Sun Java System Portal Server 7.1 Configuration Guide

Web Container Facts and Considerations

In terms of configuring the mail provider for HTTPS for Sun Java System Messaging Server, the steps regarding the web container differ depending upon which web container you are using: Sun Java System Web Server, Sun Java System Application Server, BEA WebLogic Server, or IBM WebSphere Application Server. Regardless of which web container you use, you need administrative rights to it.

You should refer to the web container documentation for information on initializing a trust database, adding certificates, and restarting the web container. For more information on these tasks and other security-related issues concerning the Sun Java System web containers, see Sun Java System Application Server Administrator’s Guide to Security or Sun Java System Sun Java System Web Server, Enterprise Edition Administrator’s Guide.

ProcedureTo Configure the Mail Provider to Work with an HTTPS Enabled Sun Java System Messaging Server

  1. Initialize the trust database for the web container running Sun Java System Portal Server. For more information, refer to the proper documentation as discussed in the preceding paragraph.

  2. Install the SSL certificate for the Trusted Certificate Authority (TCA) if it is not already installed.

  3. Restart the web container. Even though restarting is not mandatory, this practice is a good one.

  4. Add a new SSO Adapter template specifically for HTTPS. The name of the template used in this example is SUN-ONE-MAIL-SSL, which is descriptive since the security protocol, SSL, is included in the name.


    Note –

    You can configure an SSO Adapter template and related SSO Adapter configurations in many ways. The steps presented subsequently explain a typical configuration. They describe how to create a new template and a new configuration since this is a safer practice than simply editing existing templates and configurations.

    If you are comfortable with the editing option, then proceed in that manner. If you change the name of the SSO Adapter template and SSO Adapter configuration as part of the edits you make, you also need to change the SSO Adapter name by editing the properties of the Mail channel.

    The two items you would need to edit in the SSO Adapter template or SSO Adapter configuration are:

    • clientProtocol

    • clientPort

    In creating a new SSO Adapter Template for this example, the clientProtocol attribute is set as a default attribute. Therefore, it appears in an SSO Adapter template not in an SSO Adapter configuration. The clientProtocol attribute must be changed from http to https. The edited template fragment for this attribute appears as follows:

    clientProtocol=https

    For this example, the clientPort attribute is set as a merge attribute. Therefore, it appears in an SSO Adapter configuration (see Web Container Facts and Considerations ). If the clientPort attribute were set as a default attribute, it would appear in an SSO Adapter template. The client port should be changed to a port reserved exclusively for HTTPS. Here port 443 is used since the HTTPS protocol uses this port number as the default. The edited template fragment for this attribute appears as follows:

    &clientPort=443


    1. From an Internet browser, log into the Sun Java System Portal Server administration console at http:// hostname:port /psconsole, for example http://psserver.company22.example.com:80/psconsole

    2. Click the Service Configuration tab to display the list of configurable services in the navigation pane.

    3. Click the arrow next to SSO Adapter to bring up the SSO Adapter page in the data pane.

    4. Type a template name and select an existing template from the menu.

    5. Click Next.

    6. The Template Properties page appears.

    7. Modify the properties as needed.

      Web Container Facts and Considerations is a typical configuration which has been provided for your reference. The template you enter probably has different information. For example, you probably enter a different value for the configName property type unless you want to use the name SUN-ONE-MAIL-SSL . Furthermore, the attributes you set as default and merge probably differ from this example, depending upon the needs of your site.

    8. When done, click Save.


      default|imap:///?configName=SUN-ONE-MAIL-SSL &encoded=password 
      &default=protocol &default= clientProtocol &default=type &default=subType
      &default=enableProxyAuth &default=proxyAdminUid &default=proxyAdminPassword
      &default=ssoClassName &merge=host &merge=port &merge=uid &merge=password 
      &merge=smtpServer &merge=clientPort &clientProtocol=https &enableProxyAuth=false
      &proxyAdminUid=[PROXY-ADMIN-UID] &proxyAdminPassword=[PROXY-ADMIN_PASSWORD
      &type=MAIL-TYPE &subType=sun-one &	ssoClassName=
      com.sun.ssoadapter.impl.JavaMailSSOAdapter 
      &default=enablePerRequestConnection &enablePerRequestConnection=false
      
                                 

      If more than one string that begins with the IMAP protocol exists, this is acceptable.

  5. Add a new SSO Adapter configuration specifically for HTTPS.

    The name of the configuration used in this example is sunOneMailSSl, because it is similar to the name used for the respective SSO Adapter template.


    Note –

    See the Note from the preceding step, Web Container Facts and Considerations.


    1. From an Internet browser, log on to the Sun Java System Portal Server administration console at http:// hostname:port /psconsole, for example http://psserver.company22.example.com:80/psconsole

    2. Click the Identity Management tab to display the View drop down list in the navigation pane.

    3. Click Services in the View drop down list.

    4. Scroll down the navigation pane to the Single Sign-on Adapter configuration heading and click the arrow next to SSO Adapter to bring up the SSO Adapter page in the data pane.

    5. Click in the blank configuration description field—which is just above the Add and Remove buttons.

    6. Click New under SSO Adapter Configuration to add an SSO adapter configuration.

    7. The New Configuration page appears.

    8. Type a configuration name and select an SSO Adapter template from the menu.

    9. Click Next.

    10. The Configuration Properties page appears.

    11. Modify the properties as needed.

    12. When done, click Save.

  6. Add a new Mail channel to Portal Desktop.

    Web Container Facts and Considerations and Web Container Facts and Considerations explained how to create a new SSO Adapter template and SSO Adapter configuration to create a new channel. In this step you make the channel available to end users.

    Choose a descriptive name for the new channel. The example name chosen here is SunOneMailSSLChannel.

    1. From an Internet browser, log on to the Sun Java System Portal Server administration console at http:// hostname:port /psconsole, for example http://psserver.company22.example.com:80/psconsole

    2. Click the Identity Management tab to display the View drop down list in the navigation pane.

    3. Select Services in the View drop down list to display the list of configurable services.

    4. Under the Sun Java System Portal Server Configuration heading, click the arrow next to Portal Desktop to bring up the Portal Desktop page in the data pane

    5. Scroll as needed and click the Manage Channels and Containers link.

    6. Scroll down to the Channels heading and click New.

    7. In the Channel Name field, type your site’s name for the new channel. For example, SunJavaMailSSLChannel.

    8. In the Provider drop down menu, select MailProvider.

    9. Click OK, which returns you to the Channel and Container Management Web page where the channel you just created now exists.

    10. Scroll down to the Channels heading and click Edit Properties next to the name of the channel you just created, which for this example is SunOneMailSSLChannel.

    11. Scroll down to the title field, select and delete any words that currently exist, for example mail, and type a provider title. A possible name is SSL Mail Account.

    12. In the description field, select and delete any words that currently exist, for example mail, and type a provider description. The same example is used here for description as for the title in the preceding substep: SSL Mail Account.

    13. Scroll down the page; select and delete any words that currently exist in the SSO Adapter field, for example sunOneMail ; and type the same SSO Adapter configuration name used in Web Container Facts and Considerations , which for this example is sunOneMailSSL.

    14. Scroll down and click Save.

    15. Scroll back up the page to click the word top, which is the first item following the words Container Path.

    16. Scroll down to the Container Channels heading and click the link for the container that you want to add the new channel to. For example, MyFrontPageTabPanelContainer. Do not click the accompanying Edit Properties link.

    17. Scroll down to the Channel Management heading, scroll as needed in the Ready For Use frame, and click the name of your newly created channel to select it.

      Remember, for this example the channel name is SunOneMailSSLChannel.

    18. Add the channel to the Available to End Users on the Content Page list or to the Visible on the Portal Desktop list.

      Click the Add button above the list for which you want to add the channel.

    19. Scroll back up the page and click Save under the Channel Management heading.

      You should now be able to log in and use an HTTPS enabled messaging server.