8.1.2 Configuring SSO Through Communications Servers Trusted
Circle Technology
When configuring SSO through Communications Servers trusted circle technology
(that is, not through Access Manager), consider these points:
-
Each trusted application must be configured for SSO.
-
SSO does not work correctly if the default.html page
is in your browser’s cache. Before using SSO, be sure to reload the default.html page in your browser. For example, in Netscape Navigator,
hold down the Shift key and then click Reload.
-
SSO works only for bare URL's. For example, SSO works for:http://servername.
The following table describes the Calendar Server configuration parameters
for SSO through Communications Servers trusted circle technology.
Table 8–1 Calendar
Server SSO Parameters Through Communications Servers Trusted Circle Technology
Parameter
|
Description
|
sso.enable
|
This parameter must be set to "1" (the default) to enable SSO. "0" disables
SSO.
|
sso.appid
|
This parameter specifies the unique application ID for the specific
Calendar Server installation. Each trusted application must also have a unique
application ID. The default is: "ics50"
|
sso.appprefix
|
This parameter specifies the prefix value to be used for formatting
SSO cookies. The same value must be used by all trusted applications, because
only SSO cookies with this prefix will be recognized by Calendar Server. The
default is: "ssogrp1"
|
sso.cookiedomain
|
This parameter causes the browser to send a cookie only to servers in
the specified domain. The value must begin with a period (.)
|
sso.singlesignoff
|
A value of “true” (the default) clears
all SSO cookies on the client with prefix values matching the value configured
in sso.appprefix when the client logs out.
|
sso.userdomain
|
This parameter sets the domain used as part of the user's SSO authentication.
|
sso.appid.url = "verifyurl"
|
This parameter sets the verify URL values for peer SSO hosts for the
Calendar Server configuration. One parameter is required for each trusted
peer SSO host.
This parameter contains the following parts:
-
Application ID (appid) identifies
each peer SSO host whose SSO cookies are to be honored
-
Verify URL (verifyurl) includes
the host URL, host port number, and VerifySSO? (including
the ending question mark (?).
In this example,
the Calendar Server application ID is ics50, the host URL
is sesta.com, and the port is 8883.
The Messenger Express application ID is msg50, the
host URL is sesta.com, and the port is 8882.
For example:
sso.ics50.url=
"http://sesta.com:8883
/VerifySSO?"
sso.msg50.url=
"http://sesta.com:8882
/VerifySSO?"
|
The following table describes the Messaging Server configuration parameters
for SSO through Communications Servers trusted circle technology.
Table 8–2 Messaging
Server SSO Parameters Through Communications Servers Trusted Circle Technology
Parameter
|
Description
|
local.webmail.sso.enable
|
This parameter must be set to a non-zero value to enable SSO.
|
local.webmail.sso.prefix
|
This parameter specifies a prefix used when formatting SSO cookies set
by the HTTP server. For example: ssogrp1
|
local.webmail.sso.id
|
This parameter specifies the unique application ID ( for example: msg50) for the Messaging Server.
Each trusted application must also have a unique application ID.
|
local.webmail.sso.cookiedomain
|
This parameter specifies the cookie domain value of all SSO cookies
set by the HTTP server.
|
local.webmail.sso.singlesignoff
|
A non-zero value clears all SSO cookies on the client with prefix values
matching the value configured in local.webmail.sso.prefix when
the client logs out.
|
local.sso.appid.url=verifyurl
|
This parameter sets the verify URL values for peer SSO hosts for the
Messaging Server configuration. One parameter is required for each trusted
peer SSO host.
The parameter includes these parts:
-
Application ID (appid) identifies
each peer SSO host whose SSO cookies are to be honored
-
Verify URL (verifyurl) includes
the host URL, host port number, and VerifySSO? (including
the ending ?).
For example:
local.sso.ics50.verifyurl=
http://sesta.com:8883/VerifySSO?
In this example, the Calendar Server application ID is ics50, the
host URL is sesta.com, and the port is 8883.
local.sso.msg50.verifyurl=
http://sesta.com:8882/VerifySSO?
In this example, the
Messaging Server application ID is msg50, the host URL
is sesta.com, and the port is 8882.
|
For more information about configuring Messaging Server for SSO, see
the Sun Java System Messaging Server 6.3 Administration Guide.