test

Sun Java System Portal Server Secure Remote Access 7.2 Administration Guide

Configuration 3

In this configuration the identity providers, identity providers and the Common Domain Cookie Provider (CDCP) are not deployed in the corporate intranet or the service provider is a third party provider residing the in Internet and the identity provider is protected by the Gateway.

In this configuration the Gateway points to the identity provider, which is the Portal Server.

This configuration is valid for multiple instances of the Portal Server. This configuration is unlikely on the Internet, however, some corporate networks may have such a configuration within their intranet, that is the identity provider may reside in a subnet this is protected by a firewall and the service providers are directly accessible from within the corporate network.

ProcedureTo Configure Gateway to an Identity Provider (Portal Server)

  1. Log into the Portal Server administration console as administrator.

  2. Select the Secure Remote Access tab and select the appropriate gateway profile to modify its attributes.

  3. Select the Core tab.

  4. Select the Enable Cookie Management checkbox to enable cookie management.

  5. In the Portal Servers field, enter the portal server name of the identity provider to use the relative URLs such as: /amserver or /portal/dt listed in the Non-Authenticated URLs list.

    http://idp-host:port/amserver/js

    http://idp-host:port/amserver/UI/Login

    http://idp-host:port/amserver/css

    http://idp-host:port/amserver/SingleSignOnService

    http://idp-host:port/amserver/UI/blank

    http://idp-host:port/amserver/postLogin

    http://idp-host:port/amserver/login_images

  6. Click Save.

  7. Select the Security tab.

  8. In the Non-authenticated URLs list, add the federation resources. For example:

    /amserver/config/federation

    /amserver/IntersiteTransferService

    /amserver/AssertionConsumerservice

    /amserver/fed_images

    /amserver/preLogin

    /portal/dt

  9. Click Add.

  10. Click Save.

  11. If web proxies are needed to reach the URLs listed in the Non-authenticated URLs list, select the Deployment tab.

  12. In the Proxies for Domains and Subdomains field, enter information about the web proxies.

  13. Click Add.

  14. Click Save.

  15. From a terminal window, restart the Gateway:

    ./psadmin start-sra-instance –u amadmin – f <password file> –N <profile name>– t <gateway>