This chapter provides information on the communication channels for Sun Java System Portal Server, starting with general descriptive information, moving to an explanation of the state of the communication channels after installation but before configuration, and finally leading into a description of various steps for configuring the communication channels according to a site’s needs.
The information provided on configuration makes up the bulk of this chapter and includes administrator and end-user configuration. End users can edit the configuration of each channel directly from the Portal Desktop by clicking the edit button accessible in each channel. This gives end users access to an edit page (or edit pages) that allows editing of specific server configuration information and that allows editing of specific features, such as the number of address book entries visible in the Address Book channel, visible to the end user in the channel.
Administrators can limit or extend end users’ editing options. Administrators can pre-configure channels to work without the need for end-user server configuration. For more information, see Administrator Proxy Authentication: Eliminating End-User Credential Configuration.
Since administrators can design the edit page for each channel, they can select which specific features end users can edit. For more information, see Application Preference Editing: Configuring Communication Channel Edit Pages.
If a site has more than one instance of a particular application available, administrators can allow end users to configure a second channel on their Portal Desktops. An example of this would be two or more instances of a mail application. For more information, see Enabling End Users to Set Up Multiple Instances of a Communication Channel Type.
This chapter includes the following sections:
The Sun Java System Portal Server product offers four communication channels that are accessible by end users directly in Portal Desktop. These channels allow end users access to corresponding applications, such as a mail application, to enable end users to organize, schedule, and communicate more effectively and efficiently.
The four communication channels are:
The Address Book channel displays address book entries for end users to view. To access the address book in order to create and edit address book entries, first click Launch Address Book.
The Calendar channel displays calendar events and tasks for end users to view. To access the calendar application in order to create new tasks and events, first click Launch Calendar.
The Instant Messaging Channel displays the presence status of other users with access to Sun JavaTM System Instant Messenger. These contacts are from a list end users have created within the Instant Messenger application. Initiate a chat from the channel by clicking a presence status icon, which is one method of invoking Instant Messenger. To get presence updates directly from the channel, reload Portal Desktop. To receive presence updates as they occur, view contacts’ presence status from Instant Messenger by invoking the application; therefore, click Instant Messenger.
The Mail channel displays mail messages sent to end users for them to view. To access the mail application in order to read and compose messages, click Launch Mail.
The Sun Java System Portal Server software supports the following resource server platforms for the Communication Channels:
Sun Java System Messaging Server 5.2, 6.0, 6 2006Q4
Sun Java System Calendar Server 5.1.1, 6.0, 6 2006Q4
Sun Java System Instant Messaging Server 6.1, 6 2006Q2
The Sun Java System Portal Server installer performs several tasks involving the communication channels. General communication channel configuration tasks are also handled by the installer. More detailed configuration is then required by administrators and end users depending up the needs of the site and of the individuals.
The Sun Java System Portal Server Installer:
Installs the following packages, SUNWpsso, SUNWpsap, SUNWpsmp , SUNWpscp, and SUNWiimps which are deployed to the default Sun Java System Portal Server instance. Therefore, the installer does not install the communication channels on all of the Sun Java System Portal Server instances. For information on multi-server deployments, see Multiple Instance Deployments.
Creates the channels, Address Book, Calendar, Instant Messaging, and Mail. The installer places channels for Sun Java System servers into the My Front Page Tab panel container for the sample organization. Therefore, the communication channels are installed only when the sample portal is installed. Microsoft Exchange Server and IBM Lotus Notes server are not automatically placed in a container. An administrator would need to add these channels to a container, if desired.
The default configurations for the Calendar and Mail channels work after only basic configuration by end users; therefore, they do not require further configuration by administrators. The Address Book and Instant Messaging channels require further configuration by both administrators and end users.
Creates and configures the single sign-on (SSO) Adapter service which enables single sign-on with the Sun Java System Calendar Server and Sun Java System Messaging Server.
If your Sun Java System Portal Server deployment involves multiple instances, you must manually deploy the communication channels to each additional instance of Sun Java System Portal Server and restart each instance. To deploy, type:
portal-server-base/SUNWportal/bin/deploy redeploy --instance instance-name --deploy_admin_password deploy-admin-password
where:
instance-name is the name for that particular non-default instance
deploy-admin-password is the administrator password for the web container. The web container administrator password is required only when the web container is Sun Java System Application Server or BEA WebLogic Server. If you include the password when using Sun Java System Web Server or IBM WebSphere Application Server, the password is ignored.
Multiple Instance Deployments lists the commands for manually deploying communication channels to two non-default Sun Java System Portal Server instances and for restarting those instances, where myinstance1 and myinstance2 are non-default Sun Java System Portal Server instance names and Admin is the web container's administrator password.
portalServer-base/SUNWportal/bin/deploy redeploy --instance myinstance1 -deploy_admin_password AdminportalServer-base/SUNWportal/bin/deploy redeploy -instance myinstance2 --deploy_admin_password Admin
The following are the high-level tasks involved in setting up the communication channels. Not all tasks are applicable to all sites. You must determine whether your site’s business requirements make the task necessary.
Application Preference Editing: Configuring Communication Channel Edit Pages
Enabling End Users to Set Up Multiple Instances of a Communication Channel Type
Administrator Proxy Authentication: Eliminating End-User Credential Configuration
Configuring a Read-Only Communication Channel for the Authentication-Less Portal Desktop
Configuring the Mail Provider to Work with an HTTPS Enabled Sun Java System Messaging Server
If you already have Sun Java System Messaging Server and Sun Java System Calendar Server installed either on the same server or on different servers, specify the respective URL when you create a channel.
Both Messaging Server and Calendar Server verify the Internet Protocol (IP) address of the host where the browser requests a login session ID. If the IP address differs from the host IP address where the session ID is issued, Messaging Server and Calendar Server reject the session with a session timeout message.
You must change the value of the parameter that enables and disables an IP security check to allow the user to access mail through Portal Server. The parameter that specifies whether to restrict session access to the login IP address, is:
service.http.ipsecurity
To disable ipsecurity for Messaging Server, perform the following steps in the command line on the machine running the mail server.
Log in to the Messaging Server.
Type the following command:
MessagingServer-base /sbin/server5/msg-messaging-server-hostname /configutil -o service.http.ipsecurity -v no
Change to root using the su command.
Stop Messaging Server using this command
MessagingServer-base /sbin/server5/msg-messaging-server-hostname /stop-msg
Start Messaging Server using this command:
MessagingServer-base /sbin/server5/msg-messaging-server-hostname /start-msg
To disable ipsecurity for Calendar Server, perform the following steps in the command line on the machine running the Calendar Server:
Log in to the Calendar Server.
Assuming calendar server is installed in /opt/SUNWics5, type the following:
cd /opt/SUNWics5/cal/config/
Edit the ics.conf file and set ipsecurity to no. For example:
service.http.ipsecurity = "no"
Assuming calendar server is installed in /opt/SUNWics5, restart Calendar Server by typing:
/opt/SUNWics5/cal/sbin/stop-cal
/opt/SUNWics5/cal/sbin/start-cal
Refresh or re-authenticate to the Portal Desktop, and verify that the “Launch Calendar” link works.
After the communication channels have been installed, the Instant Messaging and Address Book channels require more detailed configuration as explained subsequently. The Calendar and Mail channels have sample or default settings that can work without further configuration by an administrator.
If site-specific issues exist for any of the communication channels, including the Calendar and Mail channels, configuration by an administrator might be necessary before the channels work according to the needs of your site.
The following sections provide important information relating to the configuration of the communication channels.
Unless you configure the communication channels with proxy authentication, end users must go to each channel’s edit page by clicking the edit button in the respective communication channel to further configure the channel. For more information, see Administrator Proxy Authentication: Eliminating End-User Credential Configuration .
If a client port number is entered incorrectly for any of the communication channels, end users do not receive an error message. The error manifests itself by not displaying the launch link for the respective channel, a result that does not help end users to identify the root cause of the problem.
Both administrators and end users can enter an incorrect client port number, but since end users can edit only the client port number for the Calendar and Mail channels, those are the only channels where this problem can occur.
Various situations can cause end users not to see a communication channel and not to see an error message explaining the problem. The cause might be a misconfigured template or configuration name, which doesn’t allow the template or configuration to be found. A communication channel does not display when any of the following conditions is true:
The SSOAdapter template is not found.
The SSO Adapter configuration is not found.
The display.template file is not found.
This applies to the Mail Channel only. If the Mail channel is connected to a more secure HTTP- enabled messaging server instead of the basic HTTP-enabled messaging server, you need to make some security-related adjustments for the Mail channel to work as intended. For more information, see Configuring the Mail Provider to Work with an HTTPS Enabled Sun Java System Messaging Server.
Sun Java System Instant Messengeris installed during the installation of Sun Java System Portal Server if the Enable IM in Sun Java System Portal Server option is selected.
While the Instant Messaging Portal channel is designed to work right out of the box, other configuration might be necessary depending upon your site’s needs. Therefore, after following the steps in Instant Messaging Channel see Additional Configuration for the Instant Messaging Channel to determine if any of that section’s subsections apply to your installation.
The Instant Messaging channel is based on a Sun Java System Portal Server content provider called IMProvider. The IMProvider is an extension of the JSPProvider in the Portal Server. As an extension of the JSPProvider, IMProvider uses the JSP files to generate the content page and the edit page for the Instant Messaging channel. The JSP files are also used to generate the pages used to launch the Instant Messenger. The IMProvider also defines an instant messaging-specific tag library and this tag library is used by the JSP files. The JSP files and the tag library use the channel properties that are defined by the IMProvider.
For more information on Sun Java SystemInstant Messenger, see Instant Messaging Administrator’s Guide.
Administrators and end users can access information about Sun Java System Instant Messengerby visiting the URL used in the codebase property for the Instant Messaging Channel configuration.
From an Internet browser, log into the Sun Java System Portal Server administration console at http://hostname:port /psconsole, for example http://psserver.company22.example.com:80/psconsole
Click the Identity Management tab to display the View drop down list in the navigation pane (the lower left frame).
Select Services in the View drop down list to display the list of configurable services.
Under the Sun Java System Portal Server Configuration heading, click the arrow next to Portal Desktop to bring up the Portal Desktop page in the data pane (the lower right frame).
Click the Manage Channels and Containers.
Scroll down to the Channels heading and click Edit Properties next to IMChannel to display the Instant Messenger service panel, which includes Basic Properties.
The following is a partial list of the properties displayed in the Edit IMChannel page with example values provided for each property.
Property |
Example Value |
---|---|
uid |
|
imapplet.example.com |
|
My Contacts |
|
imserver.example.com |
|
muxport |
49909 |
IM |
|
password |
(not applicable when idsvr is used for authmethod ) |
port |
49999 |
server |
imserver.example.com |
username |
(not applicable when idsvr is used for authmethod ) |
In the text field next to each property you want to input, enter the desired value. The following describes the properties and the type of information to enter as a value.
Scroll as needed and click Save.
The following sections provide information for additional configuration of the Instant Messaging Channel.
When a Sun Java System Portal Server instance serves multiple organizations but uses a single server additional steps must be taken.
Portal Server and Sun Java System Portal Server allow administrators to set up users with the same User ID (uid) across an organization. For example, an organization could have two suborganizations that each have an end user named enduser22. This creates a conflict when these two end users attempt to access their respective accounts through the channel.
To avoid this potential conflict, one set of JSP launch pages per organization must be created to contain a pass-in-the-parameter domain set to the value of the organization’s attribute sunPreferredDomain. The default launch pages are:
/etc/opt/SUNWportal/desktop/default/IMProvider/jnlpLaunch.jsp
/etc/opt/SUNWportal/desktop/default/IMProvider/pluginLaunch.jsp
By default Instant Messenger links are added to the Application channel, which provides the links to launch various applications, in the default organization. The Instant Messenger links allows end users to launch the Instant Messenger from the Application channel. You need to add Instant Messenger links manually if:
You want to add these links for another organization.
You do not have the sample portal installed.
You are using the AppProvider for another channel.
The contents for the Instant Messenger links are in the file PortalServer-base /SUNWportal/samples/InstantMessaging/dp-IMChannel.xml. The dp-IMChannel.xml file also contains the sample IMChannel .
Edit a copy of the file dp-IMChannel.xml to add the Instant Messenger links information to the display profile for another organization and install the file using the psadmin command as follows:
Change to the following directory:
PortalServer-base /SUNWportal/bin/
Create a copy of the dp-IMChannel.xml file as follows:.
cp dp-IMChannel.xml newfile.xml
To modify the Application channel, type the following psadmin command:
psadmin modify -u ADMIN_DN -w PASSPHRASE -d ORG_DN -m newfile.xml |
where:
ADMIN_DN - Replace with LDAP administrator DN. For example: psadmin
PASSPHRASE - Replace with the administrator’s password.
ORG_DN - Replace with the DN of the Organization where the links are to be added. For example: o=example.com, o=isp
The URL for launching the Instant Messenger using Java Plug-in is a reference to the Instant Messaging channel with a launch argument. For example:
/portal/dt?action=content&provider=IMChannel&launch=plugin&username=sam
The URL for launching the Instant Messenger applet with Java Web Start is:
/portal/imlaunch?channel=IMChannel&launch=jnlp&username=sam
Netlet facilitates secure communication between the Instant Messenger and the server.
The Instant Messaging channel automatically uses the secured mode when accessed through the Secure Remote Access gateway. The Instant Messaging channel does not use the secured mode when it is not accessed through the gateway.
To enable the secure mode, you need to add the Netlet Rule.
To add the Netlet Rule:
From an Internet browser, log into the Portal Server administration console at http://hostname:port /psconsole, for example http://psserver.company22.example.com:80/psconsole
Click the Identity Management tab to display the View drop down list in the navigation pane.
Select Services in the View drop down list to display the list of configurable services.
Scroll down to SRA Configuration and select Netlet.
Click the arrow icon beside Netlet. The Netlet Rules are displayed in the right panel.
Click Add under Netlet Rules.
Type IM in the Rule Name field.
The Netlet rule name can be different. You can configure the Instant Messaging channel to use a different Netlet rule.
Remove the default value in the URL field and leave the field blank.
Select the Download Applet check box and enter the following string:
$IM_DOWNLOAD_PORT:$IM_HOST:$IM_PORT
For example:
49916:company22.example.com:80
where:
IM_DOWNLOAD_PORT. The port on which Instant Messaging resources are downloaded using Netlet.
IM_HOST. The host name of the web container serving Instant Messenger. For example: company22.example.com
IM_PORT. The port number of the web container serving the Instant Messenger. For example, 80.
Select the default value in the Port-Host-Port List and click Remove.
In the Client Port field, Enter the local host port on which Netlet runs. For example: 49916.
Enter the Instant Messaging Multiplexor host name in the Target Host(s) field.
Enter the Instant Messaging Multiplexor port in the Target Port(s) field.
The values for Netlet Port, Instant Messaging Host, and Instant Messaging Port should be the same as the Instant Messaging service attributes mentioned in the Instant Messenger service panel as discussed in the final steps of Instant Messaging Channel.
Click Add to List.
You can remove the ability for users to use the Instant Messaging channel by removing the channel from the user\qs display profile. For example, to remove the sample IMChannel that is automatically installed, do the following:
From an Internet browser, log into the Portal Server administration console at http://hostname:port /psconsole, for example http://psserver.company22.example.com:80/psconsole
Click the Identity Management tab to display the View drop down list in the navigation pane.
Select Services in the View drop down list to display the list of configurable services.
Click the arrow icon next to the Portal Desktop service.
Click the Manage Channels and Containers Link.
Select the check box to the left of the IMChannel channel.
For the Address Book channel to work, you need to configure the defaults for the Address Book service. Because the AddressBookProvider is not pre-configured, channels the user creates based on the AddressBookProvider do not appear on the user’s Desktop or on the Content link unless the AddressBookProvider has been configured.
Creating channels based on the other communications channels in the pre-populated, user-defined channels set may result in the created channel displaying the message: Please specify a valid configuration. Although the other Communication Channels are defined to a sufficient extent to appear on the user’s Desktop, they require additional administrative tasks to ascertain which backend service to use.
Additionally, the communication channels require the desktop user to specify back-end credentials (such as username and password) after the administrative tasks are completed. The desktop user can specify these values in the channel by using the channel’s Edit button.
The userDefinedChannels set might need to be administered on a per-installation basis, because this set includes references to back-end services that might not apply to your particular setup. For example, all Lotus Providers in this set refer to interaction with Lotus back-end services for the communication channels. These do not apply if no one in the Portal Server user base uses Lotus backend services.
This section provides information about single sign-on (SSO) Adapter templates. These templates globally affect the display of the communication channels on users’ portal Desktops. To alter the display profile of users for the communication channels, you need to edit or create SSO Adapter templates and configurations.
From an Internet browser, log into the Portal Server administration console at http://hostname:port /psconsole, for example http://psserver.company22.example.com:80/psconsole
Click the Service Configuration tab to display the list of configurable services in the navigation pane.
Scroll down the navigation pane to the Single Sign-on Adapter Configuration heading and click the arrow next to the item SSO Adapter, which brings up the SSO Adapter page in the data pane.
Click New under SSO Adapter Configuration to add an SSO adapter configuration.
The New Configuration page appears.
Type a configuration name and select SUN-ONE-ADDRESS-BOOK from the menu.
Click Next.
The Configuration Properties page appears.
Modify the properties as needed.
Scroll down the SSO Adapter page and click Save.
When done, click Save.
Click the Edit button of each channel to configure the server settings.
To configure the Mail channel settings:
Server Name. Enter the host name of the mail server. For example, mailserver.example.com.
IMAP Server Port. Enter the mail server port number.
SMTP Server Name. Enter the name of the Domain Name Server (DNS) of the outgoing mail—Simple Mail Transfer Protocol (SMTP)— server.
Client Port. Enter the port number configured for HTTP service.
User Name. Enter the mail server user name.
User Password. Enter the mail server user password.
When sending a message place a copy in Sent Folder. Check this box to store copies of your outgoing messages in the Sent folder.
Finished. Click this button to save the mail configuration.
Cancel. Click this button to close the window without saving the configuration details.
To configure Address Book channel settings:
The IMAP user ID and Password are the same as the User Name and User Password entered when configuring the mail channel settings. For details, refer to the previous bulleted item,Configuring the Address Book Service Defaults
User Name. Enter your User Name.
Password. Enter you Password.
Finished. Click this button to save the server information.
Cancel. Click this button to close the window without saving the details.
To configure the Calendar channel settings:
Server Name. Enter the calendar server host name. For example, Calserver.example.com.
Server Port. Enter the calendar server port number.
User Name. Enter the calendar server user name.
User Password. Enter the calendar server user password.
Finished. Click this button to save the calendar configuration.
Cancel. Click this button to close the window without saving the details.
To configure the Instant Messaging channel settings:
Contact List. Select the desired contact list whose contacts will be displayed in the Instant Messaging Channel.
Launch Method. Select the desired launch method: Java Plugin or Java Web Start.
Server. Enter the Sun Java System Instant Messaging Server name. For example:IMserver.example.com
Server Port. Enter the Sun Java System Instant Messaging Server port number. For example:49999
Multiplexor. Enter the Multiplexor name, which must be the same machine as the Sun Java System Instant Messenger server. For example: IMserver.example.com
Multiplexor Port. Enter the Multiplexor port number. For example:49909
User Name. (This field only appears when the authentication method is set to the Sun Java System Portal Server authentication method, idsvr) Enter the Sun Java System Instant Messenger user name.
User Password. (This field only appears when the authentication method is set to the Sun Java System Portal Server authentication method, idsvr) Enter the Sun Java System Instant Messenger user password.
Finished. Click this button to save the Sun Java System Instant Messaging Server configuration.
Cancel. Click this button to close the window without saving the details.
The Address Book, Calendar, and Mail channels each have display options that the user can set and the administrators cannot by default overwrite. After logging into the Portal Desktop, the user can change the display options for a channel by clicking the edit button in the panel for that channel. The display options are clearly marked and easily changed.
In Address Book, a display option that users can change is the Number of Entries option; in Calendar, a display option that users can change is the Display Day View option; in Mail, a display option that users can change is the Number of Headers option.
Changes made by users to the default communication channels display options take precedence. Any future changes made by administrators do not automatically take effect, and a new channel added by administrators is not automatically accessible by users.
You can configure the edit pages that end users see after they click the edit button in a communication channel’s tool bar for the Address Book, Calendar, and Mail channels. The Instant Messaging channel does not use application preference editing. For information about configuring the Instant Messaging Channel’s edit page, see Sun Java System Portal Server 7.1 Desktop Customization Guide.
For the three communication channels that allow application preference editing, you can change which options are available for end users to edit, what names and wording accompany those options, and how the options are formatted. Configuration of the communication channels edit pages can be performed in the display profile, various HTML templates, and an SSO Adapter template. You might also need to access an SSO Adapter configuration. These items together are involved in the configuration of the edit pages.
This section gives a brief explanation of application preference editing. Other chapters in this guide and the Sun Java System Portal Server 7.1 Desktop Customization Guide provide a more complete explanation of the template files and the display profile, including how they interact with each other and how you can access and edit them.
The communication channels have two collections in their display profile for creating the edit pages. They are ssoEditAttributes and dpEditAttributes.
You can edit these collections by accessing the Sun Java System Portal Server administration console. Either download the display profile to edit the XML code before uploading it back to the directory server, or edit specific properties in these collections using only the administration console.
The ssoEditAttributes collection controls the editing of the attributes contained by the SSO Adapter service, such as user name and user password. dpEditAttributes controls the editing for the display profile attributes, such as sort order and sort by, which are options that by default end users can edit.
Therefore, these collections list the attributes that can be edited and also contain information on the type of input and the header for the input string to use. For example:
<String name="uid" value="string|User Name:"/> <String name="password" value="password|User Password:"/> |
The name in the collection must match the name of the corresponding display profile SSO Adapter attribute. The value portion of the item contains two pieces of information separated by the “|” character. The first part of the value string specifies the attribute’s display type. The second part of the attribute’s value string specifies the text that is displayed next to the item.
The list below specifies how the type relates to a corresponding HTML GUI item:
string—Creates a text field where alphanumeric characters can be entered
password— Creates a password field where the input is replaced with “*”
check—Creates a checkbox
select—Creates a select box. Every select item must have a corresponding collection with a list of values and display text
For every select display type, you must have a corresponding collection that lists the value to be returned and the display value for the option. The collection name must be made up of the name value for the attribute and the text SelectOptions . For example, for the sortOrder attribute in the MailProvider, the collection name is sortOrderSelectOptions:
<Collection name="sortOrderSelectOptions" advanced="false" merge="replace" lock="false" propagate="true"> <String name="top" value="Most recent at top"/> <String name="bottom" value="Most recent at bottom"/> </Collection> |
Nine HTML templates are used to create edit pages for the communication channel providers. The templates are generic, to correspond to specific browser GUI types, and they primarily relate to specific HTML inputs in the edit pages.
The edit-start.template and the edit-end.template are exceptions. They contain most of the HTML that is used for page layout. HTML Templates for the Edit Pages contains a description of each template name and how it relates to the GUI types. Some of the templates are used to start, end and separate the attributes. These templates are available for each of the communication channels at:
/etc/opt/SUNWportal/desktop/default/ChannelName_Provider /html
For example, the templates for the Calendar channel edit pages can be accessed at:
/etc/opt/SUNWportal/desktop/default/CalendarProvider/html
Table 9–1 Templates for the Communication Channel Edit Pages
This example demonstrates how certain SSO Adapter attributes work together with their corresponding display profile attributes to give end users the ability to change the entries for specific features in a communication channel’s edit page, thereby changing how the communication channels are configured and displayed on their Portal Desktops.
The SSO Adapter template in A Display Profile Example is for a sample mail channel. The SSO Adapter template contains two merged attributes:
uid—User ID
password—User password
A merged attribute is an attribute that end users can specify. Administrators decide which attributes are merged so that end users can edit them.
default|imap:///&configName=MAIL-SERVER-TEMPLATE &encoded=password &default=protocol &default=clientProtocol &default=type &default=subType &default=ssoClassName &default=smtpServer &default=clientPort &default=host &default=port &merge=username &merge=userpassword &clientProtocol=http &type=MAIL-TYPE &subType=sun-one &ssoClassName=com.sun.ssoadapter.impl.JavaMailSSOAdapter &smtpServer=example.sun.com &clientPort=80 &host=company22.example.com &port=143 |
A Display Profile Example contains the channel’s display profile XML fragment for the channel’s ssoEditAttributes.
After you set an attribute to merge in an SSO Adapter template, you can edit that attribute in the display profile to reconfigure how the attribute is displayed to end users in an edit page and how end users can edit it.
Administrators edit the proper display profile collection to define how end users are queried for the necessary information. In this example, administrators could replace UserName with the question, What is your user name? The use of the string attribute display type before the “|” symbol is the most likely choice. However, an administrator can change this to the password type or to another type.
For this example, in the Mail channel edit page, end users see text fields titled:
End users or administrators can create multiple types of communication channels . To create multiple types of communication channels, end users need to use the Create a new channel link found on the Content page.
Administrators can create multiple channels for an organization, role, or group. After administrators have made multiple instances of a particular component available, such as a second instance of the address book component, they can allow end users to configure a second Address Book channel on their Portal Desktops.
You can create an SSO Adapter template for each new communication channel type or they can use one SSO Adapter template and create multiple SSO Adapter configurations for each channel. For more information, see the SSO Adapter documentation in .
Depending on the amount of configuration done by the administrator, the end users may not need to enter as many configuration settings. Administrators can configure these settings by using the application preference editing feature. See Application Preference Editing: Configuring Communication Channel Edit Pages.
To create two Address Book channels, you make each refer to a different SSO adapter template. You can then add both Address Book channels to the visible page you just came from. Likewise, you can create one SSO Adapter template and two SSO Adapter configurations (dynamic). The SSO Adapter template would define the server settings as user definable values (merge) and the SSO Adapter configuration would then specify those server settings.
To configure the address book for different servers where end users can configure the servers as needed:
Specify the server information as user definable, merge, in the SSO Adapter template. For more information, see .
In the channel’s display profile , specify which attributes can be edited.ssoEditAttributes collection. For more information, see Application Preference Editing: Configuring Communication Channel Edit Pages and for specific information about the display profile, see the Sun Java System Portal Server 7.1 Desktop Customization Guide.
You can enable administrator proxy authentication for the Address Book, Calendar, and Mail channels. If you extend support for proxy authentication between the Sun Java System Sun Java System Portal Server and Sun Java System Messaging Services (Sun Java System Messaging Server and Calendar Server), end users do not have to visit a channel’s edit page to enter their user name and user password credentials. An administrator’s credentials are used instead of an end-user’s credentials, and they are stored in the SSO Adapter template.
Within the template, the administrator’s User ID is stored as a value for the proxyAdminUid attribute while the administrator’s password is stored as a value for the proxyAdminPassword attribute. Every time a user launches a channel, these values are used to make a connection between a channel and its respective back-end server. A naming attribute for the user is also sent to the back-end server. For more information on naming attributes for administrator proxy authentication, see the userAttribute property in Overview of How to Configure Proxy Authentication.
Proxy authentication cannot be configured for Sun Java System Instant Messaging Server, Microsoft Exchange Server, or IBM Lotus Notes server.
Enabling administrator proxy authentication disables the end-user credential configuration for the associated Address Book, Calendar, or Mail channel. A message will be displayed in the channel.
Portal Server and Sun Java System Portal Server allow administrators to set up users with the same User ID across an organization. For example, the organization could have two suborganizations that each have an end user named enduser22 .
If administrator proxy authentication is enabled for a Sun Java System communication channel, and the end user naming attribute is set to the default, uid, both users could potentially access the same back-end user account.
Administrator proxy authentication enables administrators to change the user naming attribute in the SSO Adapter template. For example, you can change the attribute to an attribute that is unique for each employee, such as employee number, to ensure that portal end users access the correct back-end server account.
To enable administrator proxy authentication for the Address Book, Calendar, and Mail channels, you use the Sun Java System Portal Server administration console to access the SSO Adapter templates. Then you need to access the Sun Java System communication servers. Specifically, you need to:
Edit SSO Adapter Templates.
In the SSO Adapter Templates, you edit the strings that apply to the Address Book, Calendar, and Mail channels. One of the distinguishing factors of the strings is the protocol used:
The Address Book channel uses the LDAP protocol
The Calendar channel uses the HTTP protocol
The Mail channel uses the IMAP or POP protocol.
Access Sun Java System Sun Java System Messaging Server to enable proxy authentication for the Address Book and Mail channels.
Access Sun Java System Calendar Server to enable proxy authentication for the Calendar channel.
From an Internet browser, log into the Sun Java System Portal Server administration console at http://hostname:port /psconsole, for example http://psserver.company22.example.com:80/psconsole
Click the Service Configuration tab to display the list of configurable services in the navigation pane.
Select SSO Adapter to display the page for configuring the SSO Adapter in the data pane.
Click the string for the channel that you want to enable with administrator proxy authentication.
Click in the configuration description field.
Delete and key in the necessary information for administrator proxy authentication:
Overview of How to Configure Proxy Authentication describes the properties that need to be edited in the SSO Adapter Template to enable support for administrator proxy authentication.
Property |
Value |
Description |
---|---|---|
true | false |
The value associated with this attribute is a flag to indicate if proxy authentication is enabled or not. If true, the SSO Adapter and Application Adapter perform proxy authentication. For example, &enableProxyAuth=true |
|
(configurable) |
The value associated with this attribute is the administrator’s user name. For example, &proxyAdminUid=ServiceAdmin |
|
(configurable) |
The value associated with this attribute is the administrator’s user password. For example, &proxyAdminPassword=mailpwd |
|
(configurable) |
The value associated with this attribute is the user’s naming attribute. This value is mapped to an attribute on the user’s record (the user’s entry in the directory). A typical record has several attributes, including the User ID (uid) and employee number. By default, the naming attribute is set to uid. For example, By editing the SSO Adapter template, you can map the naming attribute to another attribute, such as employee number. |
|
The preceding four properties appear in the SSO Adapter template string again. You can set the configuration of the properties to default or merge. In the following examples, they are all set to default. | ||
Property |
Value |
Example |
default |
&default=enableProxyAuth |
|
default |
&default=proxyAdminUid |
|
default |
&default=proxyAdminPassword |
|
default |
&default=userAttribute |
Log in to the Sun Java System Messaging Server software host and become super user.
Type the following code:
MessagingServer-base /msg-instance-name /configutil -o service.http.allowadminproxy -v yes
Restart the Sun Java System Messaging Server.
See the Sun Java System Messaging Server Administrator’s Guide for detailed instructions on running configutil and restarting the server.
Log in to the Sun Java System Calendar Server software host and become super user.
Open the following file with the editor of your choice:
CalendarServer-base/cal/bin/config/ics.conf
Set the following attribute as shown:
Restart the calendar server.
See the Calendar Server Administrator’s Guide for detailed instructions on restarting the server.
The authentication-less (authless anonymous) Portal Desktop supports read-only communication channels.
You can configure read-only access to Address Book, Calendar, and Mail channels for the authless anonymous Portal Desktop. End users can access the information in a read-only communication channel by simply accessing the Portal Desktop; therefore, by entering the following URL in an Internet browser:
http://hostname.domain:port/portal/dt, for example http://psserver.company22.example.com:80/portal/dt
Without logging in, end users an access any read-only communication channels that administrators have configured. End users are usually prevented from editing these channels, however. For more information about the authentication-less Portal Desktop, including enabling anonymous log in, see the Sun Java System Portal Server 7.1 Desktop Customization Guide.
The calendar channel is the communications channel most commonly shared by multiple users. The following steps are for configuring a read-only calendar channel. In this example, the calendar being shared belongs to user library. The public read-only calendar is titled Library Schedule.
The following calendar set up demonstrates one possible approach. For more information about setting up users for the Sun Java System Calendar Server, see the create userid option of the csuser command in the Sun Java System Calendar Server Administrator’s Guide.
Create a calendar user by issuing a command such as the following:
csuser -g Library -s Admin -y libadmin -l en -m libadmin@library.com -c librarySchedule create libadmin
Where user libadmin has a given name of Library, surname of Admin, password of libadmin, preferred language of en (English), email address of libadmin@library.com , and calendar ID of librarySchedule.
Set the access permissions to world readable for:
libadmin:librarySchedule
You can set the access permissions using the cscal utility or the end user can do this using Calendar Express.
Configure the settings for the end user—which in this case is authless anonymous—and create a calendar SSO adapter configuration.
From an Internet browser, log on to the Sun Java System Portal Server administration console at http:// hostname:port /psconsole, for example http://psserver.company22.example.com:80/psconsole
Click the Identity Management tab to display the View drop down list in the navigation pane.
Click Users in the View drop down list.
Scroll down as needed to the authless anonymous user and click the accompanying arrow to bring up the authlessanonymous page in the data pane.
Now you can add the SSO Adapter service to the authless anonymous user.
Click Services in the View drop down list within the authlessanonymous page to display the available services.
Click Add.
Click the checkbox for SSO Adapter.
Click Save.
Create a calendar SSO Adapter configuration for the authless anonymous user.
If not already logged in, log into the Sun Java System Portal Server administration console.
Click the Identity Management tab to display the View drop down list in the navigation pane.
Select Services in the View drop down list to display the list of configurable services.
Click the arrow next to SSO Adapter to display the SSO Adapter page in the data pane.
In the blank configuration description field, type in a group-oriented SSO Adapter configuration string (with a User ID and password). A typical configuration has been provided subsequently for your reference. The attributes available in this string can vary depending upon how you configured the Sun Java System Portal Server SSO Adapter template. By default the SSO Adapter template expects the user to specify the following information:
host
port
client port
uid
password
If the configuration description field is not blank when you get to it, select all the text in the field and delete it before entering a string in the following format:
default|undef://? uid:password@host:port /?configName=configuration-name &configDesc=configuration-description
For example:
default|undef://?libadmin:libadmin@example.com:3080/?configName= sunOneCalendar_librarySchedule&configDesc=SUN-ONE-CALENDAR
Click Add.
Click Save.
Create a new calendar channel for the authless anonymous user that is based on the newly created SSO Adapter configuration.
Log in to the Sun Java System Portal Server administration console.
Click the Identity Management tab to display the View drop down list in the navigation pane.
Click Users in the View drop down list.
Scroll down to the authless anonymous user, and click the accompanying arrow.
The authlessanonymous page appears in the data pane.
Click Portal Desktop in the View drop down list.
The Edit link is displayed.
Click the Edit link.
Click the Channel and Container Management link.
Scroll down to the Channels section and click New.
Enter a name in the Channel Name field. For example:
LibraryScheduleChannel
Choose the correct provider from the provider drop down list. For this example the correct provider is Calendar Provider.
Click OK, which returns you to the Channel and Container Management page.
Now you can edit the channel properties.
Scroll down to the Channels section and click Edit Properties next to your newly created channel. For example:
LibraryScheduleChannel
Edit fields as appropriate. For example:
Scroll as needed and click Save.
Add the new calendar channel to Portal Desktop of the Authless Anonymous user:
Near the top of the page, click Top, which returns you to the Channel and Container Management page.
Scroll down the Container Channels section and click the link for the container that you want to add the new channel to. For example, MyFrontPageTabPanelContainer. Do not click the accompanying Edit Properties link.
Under the Channel Management heading, click the name of the channel you just created.
For example, LibraryScheduleChannel, in the Ready For Use list.
Add the channel to the Available to End Users on the Content Page list or to the Visible on the Portal Desktop list.
Click the Add button above the list for which you want to add the channel.
Scroll back up the page to click Save under the Channel Management heading.
Besides supporting Sun Java System Messaging Server and Sun Java System Calendar Server for the communication channels, Sun Java System Portal Server also supports Microsoft Exchange Server and IBM Lotus Notes server.
Log into your Primary Domain Controller (PDC) as an administrator of the domain.
Select Start, Programs, Administrative Tools, User Manager for Domains and create an account with user name MAXHost.
Select Groups and add MAXHost to the groups, Administrators, and Domain Admins.
Ensure that MAXHost can log on locally to the MAIL_HOST, Domain Controllers, and MAX_HOST.
Set the password.
Log in to your Exchange 5.5 (MAIL_HOST) as MAXHost.
Go to Start, Programs, Microsoft Exchange, Microsoft Exchange Administrator.
For each end user, set permissions to the mailbox.
To enable the permissions tab, go to Tools, Options, Permissions, and enable Show Permissions Page for All Objects.
Double-click on the user name.
Select the permissions tab and select Add from the permissions page to add MAXHost and leave role as User.
Repeat steps 9 through 11 for each user who accesses the communication channels.
Unzip the ocxhost.zip file located in the following directory:
PortalServer-base/SUNWportal/export.
When unzipping the file, you see the following file format:
Archive: ocxhost.zip creating: ocxhost creating: ocxhost/international inflating:ocxhost/international/ocxhostEnglishResourceDll.dll inflating:ocxhost/ocxhost.exe |
Register ocxhost as follows:
To set the properties of ocxhost utility:
Configure the necessary DCOM settings for the ocxhost utility using the dcomcnfg utility. That is:
Select Start and Run.
Type dcomcnfg and select OK.
In the Distributed COM Configuration Properties dialog box:
Select Default Properties tab:
Select the Applications tab.
Double-click the ocxhost utility in the Properties dialog.
The ocxhost properties window is displayed.
Check Run Application on this Computer under the Location tab.
Set Use custom access permissions, Use custom launch permissions, and Use custom configuration permissions under the Security tab.
Select Edit for the Access, Launch, and Configuration settings and ensure that the following users are included in the Access Control List (ACL):
Select a User under the Identity tab in the ocxhost properties window.
Select Browse and locate the MAXHost.
Enter the password and confirm the password.
Select OK.
The ocxhost DCOM component is now configured and ready to communicate with the Exchange Servers.
To set up Portal Server to access Calendar data from an Exchange Server 2000 environment in a complex Windows 2000 Domain configuration, install ocxhost.exe on a dedicated System (called MAX_HOST).
Examples of a complex Domain configuration can be:
A configuration that includes an Exchange Server that is a Cluster and front-end, and a back-end Exchange Server.
A configuration in which a Windows user and Exchange Mailbox of the same end user are in different Domains.
Installing ocxhost.exe on a dedicated machine is useful for two reasons:
It allows easier troubleshooting if a user cannot access his calendar from the portal.
It allows a more restrictive security setup if a firewall exists between the Portal Server and the Windows Domain.
The following instructions assume that:
MAX_HOST
is the name of the dedicated Windows 2000 System running Outlook 2000 and where ocxhost.exe is installed.
MAIL_HOST
is the Exchange Server on which the mailboxes of the end users reside.
PORTAL
is the Java Enterprise System Portal Server 7 2005Q3
DOMAIN
is the Windows Domain with MAX_HOST and MAIL_HOST
When setting up the dedicated Windows 2000 System (MAX_HOST) note the following requirements and assumptions:
Windows 2000 Server SP3 or Windows 2000 Professional.
Microsoft Outlook 2000 with CDO enabled.
The Operating System and Outlook 2000 is installed. Assign an IP Address and bring the new Host in the same Domain as the Exchange Server.
Create a User MAXhost in the Domain.
Log into your Host (MAX_HOST) as an administrator of the domain.
Select Start, Programs, Administrative Tools, Active Directory Users and Computers and create an domain account with user name MAXHost.
Select User->Properties->Member of and add the group Administrators (local)
Ensure that MAXHost can log on locally to the MAIL_HOST and MAX_HOST.
Set the password.
Configure Outlook for MAXHost user.
Configure Microsoft Exchange Server for Address Book, Calendar, and Mail.
Log in to your Exchange 2000 Server (MAIL_HOST) as MAXHost.
If you are using an Exchange 2000 Front-End Server, log in to your front-end Server as MAXHost.
Go to Start, Programs, Microsoft Exchange, Active Directory Users and Computers.
For each end user, set permissions to the mailbox.
Select View->Advanced Features
Double-click on the user name.
Select the Exchange Advanced tab and select Mailbox Rights.
Add MAXHost and give MAXHost full access.
Repeat steps Configuring Microsoft Exchange Server or IBM Lotus Notes through Configuring Microsoft Exchange Server or IBM Lotus Notes for each user who access the communication channels.
Install ocxhost.exe on the MAX_HOST.
Log in to MAX_HOST as domain user MAXhost.
Unzip the ocxhost.zip file located in the following directory:
PortalServer-base/SUNWportal/export .
When unzipping the file, you see the following file format:
Register ocxhost as follows:
Configure the necessary DCOM settings for the ocxhost utility using the dcomcnfg utility.
Select Start and Run.
Type dcomcnfg and select OK.
In the Distributed COM Configuration Properties dialog box select Default Properties tab and use the following settings:
Select the Applications tab.
Double-click the ocxhost utility in the Properties dialog.
The ocxhost properties window is displayed.
Check Run Application on this Computer under the Location tab.
Set Use custom access permissions, Use custom launch permissions and Use custom configuration permissions under the Security tab.
Select Edit for the Access, Launch, and Configuration settings and ensure that the following users are included in the Access Control List (ACL):
Select a User under the Identity tab in the ocxhost properties window.
Select Browse and locate the MAXHost.
Enter the password and confirm the password.
Select OK.
The ocxhost DCOM component is now configured and ready to communicate with the Exchange Servers. It is launched by RPC call when the first access from the Portal Server occurs.
Change MAXHost users group.
For security reasons you may want to remove the domain user from the Administrators group:
Log out and log in again as Administrator on MAX_HOST.
Remove the user MAXHost from local Administrators group, (and assign it to Domain User Group).
Do not use a firewall should between the Portal and the MAX_HOST.
(RPC calls using dynamic ports are used for the communication from Portal Server to ocxhost.exe.)
Do not use a firewall between the MAX_HOST and the MAIL_HOST.
To set up Portal Server to access Calendar data from an Exchange Server 2003 environment in a complex Windows 2000 Domain configuration, install ocxhost.exe on a dedicated System (called MAX_HOST).
Examples of a complex Domain configuration can be:
A configuration that includes an Exchange Server that is a Cluster and front-end, and a back-end Exchange Server.
A configuration in which a Windows user and Exchange Mailbox of the same end user are in different Domains.
Installing ocxhost.exe on a dedicated machine is useful for two reasons:
It allows easier troubleshooting if a user cannot access his calendar from the portal.
It allows a more restrictive security setup if a firewall exists between the Portal Server and the Windows Domain.
The following instructions assume that:
MAX_HOST
is the name of the dedicated Windows 2000 System running Outlook 2000 and where ocxhost.exe is installed.
MAIL_HOST
is the Exchange Server on which the mailboxes of the end users reside.
PORTAL
is the Java Enterprise System Portal Server 7.1
DOMAIN
is the Windows Domain with MAX_HOST and MAIL_HOST
When setting up the dedicated Windows 2000 System (MAX_HOST) note the following requirements and assumptions:
Windows 2000 Server SP3 or Windows 2000 Professional.
Microsoft Outlook 2000 with CDO enabled.
The Operating System and Outlook 2000 is installed. Assign an IP Address and bring the new Host in the same Domain as the Exchange Server.
Create a User MAXhost in the Domain.
Log into your Host (MAX_HOST) as an administrator of the domain.
Select Start, Programs, Administrative Tools, Active Directory Users and Computers and create an domain account with user name MAXHost.
Select User->Properties->Member of and add the group Administrators (local)
Ensure that MAXHost can log on locally to the MAIL_HOST and MAX_HOST.
Set the password.
Configure Outlook for MAXHost user.
Configure Microsoft Exchange Server for Address Book, Calendar, and Mail.
Log in to your Exchange 2003 Server (MAIL_HOST) as MAXHost.
If you are using an Exchange 2003 Front-End Server, log in to your front-end Server as MAXHost.
Go to Start, Programs, Microsoft Exchange, Active Directory Users and Computers.
For each end user, set permissions to the mailbox.
Select View->Advanced Features
Double-click on the user name.
Select the Exchange Advanced tab and select Mailbox Rights.
Add MAXHost and give MAXHost full access.
Repeat steps Configuring Microsoft Exchange Server or IBM Lotus Notes through Configuring Microsoft Exchange Server or IBM Lotus Notes for each user who access the communication channels.
Install ocxhost.exe on the MAX_HOST.
Log in to MAX_HOST as domain user MAXhost.
Unzip the ocxhost.zip file located in the following directory:
PortalServer-base/SUNWportal/export .
When unzipping the file, you see the following file format:
Register ocxhost as follows:
Configure the necessary DCOM settings for the ocxhost utility using the dcomcnfg utility.
Select Start and Run.
Type dcomcnfg and select OK.
In the Distributed COM Configuration Properties dialog box select Default Properties tab and use the following settings:
Select the Applications tab.
Double-click the ocxhost utility in the Properties dialog.
The ocxhost properties window is displayed.
Check Run Application on this Computer under the Location tab.
Set Use custom access permissions, Use custom launch permissions and Use custom configuration permissions under the Security tab.
Select Edit for the Access, Launch, and Configuration settings and ensure that the following users are included in the Access Control List (ACL):
Select a User under the Identity tab in the ocxhost properties window.
Select Browse and locate the MAXHost.
Enter the password and confirm the password.
Select OK.
The ocxhost DCOM component is now configured and ready to communicate with the Exchange Servers. It is launched by RPC call when the first access from the Portal Server occurs.
Change MAXHost users group.
For security reasons you may want to remove the domain user from the Administrators group:
Log out and log in again as Administrator on MAX_HOST.
Remove the user MAXHost from local Administrators group, (and assign it to Domain User Group).
Do not use a firewall should between the Portal and the MAX_HOST.
(RPC calls using dynamic ports are used for the communication from Portal Server to ocxhost.exe.)
Do not use a firewall between the MAX_HOST and the MAIL_HOST.
Set up SSO Adapter for Calendar if you are using a dedicated Server for ocxhost.exe (MAX_HOST).
Create an SSO Adapter template.
Log in to the Access Manager administration console.
Select the Service Configuration Tab.
Select SSOAdapter.
Select New.
Enter a name for your new template and select the existing EXCHANGE-CALENDAR from the list.
Select Next.
In the line for the ocxHost enter the dns-name or IP-Address of the system were oxchost.exe resides, in this case MAX_HOST.
Select Save.
Create an SSO Adapter configuration for your organization.
From the Identity Management tab, select your organization.
Select Services from the scroll down menu
Select SSOAdapter.
Under SSO Adapter Configurations, select New.
Enter a name for the configuration and select the previously created Template.
Select Next.
Modify the properties as needed.
You can provide a default Host name which is your MAIL_HOST (DNS name or IP-Address), or you can leave it blank
Select Save and note the message Changes Saved.
Unregister ocxhost as follows:
Locate the ocxhost.exe utility.
Select Start and Run.
Type the following in the Run window:
ocxhost.exe /unregserver
Delete the files ocxhost.exe and ocxhostEnglishResourceDll.dll
Open the Lotus Administrator by selecting Start, Programs, Lotus Applications, and Lotus Administrator.
Go to Administration, Configuration, Server, Current Server Documents.
In the Security tab, set the following settings:
Under Java/COM Restrictions, set Run restricted Java/Javascript/COM and Run unrestricted Java/Javascript/COM to *.
Under Security Settings, set:
Under Server Access, set Only allow server access to users listed in this Directory to No.
Under Web Server Access, set Web Server Authentication to More Name Variations with lower security.
In the Ports tab:
Select the Notes Network Ports tab and ensure that TCPIP is ENABLED.
Select Internet Ports tab and the Web tab.
Ensure that TCP/IP port status is Enabled.
Under Authentication options, ensure that Name and password and Anonymous are Yes.
Select the Directory tab and ensure that:
Select the Mail tab and ensure that:
TCP/IP port status is Enabled.
Authentication options Name and Password and Anonymous are set as follows:
Mail (IMAP) |
Mail (POP) |
Mail (SMTP Inbound) |
SMTP (Outbound) |
---|---|---|---|
Name and Password |
Yes |
Yes |
No |
Anonymous |
N/A |
N/A |
Yes |
Select the IIOP tab and ensure that:
Select the Internet Protocols tab and the IIOP sub-tabs. Ensure that the Number of threads is at least 10.
Save and close.
Restart the server by typing the following in the Domino server console:
restart server
Restarting the server enables the settings to take effect.
Enable DIIOP server by typing the following command in the console:
load diiop
Check to see if diiop_ior.txt has been generated at location:
C:\\Lotus\\Domino\\Data\\domino\\html\\diiop_ior.txt |
Enable HTTP service by typing the following command in the console:
load http
If another service is using port 80, the HTTP service does not start. Stop the service running on port 80 and retype the following in the console: load http
Or
Use the existing service. To do this, copy the diiop_ior.txt file into the root or home directory of the web server running on port 80. You can include both the HTTP service and the DIIOP service in the notes.ini file to ensure that both services start when you start the server.
To access a Lotus Notes system using the Sun Java System Portal Server Mail and Calendar channels, you must add another file to the Sun Java System Portal Server. This file is called NCSO.jar. It must be obtained from the Lotus Notes product CD or the IBM web site.
This file is available with the Domino Designer and Domino Server products from IBM in the domino\\java subdirectory. It is also available in a Web download from the following Web site:
http://www-10.lotus.com/ldd/toolkits |
Go to the Lotus Domino Toolkit link and then to the Java/Corba R5.0.8 update link.
The download file, which performs the extraction of this file and other files, is an .exe file.
Place the NCSO.jar file in the global class path of the web container (web server or application server) as described in the subsequent sections about each of the four possible web containers. For three of the four web containers, the NCSO.jar file is placed in /usr/share/lib. The following table summarizes the steps that follow.
The table outlines the process of placing the JAR file in the global class path by indicating where the NCSO.jar file can be placed: in the System Classpath or in the Portal WAR. The table also indicates if special instructions are needed. If so, they are included later in this section.
Web Container |
System Classpath |
Portal WAR |
Special Instructions |
---|---|---|---|
Sun Java System Web Server |
Yes |
Yes |
N/A |
Sun Java System Application Server |
Yes |
Yes |
N/A |
BEA WebLogic Server |
Yes |
No |
How to update system classpath |
IBM WebSphere Application Server |
No |
Yes |
How to prune JAR file |
The following instructions are provided for each web container:
To complete the following steps for your web container, you must have administrative rights to it. Also you should have access to the web container documentation to obtain detailed information on various web container processes and commands.
For more information concerning the Sun Java System web containers, see Sun Java System Application Server Administrator’s Guide or Sun Java System Sun Java System Web Server, Enterprise Edition Administrator’s Guide.
Place the NCSO.jar in the following Sun Java System Portal Server directory:
/usr/share/lib
Update the web container class path to include:
/usr/share/lib/NCSO.jar
Restart the Sun Java System Web Server . Though often not mandatory, this practice is a good one.
Place the NCSO.jar file in the following directory:
PortalServer-base/SUNWportal/web-src/WEB-INF/lib
Redeploy the web application with the following command:
PortalServer-base/SUNWportal/bin/deploy redeploy
Restart the web container.
Place the NCSO.jar in the following Sun Java System Portal Server directory:
/usr/share/lib
Update the web container class path to include /usr/share/lib/NCSO.jar using the Sun Java System Application Server administration console.
Launch the Sun Java System Application Server administration console.
Select the domain.
Select the server instance.
Select the JVM Settings tab in the server instance view.
Select Path Settings under the JVM Settings tab.
Add /usr/share/lib/NCSO.jar in the Classpath Suffix list.
Select Save.
Select Apply Changes under the General tab of the instance.
Select Restart.
Place the NCSO.jar file in the following directory:
PortalServer-base/SUNWportal/web-src/WEB-INF/lib
Redeploy the web application with the following command:
PortalServer-base/ SUNWportal/bin/deploy redeploy
Where PortalServer-base represents the directory in which the Sun Java System Portal Server was originally installed.
Restart the web container.
Place the NCSO.jar in the following Sun Java System Portal Server directory:
/usr/share/lib
Update the web container class path to include /usr/share/lib/NCSO.jar using the command line.
Change directories to the web container install directory:
WebContainer-base /bea/wlserver6.1/config
Where WebContainer-base represents the directory in which the web container was originally installed.
Change directories to the directory that contains the domain instance:
mydomain
Edit the startWebLogic.sh file using the editor of your choice.
Add /usr/share/lib/NCSO.jar to the end of the CLASSPATH.
The startWebLogic.sh file may contain multiple CLASSPATH definitions. Locate the last definition of the variable and add the following string to the very end of the CLASSPATH:
/usr/share/lib/NCSO.jar
Restart the web container.
Prune the classes under org/w3c/dom/ and org/xml/sax/ from the NCSO.jar file and rejar.
The classes should include the following:
org/w3c/dom/Document.class
org/w3c/dom/Node.class
org/xml/sax/InputSource.class
org/xml/sax/SAXException.class
You can perform this task in many ways. Two examples are provided here. Follow the method that suits you best:
The following method requires you to manually unjar and rejar the file:
Download and place the file in the following directory:
/tmp/ncsoprune/work
Unjar the file while it is in that directory.
Remove the preceding four classes.
Rejar the file.
The following method requires you to run a script that automates the jar and unjar logic.
Download and place the file in the following directory:
/tmp/ncsoprune/work
Run the following script:
!/bin/ksh JAR=/usr/j2se/bin/jar JAR_FILE=NCSO.jar RM=/usr/bin/rm BASE_DIR= /tmp/ncsoprune WORK_DIR=${BASE_DIR}/work cd to director of jar file cd $WORK_DIR # unjar $JAR xvf $JAR_FILE prune classes $RM $WORK_DIR/org/w3c/dom/Document.class $RM $WORK_DIR/org/w3c/dom/Node.class $RM $WORK_DIR/org/xml/sax/InputSource.class $RM $WORK_DIR/org/xml/sax/SAXException.class jar $JAR cvf $BASE_DIR/$JAR_FILE META-INF com lotus org |
Place the re-jarred NCSO.jar file in the following directory:
PortalServer-base/SUNWportal/web-src/WEB-INF/lib
Redeploy the web application with the following command:
PortalServer-base/ SUNWportal/bin/deploy redeploy
Where PortalServer-base represents the directory in which the Sun Java System Portal Server was originally installed.
From an Internet browser, log on to the Sun Java System Portal Server administration console at http://hostname:port /psconsole, for example http://psserver.company22.example.com:80/psconsole
Click the Identity Management tab to display the View drop down list in the navigation pane.
Select Users in the View drop down list to display the User page.
Click New to display the New User page in the data pane.
Select the services to be assigned to the user.
Select at a minimum Portal Desktop and SSO Adapter.
Enter the user information.
Click Create.
The new user’s name appears in the Users list in the navigation pane.
The Mail channel automatically supports the HTTP protocol, but not the more secure HTTPS protocol. If your Sun Java System Messaging Server is enabled for HTTPS, however, you can follow the steps in this section to configure the Mail provider to work properly with the Sun Java System Messaging Server. These steps do not apply to Microsoft Exchange Server and IBM Lotus Notes server.
In terms of configuring the mail provider for HTTPS for Sun Java System Messaging Server, the steps regarding the web container differ depending upon which web container you are using: Sun Java System Web Server, Sun Java System Application Server, BEA WebLogic Server, or IBM WebSphere Application Server. Regardless of which web container you use, you need administrative rights to it.
You should refer to the web container documentation for information on initializing a trust database, adding certificates, and restarting the web container. For more information on these tasks and other security-related issues concerning the Sun Java System web containers, see Sun Java System Application Server Administrator’s Guide to Security or Sun Java System Sun Java System Web Server, Enterprise Edition Administrator’s Guide.
Initialize the trust database for the web container running Sun Java System Portal Server. For more information, refer to the proper documentation as discussed in the preceding paragraph.
Install the SSL certificate for the Trusted Certificate Authority (TCA) if it is not already installed.
Restart the web container. Even though restarting is not mandatory, this practice is a good one.
Add a new SSO Adapter template specifically for HTTPS. The name of the template used in this example is SUN-ONE-MAIL-SSL, which is descriptive since the security protocol, SSL, is included in the name.
You can configure an SSO Adapter template and related SSO Adapter configurations in many ways. The steps presented subsequently explain a typical configuration. They describe how to create a new template and a new configuration since this is a safer practice than simply editing existing templates and configurations.
If you are comfortable with the editing option, then proceed in that manner. If you change the name of the SSO Adapter template and SSO Adapter configuration as part of the edits you make, you also need to change the SSO Adapter name by editing the properties of the Mail channel.
The two items you would need to edit in the SSO Adapter template or SSO Adapter configuration are:
In creating a new SSO Adapter Template for this example, the clientProtocol attribute is set as a default attribute. Therefore, it appears in an SSO Adapter template not in an SSO Adapter configuration. The clientProtocol attribute must be changed from http to https. The edited template fragment for this attribute appears as follows:
clientProtocol=https
For this example, the clientPort attribute is set as a merge attribute. Therefore, it appears in an SSO Adapter configuration (see Web Container Facts and Considerations ). If the clientPort attribute were set as a default attribute, it would appear in an SSO Adapter template. The client port should be changed to a port reserved exclusively for HTTPS. Here port 443 is used since the HTTPS protocol uses this port number as the default. The edited template fragment for this attribute appears as follows:
&clientPort=443
From an Internet browser, log into the Sun Java System Portal Server administration console at http:// hostname:port /psconsole, for example http://psserver.company22.example.com:80/psconsole
Click the Service Configuration tab to display the list of configurable services in the navigation pane.
Click the arrow next to SSO Adapter to bring up the SSO Adapter page in the data pane.
Type a template name and select an existing template from the menu.
Click Next.
The Template Properties page appears.
Modify the properties as needed.
Web Container Facts and Considerations is a typical configuration which has been provided for your reference. The template you enter probably has different information. For example, you probably enter a different value for the configName property type unless you want to use the name SUN-ONE-MAIL-SSL . Furthermore, the attributes you set as default and merge probably differ from this example, depending upon the needs of your site.
When done, click Save.
If more than one string that begins with the IMAP protocol exists, this is acceptable.
Add a new SSO Adapter configuration specifically for HTTPS.
The name of the configuration used in this example is sunOneMailSSl, because it is similar to the name used for the respective SSO Adapter template.
See the Note from the preceding step, Web Container Facts and Considerations.
From an Internet browser, log on to the Sun Java System Portal Server administration console at http:// hostname:port /psconsole, for example http://psserver.company22.example.com:80/psconsole
Click the Identity Management tab to display the View drop down list in the navigation pane.
Click Services in the View drop down list.
Scroll down the navigation pane to the Single Sign-on Adapter configuration heading and click the arrow next to SSO Adapter to bring up the SSO Adapter page in the data pane.
Click in the blank configuration description field—which is just above the Add and Remove buttons.
Click New under SSO Adapter Configuration to add an SSO adapter configuration.
The New Configuration page appears.
Type a configuration name and select an SSO Adapter template from the menu.
Click Next.
The Configuration Properties page appears.
Modify the properties as needed.
When done, click Save.
Add a new Mail channel to Portal Desktop.
Web Container Facts and Considerations and Web Container Facts and Considerations explained how to create a new SSO Adapter template and SSO Adapter configuration to create a new channel. In this step you make the channel available to end users.
Choose a descriptive name for the new channel. The example name chosen here is SunOneMailSSLChannel.
From an Internet browser, log on to the Sun Java System Portal Server administration console at http:// hostname:port /psconsole, for example http://psserver.company22.example.com:80/psconsole
Click the Identity Management tab to display the View drop down list in the navigation pane.
Select Services in the View drop down list to display the list of configurable services.
Under the Sun Java System Portal Server Configuration heading, click the arrow next to Portal Desktop to bring up the Portal Desktop page in the data pane
Scroll as needed and click the Manage Channels and Containers link.
Scroll down to the Channels heading and click New.
In the Channel Name field, type your site’s name for the new channel. For example, SunJavaMailSSLChannel.
In the Provider drop down menu, select MailProvider.
Click OK, which returns you to the Channel and Container Management Web page where the channel you just created now exists.
Scroll down to the Channels heading and click Edit Properties next to the name of the channel you just created, which for this example is SunOneMailSSLChannel.
Scroll down to the title field, select and delete any words that currently exist, for example mail, and type a provider title. A possible name is SSL Mail Account.
In the description field, select and delete any words that currently exist, for example mail, and type a provider description. The same example is used here for description as for the title in the preceding substep: SSL Mail Account.
Scroll down the page; select and delete any words that currently exist in the SSO Adapter field, for example sunOneMail ; and type the same SSO Adapter configuration name used in Web Container Facts and Considerations , which for this example is sunOneMailSSL.
Scroll down and click Save.
Scroll back up the page to click the word top, which is the first item following the words Container Path.
Scroll down to the Container Channels heading and click the link for the container that you want to add the new channel to. For example, MyFrontPageTabPanelContainer. Do not click the accompanying Edit Properties link.
Scroll down to the Channel Management heading, scroll as needed in the Ready For Use frame, and click the name of your newly created channel to select it.
Remember, for this example the channel name is SunOneMailSSLChannel.
Add the channel to the Available to End Users on the Content Page list or to the Visible on the Portal Desktop list.
Click the Add button above the list for which you want to add the channel.
Scroll back up the page and click Save under the Channel Management heading.
You should now be able to log in and use an HTTPS enabled messaging server.
After installing Instant Messaging server, you need to manually configure it for Portal Server.
Install Instant Messaging Server.
Run the following command to configure Instant Messaging server.
Instant-Messaging-server-base/SUNWiim/configure
The Instant Messaging configurator appears.
Type the following values in the configurator pages:
Components |
Select the following components: Instant Messaging Server, Instant Messenger Resources Identity Server, and Instant Messaging Service. |
Server Components Client components |
Select these options. |
Use Access Manager for Single—Sign-on Use Access Manager for Policy |
Select these options. |
User ID Group ID Runtime Directory |
Type the user ID and group ID. For example, in Solaris 10, these values are root and root respectively. The default value of runtime directory is /var/opt/SUNWiim. |
Domain Name |
Type the domain name. |
XMPP port |
By default, it is 522. |
Multiplexed XMPP port |
By default, it is 4522. |
Disable Server |
Do not select this option. |
Ldap hostname |
It is machine-name.host-name. |
Ldap Port Number |
By default, it is 389. |
Base dn |
By default, it is dc=sun,dc=com. |
Bind dn |
By default, it is cn=Directory Manager. |
Bind Password |
Type the password. |
Enable E-mail Integration Smtp server Enable E-Mail Archiving |
Select this option. Provide the domain name. Select this option. |
Deploy Messenger Resources Codebase Web Administration URL Web Administrator User Id Web Administrator User Password |
Provide the details. |
Deploy IM HTTP Gateway Context Root Web Administration URL Web Administrator User Id Web Administrator User Password |
Provide the details. |
Enable Calendar Agent |
Select this option if you wish to enable the calendar agent. |
Start Services After Successful Configuration Start Services When System start |
Select these options. |
Click Done.
Log in to Portal Server desktop.
Click the Edit button displayed with the Instant Messaging portlet.
The Instant Messaging portlet is displayed in the Edit mode.
Provide the following details.
Launch Method |
The launch method can be Java Plugin or Java Web Start. |
Server Hostname |
The fully qualified domain name of the machine where you installed Messaging Server. |
Server Port |
The port on which the Messaging Server is running. |