA

Listing Root CA Certificates

List All Certificates

Modifying the Trust Attributes of a Certificate

Appendix A   Configuring the SSL Accelerator

Overview of the SSL Accelerator

Enabling SSL Hardware Support for the Sun™ ONE Portal Server, Secure Remote Access

Appendix B   Country Codes

Glossary

Previous      Index      Next

---

Copyright 2003 Sun Microsystems, Inc. All rights reserved.