test

Sun Java System Calendar Server 6.3 Administration Guide

ProcedureTo use SSO with Calendar Server

  1. Make sure that Access Manager and Directory Server are installed and configured. For information about installing and configuring these products, refer to the Sun Java Enterprise System 5 Installation Guide for UNIX.

  2. After stopping Calendar Server services, configure SSO for Calendar Server by setting the parameters shown in 8.1 Configuring SSO Through Access Manager. For the values to take effect, you must restart Calendar Server services.

    Note –

    When you set the local.calendar.sso.amnamingurl parameter, you must use a fully qualified host name for where Access Manager software is installed.

  3. To configure SSO for Messaging Server, refer to the Sun Java System Messaging Server 6.3 Administration Guide.

  4. Users log into Access Manager using their Directory Server LDAP user name and password. (A user who logs in through another server such as Calendar Server or Messaging Server will not be able to use SSO to access the other Sun Java Enterprise System servers.)

  5. After logging in, users can access Calendar Server through Communications Express using the appropriate URL. Users can also access other Communications Suite servers such as Messaging Server, if the servers are configured properly for SSO.

    Parameter  

    Description  

    local.calendar.sso.amnamingurl

    Specifies the URL of the Access Manager SSO naming service. 

    Default is  

    http://AccessManager:port/amserver/namingservice

    where AccessManager is the fully qualified name of Access Manager, and port is the Access Manager port number.

    local.calendar.sso.amcookiename

    Specifies the name of the Access Manager SSO cookie. 

    Default is "iPlanetDirectoryPro".

    local.calendar.sso.amloglevel

    Specifies the log level for Access Manager SSO. Range is from 1 (quiet) to 5 (verbose). Default is “3“. 

    local.calendar.sso.logname

    Specifies the name of the Access Manager SSO API log file. 

    Default is: am_sso.log

    local.calendar.sso.singlesignoff

    Enables (“yes“) or disables (“no“) single sign-off from Calendar Server to Access Manager. 

    If enabled, a user who logs out of Calendar Server is also logged out of Access Manager, and any other sessions the user had initiated through Access Manager (such as a Messaging Server Webmail session) are terminated. 

    Because Access Manager is the authentication gateway, single sign-off is always enabled from Access Manager to Calendar Server. 

    Default is “yes“. 

    Tip –

    A best practice for changing the ics.conf file is to add the parameter and its new value to the end of the file. The system reads the entire file and uses the last value found for the parameter.