This chapter describes how to configure the single sign-on (SSO) adapter in order to adjust options available to end users. This chapter contains the following sections:
The single sign-on adapter service allows end users to use applications, such as a portal server provider or any other web application, to gain authenticated access to various resource servers after signing in once. The resource servers that can be accessed depend on the implementations of the SSO Adapter interface that are available in the system.
Portal Server provides SSO Adapters for the following resource servers: Address Book, Calendar, and Mail. Single Sign-On for the Instant Messaging channel is not achieved through SSO Adapter but through the use of the Sun Java System Portal Server authentication method. For information on this method, see the authMethod property in Instant Messaging Channel . The Address Book, Calendar, and Mail services are available through the products:
Sun Java System Calendar Server 5.1.1, 6.0, 6 2006Q2
Sun Java System Sun Java System Messaging Server 5.2, 6.0, 6 2006Q2
Resource servers are typically accessed by an application using a standard application programming interface (API), such as the JavaMailTM API for accessing a mail server. To create an authenticated connection using the API, the API must be provided the configuration data for the connection. The purpose of the SSO Adapter is to provide this configuration data, and the SSO Adapter service is used to store that data.
The SSO Adapter service defines two levels of data, meta-adapters and adapters. A meta-adapter defines a class of connections that are going to be made available to users. A single meta-adapter is used by many users. It defines data values that are the same for all users that use the meta-adapter including default values and identification of what values can be edited by a user. Therefore, meta-adapters are defined at a global service level.
An adapter builds upon a meta-adapter by providing data values that are specific to an organization, role, or user. An adapter references a meta-adapter, and takes data values from the meta-adapter for those properties that are not editable by the user. When an end user changes the user-editable properties of an adapter, that adapter would then apply only to that one user.
A Sun Java System Sun Java System Portal Server communication channel that uses the SSO Adapter service references either a meta-adapter or an adapter to get data values needed to obtain a connection to a resource server. If the channel references a meta-adapter, and the user saves configuration information, the reference is changed to refer to an adapter instead. The adapter then references the meta-adapter.
All administration for the SSO Adapter is done either through the Portal Server console web application or the psadmin command-line interface. The default deployment URI for Portal Server console is /psconsole. The default location for the psadmin CLI is /opt/SUNWportal/bin for Solaris.
A meta-adapter defines a class of connections that are going to be made available to users. A single meta-adapter is used by many users.
You can perform the following tasks using meta-adapters:
Select the SSO Adapter tab.
From List of Meta-Adapters click New Meta—Adapter to launch the wizard.
Follow the instructions and then click OK to create the specified Meta-Adapter.
psadmin create-ssoadapter-template
The only list of adapters allowed by the CLI is by DN.
An adapter builds upon a meta-adapter by providing data values that are specific to an organization, role, or user. An adapter references a meta-adapter, and takes data values from the meta-adapter for those properties that are not editable by the user. When an end user changes the user-editable properties of an adapter, that adapter would then apply only to that one user.
You can perform the following tasks using SSO Adapter configurations:
Select the SSO Adapter tab.
Select a meta-adapter under List of Meta-adapters.
Click View Adapters for Selected Meta-adapter.
Click New Adapter.
The New adapter page appears.
Provide the configuration attributes as necessary.
Click OK.
Select the SSO Adapter tab.
Click View Adapters for Locations.
From the Select DN drop-down menu, choose any DN.
The list of Adapters appears.
Select an adapter and modify the configuration attributes as necessary.
Click OK.
psadmin set-ssoadapter-property
Without logging in, end users have access to any read-only communication channels that administrators have configured. However, end users are usually prevented from editing these channels.
Select the SSO Adapter tab.
From SSO Adapter Tasks, click Edit list of users allowed to access SSO Adapters without authentication.
From User locations, click Add Users.
From Users Found table, choose users.
Click Add Selected Users.
The Anonymous Users function is available only through Portal Server management console.