Sun™ ONE Certificate Server 4.7

Single Sign-On Authentication Module and Identity Server 6.0

This document provides instructions for configuring the Certificate Server Single Sign-On (SSO) Authentication module to work with Identity Server 6.0.

---

Overview

Enabling this feature is a three-part procedure. Part 1 is described in detail in this document. For details on Parts 2 and 3, please see the Identity Server 6.0 documentation when it becomes available.

1. Create an instance of SSOBasedAuthentication in CMS.

2. In Identity Server, configure the Security service to work in non-SSL Certificate Server enrollment.

3. In Identity Server, configure the Security service to work in non-SSL Certificate Server enrollment.

---

Before You Begin

• Certificate Server 4.7 must be running and a Certificate Administrator must already be configured.

• Identity Server 6.0 must be installed and running.

---

Create an instance of SSOBasedAuthentication in CMS.

1. In the Certificate Server window, click Configuration>Authentication>Add.

2. In the Select Authentication Plug-in Implementation window, select SSOBasedAuthentication, and then click Next.

3. In the Authentication Instance Editor, provide the following information:

   com.iplanet.am.naming.url. This is the Universal Resource Identifier (URI) for the Identity Server Naming Service. Type a URL to be used in place of the default URI. Use the following form:

   http://Identity_Server_root:portNumber/amserver/namingservice

   password. Type the Shared Secret used by the Identity Server.

   com.iplanet.am.cookie.name. Type the Cookie property used by Identity Server. The default is iplanetDirectoryPro.

   com.iplanet.am.pcookie.name. Type the PCookie property used by Identity Server. The default is DProPcookie.

   com.iplanet.am.services.deploymentDescriptor. Type the Deployment Descriptor property used by Identity Server. The default value is amserver.

4. Click OK.

Last Updated August 09, 2002