test

Sun Java Enterprise System 2005Q1 Deployment Example Series: Evaluation Scenario

About Single Sign-On

Java ES provides two related mechanisms for implementing SSO. This section describes both.

About Access Manager Single Sign-On

Access Manager SSO supports SSO access to all web-based interfaces. When a user first accesses an SSO-enabled service through a web browser, Access Manager authenticates the user and then sends a SSO cookie to the user's web browser. When the user accesses another SSO-enabled service, the user's web browser first confirms with Access Manager that the user's session is still open and then returns the SSO cookie, which confirms authentication, to Access Manager. The user is able to access the next service without logging in again.

To set up Access Manager SSO for the evaluation solution, you configure your Messaging Server and Calendar Server instances to use SSO instead of their default authentication mechanisms. Access Manager and Communications Express are configured by default for Access Manager SSO.

About Portal Server Proxy Authentication

Portal Server Proxy authentication substitutes a proxy user ID for the individual user’s ID. When the user logs in to the portal service, the portal service authenticates the user's own ID for accessing the portal service. If any channels in the portal desktop are configured for proxy authentication, the portal service uses the proxy user ID to authenticate the channel services, and the user' information appears in the channel sections of the portal desktop.

To set up portal service proxy authentication, you use the Access Manager console to configure a portal SSO adaptor for each service. You must also provision each user account with the LDAP attributes required for proxy authentication.

For the evaluation solution, you set up proxy authentication for the sample portal desktops's mail and calendar channels. For the proxy accounts, you use the administrator accounts for the services: the admin account for the mail service, and the calmaster account for the calendar service. Your test user account is already provisioned for these services.