Contents


Preface

Who Should Use This Book
How This Manual Is Organized
Related Books
Accessing Sun Documentation Online
Typographic Conventions
Shell Prompts in Command Examples

Chapter 1 Introducing iPlanet Portal Server 3.0

What is a Portal?
Features of the iPlanet Portal Server
Administering iPlanet Portal Server

Getting Information for Administering iPlanet Portal Server

Using the iPlanet Portal Server Desktop From a Remote Client
Where to Go Next
iPlanet Portal Server Components

Introducing the Server
Introducing the Profile Server
Introducing the Gateway
Choosing a Firewall
Basic iPlanet Portal Server Installation

Structure of the iPlanet Portal Server Role Tree

Root Level

Domain Role-User Attributes
Inheritance in the Role Tree

Domain Level

Inheritance at the Domain Level

Role Level

Inheritance at the Role Level

User Level

Inheritance at the User Level

Introducing the Administration Console

Logging in to the Administration Console
How the Administration Console is Organized

Main Screen Task Frame
Content Frame

Moving Through the Administration Console Content Pages

Navigating Through the Administration Console
Screen Shortcuts
Using the Search Link

Interacting With The Administration Console

Modifying Information in the Contents Frame
Processing Changes to the Profile Server
Managing Customized Attributes

Chapter 2 Creating A Multi-Domain Portal

Overview

Creating a Business to Consumer Portal

Creating the Business To Consumer Domain
Enabling Self-Registration Using the Membership Module
Verifying User Self Registration Authentication and Self-registered User Role Placement
Specifying URL Access Policy For the Customer Role
Verifying URL Access Policy From the Desktop
Disabling Access To an Application and Other Secure Providers
Verifying Disabled Application Access

Creating a Business to Employee Portal

Creating the Business To Employee Domain
Enabling UNIX Authentication
Verifying UNIX Authentication at Desktop Log In Screen
Setting Up a Virtual VPN for the Employee Domain
Verifying Netlet Service on Port 8143
Denying Access to a URL and an Application for a Role
Verifying Denied Access to Engineer User to URL and Application
Customizing the Desktop With a Welcome Message
Verifying the Customized Desktop Welcome Message

Setting Up a Delegated Administrator

Adding a New Role
Assigning Admin Privileges to the New Role
Adding a New User for the Admin Role

Managing Roles and Users

Move Users
Delete Users
Delete a Role

Chapter 3 Configuring The Desktop

Adding a Custom Application Provider

Copying the Class File
Adding the Channel to the Available Channels List
Adding the Channel to a Desktop

Configuring an Available Channel

Specifying Column Layout
Additional Channel Display Attributes

Setting Desktop Colors and Content

Specifying a Custom Name and Logo for the Portal Home Page

Introducing The Channel Wizard

Chapter 4 Configuring Membership

Overview
Functionality
User Types
Screens
User Data
Components
Customization

Look and Feel
Content
Function

Membership Module Requirements

Chapter 5 Configuring Policy

Overview
Configuring Policy

To Configure Policy at the Domain, Role, and User Levels

Policy Details

Using Lists and Checkboxes
Applications Policy
Desktop Policy
Logging Policy
NetFile Policy
Netlet Policy
Platform Policy
Session Policy
S/Key Generation Policy
User Policy
Miscellaneous
ADMIN and USER Permissions

Chapter 6 Managing Authentication

Overview of iPlanet Portal Server Authentication

Default Authentication Methods
Common Authentication Tasks
Files Used for Authentication
How the Users Experience the Authentication Process
Setting Up User Authentication for a Multiple Domain Portal

Requiring the User to Type a Domain Name
Using a Virtual Host Name for the Gateway

Managing Authentication Attributes

To Define Platform-Wide Authentication Attributes
To Define Domain-Specific Authentication Attributes

Setting Up Authentication for Users

Configuring Authentication for Administrators
Configuring S/Key Authentication

S/Key Password Generation

Authentication Using the LDAP Server

Security
Which LDAP Server to Use?
Configuring LDAP Authentication

Configuring Personal Digital Certificates (PDCs) and Encoded Devices Authentication

Managing PDC Attributes

Configuring Windows NT Primary Domain Controller Authentication
Configuring SafeWord Authentication

Viewing or Changing SafeWord Attributes

Configuring SecurID Authentication

Viewing or Changing SecurID Attributes

Configuring RADIUS Authentication

Viewing or Changing RADIUS Attributes

Configuring UNIX Authentication

Customizing Authentication on Your Portal

Editing the Properties Files
Adding or Removing Modules From the Menu

Adding or Removing an Authentication Module from the Platform

Changing the Look of Authentication Modules on a Per-Domain Basis

To Customize an Authentication Module on a Per-Domain Basis

Authentication Helpers (daemons)
Platform-wide Authentication Attributes
Authentication Attributes at the Domain Level
Authentication Attributes at the Role or User Level

Chapter 7 Configuring The Netlet

Providing Secure Applications Through the Netlet

Requirements for the Netlet
How the Netlet Works
What Is Involved in Configuring the Netlet?

Writing Netlet Rules

Syntax of Netlet Rules

Ports Used by iPlanet Portal Server

Sample Netlet Rules

Basic Static Rule
Static Rule With Multiple Target Hosts
Dynamic Rule That Invokes a URL
Dynamic Rule That Downloads an Applet

Configuring Netlet Profiles in the Role Tree

To Configure a Netlet Profile for a Domain

To Set Permissions for the Netlet

To Configure a Netlet Profile for a Role or Users
To Delete a Netlet Rule
To Modify an Existing Rule

Configuring Netlet Privileges for the Role Tree

To Define Netlet Policies for a Domain
To Define Netlet Policies for a Role
To Define Netlet Policies for a User
Rules for Predefined Netlet Applications

Client Specifications and Examples

Configuring Client Software
Integrating Applet Clients
Integrating Non-Applet Clients
Configuring Lotus Notes

Writing a Netlet Rule for the Lotus Notes Web Client
Writing a Netlet Rule for the Lotus Notes (non-Web) Client

Writing Netlet Rules for Stand-Alone Email Clients to an IMAP or an SMTP Server
Configuring the Netscape Mail Client

Accessing Netscape Mail

Configuring Netlet for Use With Microsoft Outlook and Exchange Server

End User Access to Microsoft Exchange Server

Chapter 8 Configuring the Gateway

Configuring Web Proxies

Configuring the Web Proxies Used To Contact the Profile Service

Configuring the Web Proxies for the Server and All Other Machines

Using Virtual IP and DNS Names

Using One Gateway Name
Multi-hosting or Multiple Gateway Names

Configuring the Rewriter

Rewriting HTML Attributes

Rewriting Form Input Tags List
Rewriting HTML Attributes Containing JavaScript

Rewriting JavaScript Function Parameters
Rewriting JavaScript Variables in URLs
Rewriting JavaScript Variables Function
Rewriting JavaScript Function Parameters in HTML
Rewriting JavaScript Variables in HTML
Rewriting Applet Parameter Values List

Running In HTTP mode
Configuring The Gateway Proxy
Enabling PDC
IP Address Validation
HTTP Basic Authentication
Forward Cookie Configuration
Non-Portal Server Cookie Management

Chapter 9 Expanding The Portal

Adding Servers and Gateways

Character Restrictions on Host Names
To Add a Gateway After Installation
To Add a Server After Installation
To Restart a Gateway or Server

To Restart a Gateway
To Restart a Server

Modifying Information About a Server or Gateway
Setting Up Multiple Gateways and Servers

Load Balancing Support in iPlanet Portal Server
Pre-Configuration Issues for Multiple Gateways and Servers

Chapter 10 Data Logging

Logging

Manage Logging Profile
Viewing a Log
Managing the Logging Profile

Storing Log Information in a Database

Chapter 11 Maintaining iPlanet Portal Server

LDAP Backup and Restore

LDAP Backup - Procedure 1
LDAP Restore - Procedure 1
LDAP Backup - Procedure 2
LDAP Restore - Procedure 2

Setting Up Encrypted Communications Between Server and Gateway

To Generate a Self-Signed SSL Certificate on the Gateway
Obtaining SSL Certificates From Vendors

To Install SSL Certificates From Verisign
To Install SSL Root Certificates
To Install SSL Certificates From a Certificate Authority

Configuring Encrypted Communications on the Server

Fixing Known Problems

Browser Issues Involving the Netlet
Setting Platform Debugging

Troubleshooting Authentication Problems

Modules with Helpers

Debugging SafeWord

Starting Debugging Using the SafeWord Helper

Debugging SecurID

Starting Debugging Using the SecurID Helper

Debugging RADIUS

Starting Debugging Using the RADIUS Helper

Debugging Windows NT Primary Domain Controller

Configuring Windows NT Aliases
Manually Testing Windows NT Authentication

Debugging UNIX

Starting Debugging Using the UNIX Helper

Debugging S/Key

Starting Debugging Using the S/Key Helper

Appendix A Administering the Firewall Application

iPlanet Portal Server Firewall Application
How the Firewall Works
Configuring the iPlanet Portal Server Firewall Application

To Configure the iPlanet Portal Server Firewall Application

Administering the iPlanet Portal Server Firewall Application

Using fw.activate to turn on firewall
Using fw.address to change address

Address Management
Individual IP Addresses
Address Ranges

Using fw.rule for packet filtering

Rules

Using fw.services supplied

Standard Services
Service Groups

Firewall Troubleshooting

Appendix B iPlanet Portal Server Attributes

Platform-wide Authentication Attributes
Super Administrator Authentication Attributes
Domain Level Authentication Attributes

Appendix C iPlanet Portal Server 3.0 Third-Party Software CD-ROM

Samba

To Install Samba Software

GO-Joe

Installing GO-Joe on the Machine You Want to Control
To Add the SUNWgjvxs Package
Using GO-Joe With Browsers

pcANYWHERE

To install the Trial Version of pcANYWHERE on the CD
To Configure the Trial Version of pcANYWHERE

Glossary

Index