iPlanet Portal Server Reference Guide: Chapter 7 Single Signon

Previous Contents Index Next

iPlanet Portal Server Reference Guide

Chapter 7 Single Signon

Single Signon Overview

The Single Signon provides developers of iPlanet Portal Server API's a mechanism to let users access the applications freely after the initial session signon, rather than prompting for authentication information to access each application during that session. The session/user authentication is established at initial signon by the session server.
At a high-level, single signon application development requires developers to:

Use the Session API to validate an HTTP request from the user into an iPlanet Portal Server session.

Use the Profile and Policy API to access the application-specific authentication information that is stored in the iPlanet Portal Server profile.

Pass that information to the application.

Special Cases

HTTP Basic Authentication is automatically handled by the gateway. It monitors user logins, then writes the URL and encrypted authentication information to the Profile Server.
Similar to HTTP Basic Authentication is NetFile. NetFile notes what's been used (username, password, mount information) and remembers it for next time.
A system administrator can also pre populate URLs in the Profile database.
Before logging into the Portal Server the servlet program will print out the value of the session ID.

Note The cookie name would normally be retrieved by the application from the http header.

Instructions for using Single Signon

This section provides information for linking a Single Signon authorization to a user's iPlanet Portal Server desktop.

Command Line Example

iPlanet Portal Server software must be installed to use this sample.

Set IPS_BASE to the iPlanet Portal Server installation directory.

cd $IPS_BASE/SUNWips/sample/sso. then type make.

Copy the class files to the appropriate directory under:

$IPS_BASE/SUNWips/lib

on the portal server, e.g., the SSO.class would be copied to:

$IPS_BASE/SUNWips/lib/com/iplanet/portalserver/sso

Modify the web server configuration.

The web server configuration files are in the directory:

$IPS_BASE/netscape/server4/https-servername/config

where servername is the FQDN of the portal server.

Add the following line to the web server servlets.properties file:

servlet.sso.code=com.iplanet.portalserver.sso.SSO

Replace the package and servlet names with the names chosen for this SSO servlet

Add the following line to the web server rules.properties file:

/sso=sso

Restart the portal server:

# etc/init.d/ipsserver start

Test the servlet by logging in to Portal Server and entering the following URL:

https://gateway/http://server:8080/sso

Include the iPlanet Portal Server Classes

At a minimum, the Java client application should import the iPlanet Portal Server Profile, Logging, and Session classes, as shown here.

package com.iplanet.portalserver.sso;

import java.io.*;

import java.util.*;

import javax.servlet.*;

import javax.servlet.http.*;

import com.iplanet.portalserver.session.*;

import com.iplanet.portalserver.profile.*;

import com.iplanet.portalserver.logging.*;

import com.iplanet.portalserver.util.*;

Single signon checks to see if the session is valid by looking for the cookie (planted by the Session) with the name iPlanetPortalServer.

Code Example 7-1 SSO.Java

public class SSO extends HttpServlet implements SessionListener{

private Vector v = new Vector();

private static boolean connectedToMailServer = false;

public void init(ServletConfig config) throws ServletException {

}

public void doGet (HttpServletRequest req, HttpServletResponse res)

throws ServletException, IOException {

v = new Vector();

SessionID sid = new SessionID(req);

Session sess=null;

try {

sess = Session.getSession(sid);

v.addElement("sessionID: " + sess.getID());

v.addElement("userID: " + sess.getClientID());

v.addElement("domain: " + sess.getClientDomain());

// Possible states are VALID, INVALID, INACTIVE, DESTROYED

// we only care whether it is valid or not

int state = sess.getState(false);

if (state != Session.VALID) {

v.addElement("user session invalid");

}

v.addElement("Session: Valid");

// get the user profile associated with the session

Profile p = sess.getUserProfile();

String serverIMAP = p.getAttributeString("iwtUser-IMAPServerName");

String serverSMTP = p.getAttributeString("iwtUser-SMTPServerName");

String userId = p.getAttributeString("iwtUser-IMAPUserId");

String passWord = p.getAttributeString("iwtUser-IMAPPassword");

if (!connectedToMailServer) {

connect(userId, passWord);

connectedToMailServer = true;

}

v.addElement("IMAP server: " + serverIMAP);

v.addElement("SMTP server:" + serverSMTP);

v.addElement("user id: " + userId);

v.addElement("password:" + passWord);

}

catch(SessionException e){

v.addElement("Session invalid: " + e.getMessage());

}

catch(ProfileException e){

v.addElement("Profile exceptioin: "+ e.getMessage());

}

catch(Exception e){

v.addElement("Exception " + e.getMessage());

}

send_it(res, v);

}

void printProfile(Hashtable h, Profile p, String message) {

try {

v.addElement(message);

for (Enumeration e = h.keys(); e.hasMoreElements();) {

String s = (String)e.nextElement();

Enumeration ee = p.getAttribute(s);

v.addElement(s);

while (ee.hasMoreElements()) {

String ss = (String)ee.nextElement();

v.addElement(ss);

}

}

}

catch(Exception e){

v.addElement("Exception " + e.getMessage());

}

}

public void send_it(HttpServletResponse res, Vector st) {

try {

ServletOutputStream out = res.getOutputStream();

res.setContentType("text/html");

out.println("<HEAD><TITLE> iPS SSO sample </TITLE></HEAD><BODY>");

out.println("<h1> SSO iPS Sample </h1>");

for (int i=0;i<st.size();i++) {

out.println("<P>" + (String)st.elementAt(i));

}

out.println("</BODY>");

out.close();

}

catch (Exception e) {

o.println("Exception");

}

}

public void sessionChanged(SessionEvent evt) {

Session sess = evt.getSession();

try {

if (sess.getState(false) != Session.VALID) {

}

}

catch (SessionException e) {}

}

public String getServletInfo() {

return "iPS SSO sample";

}

private void connect(String user, String pass) {

// connect to mail server

return;

}

private static final PrintStream o = System.out;

}

# etc/init.d/ipsserver start

public class SSO extends HttpServlet implements SessionListener{

private Vector v = new Vector();
private static boolean connectedToMailServer = false;

public void init(ServletConfig config) throws ServletException {
}

public void doGet (HttpServletRequest req, HttpServletResponse res)
throws ServletException, IOException {
v = new Vector();
SessionID sid = new SessionID(req);
Session sess=null;
try {
sess = Session.getSession(sid);
v.addElement("sessionID: " + sess.getID());
v.addElement("userID: " + sess.getClientID());
v.addElement("domain: " + sess.getClientDomain());

// Possible states are VALID, INVALID, INACTIVE, DESTROYED
// we only care whether it is valid or not

int state = sess.getState(false);
if (state != Session.VALID) {
v.addElement("user session invalid");
}

v.addElement("Session: Valid");

// get the user profile associated with the session

Profile p = sess.getUserProfile();
String serverIMAP = p.getAttributeString("iwtUser-IMAPServerName");
String serverSMTP = p.getAttributeString("iwtUser-SMTPServerName");
String userId = p.getAttributeString("iwtUser-IMAPUserId");
String passWord = p.getAttributeString("iwtUser-IMAPPassword");

if (!connectedToMailServer) {
connect(userId, passWord);
connectedToMailServer = true;
}

v.addElement("IMAP server: " + serverIMAP);
v.addElement("SMTP server:" + serverSMTP);
v.addElement("user id: " + userId);
v.addElement("password:" + passWord);
}
catch(SessionException e){
v.addElement("Session invalid: " + e.getMessage());
}
catch(ProfileException e){
v.addElement("Profile exceptioin: "+ e.getMessage());
}
catch(Exception e){
v.addElement("Exception " + e.getMessage());
}
send_it(res, v);
}

void printProfile(Hashtable h, Profile p, String message) {
try {
v.addElement(message);
for (Enumeration e = h.keys(); e.hasMoreElements();) {
String s = (String)e.nextElement();
Enumeration ee = p.getAttribute(s);
v.addElement(s);
while (ee.hasMoreElements()) {
String ss = (String)ee.nextElement();
v.addElement(ss);
}
}
}
catch(Exception e){
v.addElement("Exception " + e.getMessage());
}
}

public void send_it(HttpServletResponse res, Vector st) {
try {
ServletOutputStream out = res.getOutputStream();
res.setContentType("text/html");
out.println("<HEAD><TITLE> iPS SSO sample </TITLE></HEAD><BODY>");
out.println("<h1> SSO iPS Sample </h1>");
for (int i=0;i<st.size();i++) {
out.println("<P>" + (String)st.elementAt(i));
}
out.println("</BODY>");
out.close();
}
catch (Exception e) {
o.println("Exception");
}
}

public void sessionChanged(SessionEvent evt) {
Session sess = evt.getSession();
try {
if (sess.getState(false) != Session.VALID) {


}
}
catch (SessionException e) {}
}

public String getServletInfo() {
return "iPS SSO sample";
}

private void connect(String user, String pass) {
// connect to mail server
return;
}
private static final PrintStream o = System.out;
}

Previous Contents Index Next
Copyright © 2000 Sun Microsystems, Inc. Some preexisting portions Copyright © 2000 Netscape Communications Corp. All rights reserved.

Last Updated May 04, 2000