test

Sun Java System Portal Server Secure Remote Access 7.2 Administration Guide

ProcedureTo Configure PDCs and Encoded Devices

  1. Add the following line in the /etc/opt/SUNWam/config/AMConfig.properties file on the Portal Server machine: com.iplanet.authentication.modules.cert.gwAuthEnable=yes.

  2. Import the Required Certificates into the certificate database of the Gateway that you want PDC-enabled. To configure the certificates, see To import the Root CA certificate on the gateway machine

  3. Log into the Access Manager administration console as administrator, do the following:

    1. Select the Identity Management tab and then select an Organization.

    2. Click Services for the Organization from the View drop down menu.

    3. Click Add to register the certificate.

  4. From the Access Manager administration console, do the following:

    1. Select the required organization and click the arrow next to Certificate.

    2. In the Trusted Remote Host list box, highlight none and click Remove.

    3. Enter any in the text field and click Add.

    4. Click Save.

  5. From the Access Manager administration console, do the following:

    1. Choose the required organization and then select Services from the View drop-down menu.

      The list of services is displayed.

    2. Click the arrow next to the Authentication Configuration core service and then click New.

      The New Service Instance page is displayed.

    3. Enter the service instance name as gatewaypdc.

    4. Click Submit.

      The gatewaypdc Service Instance List is displayed.

    5. Click gatewaypdc to edit the service.

      The gatewaypdc show properties page is displayed.

    6. Click Edit link next to Authentication Configuration and then click Add.

      The Add Module page is displayed.

    7. Choose Cert from the Module Name field and REQUIRED for Enforcement criteria, and then click OK.

    8. Click OK to complete.

  6. From the Access Manager administration console, do the following:

    1. Click the arrow next to Core.

    2. In the Organization Authentication modules list box, select gatewaypdc.

    3. Choose Dynamic from the User Profile drop-down menu.

    4. Click Save to complete.

  7. Log into the Portal Server administration console as administrator and do the following:

    1. Select the Secure Remote Access tab and select the appropriate gateway profile.

    2. Select the Security tab.

    3. In the Certificate-enabled Gateway hosts list box, add the Gateway name.

    4. Click Save.

  8. Restart the gateway profile from a terminal window:

    ./psadmin start-sra-instance -u amadmin -f passwordfile -N profilename -t gateway

  9. Install the client certificate issued from CA into the browser one has to access PDC enabled gateway.

  10. Install the client certificate into the JVM keystore. JVM control panel can be accessed as below from the windows machine Start > Setting > Control Panel > Java.

    Add the following to the Applet RunTime parameters:

    • Djavax.net.ssl.keyStore=Path to Keystore

    • Djavax.net.ssl.keyStorePassword=password

    • Djavax.net.ssl.keyStoreType=type

  11. Access your gateway profile and organization:

    https://gateway:instance-port/YourOrganization

    You should be logged in without any prompt for Username and Password with the name of the certificate.