Configuring SSO Through Communications Servers Trusted Circle
Technology
When configuring SSO through Communications Servers trusted circle technology
(that is, not through Access Manager), consider these points:
-
Each trusted application must be configured for SSO.
-
SSO does not work correctly if the default.html page
is in your browser’s cache. Before using SSO, be sure to reload the default.html page in your browser. For example, in Netscape Navigator, hold
down the Shift key and then click Reload.
-
SSO works only for bare URL's. For example, SSO works for:http://servername.
The following table describes the Calendar Server configuration parameters for
SSO through Communications Servers trusted circle technology.
Table 9–1 Calendar
Server SSO Parameters Through Communications Servers Trusted Circle Technology
|
Parameter
|
Description
|
|
sso.enable
|
This parameter must be set to "1" (the default) to enable SSO. "0" disables
SSO.
|
|
sso.appid
|
This parameter specifies the unique application ID for the specific Calendar
Server installation. Each trusted application must also have a unique application
ID. The default is: "ics50"
|
|
sso.appprefix
|
This parameter specifies the prefix value to be used for formatting SSO cookies.
The same value must be used by all trusted applications, because only SSO cookies
with this prefix will be recognized by Calendar Server. The default is: "ssogrp1"
|
|
sso.cookiedomain
|
This parameter causes the browser to send a cookie only to servers in the specified
domain. The value must begin with a period (.)
|
|
sso.singlesignoff
|
A value of “true” (the default) clears all SSO
cookies on the client with prefix values matching the value configured in sso.appprefix
when the client logs out.
|
|
sso.userdomain
|
This parameter sets the domain used as part of the user's SSO authentication.
|
|
sso.appid.url = "verifyurl"
|
This parameter sets the verify URL values for peer SSO hosts for the Calendar
Server configuration. One parameter is required for each trusted peer SSO host. The
parameter includes the:
-
Application ID (appid) identifies each
peer SSO host whose SSO cookies are to be honored
-
Verify URL (verifyurl) includes the host
URL, host port number, and VerifySSO? (including the ending question
mark (?).
In this example, the Calendar Server application
ID is ics50, the host URL is sesta.com, and
the port is 8883.
The Messenger Express application
ID is msg50, the host URL is sesta.com, and
the port is 8882.
For example:
sso.ics50.url=
"http://sesta.com:8883
/VerifySSO?"
sso.msg50.url=
"http://sesta.com:8882
/VerifySSO?"
|
The following table describes the Messaging Server configuration parameters
for SSO through Communications Servers trusted circle technology.
Table 9–2 Messaging
Server SSO Parameters Through Communications Servers Trusted Circle Technology
|
Parameter
|
Description
|
|
local.webmail.sso.enable
|
This parameter must be set to a non-zero value to enable SSO.
|
|
local.webmail.sso.prefix
|
This parameter specifies a prefix used when formatting SSO cookies set by the
HTTP server. For example: ssogrp1
|
|
local.webmail.sso.id
|
This parameter specifies the unique application ID ( for example: msg50) for the Messaging Server.
Each trusted application must also have a unique application ID.
|
|
local.webmail.sso.cookiedomain
|
This parameter specifies the cookie domain value of all SSO cookies set by the
HTTP server.
|
|
local.webmail.sso.singlesignoff
|
A non-zero value clears all SSO cookies on the client with prefix values matching
the value configured in local.webmail.sso.prefix when the client
logs out.
|
|
local.sso.appid.url=verifyurl
|
This parameter sets the verify URL values for peer SSO hosts for the Messaging
Server configuration. One parameter is required for each trusted peer SSO host. The
parameter includes these items:
-
Application ID (appid) identifies each
peer SSO host whose SSO cookies are to be honored
-
Verify URL (verifyurl) includes the host
URL, host port number, and VerifySSO? (including the ending ?).
For example:
local.sso.ics50.verifyurl=
http://sesta.com:8883/VerifySSO?
In this example, the Calendar Server application ID is ics50, the
host URL is sesta.com, and the port is 8883.
local.sso.msg50.verifyurl=
http://sesta.com:8882/VerifySSO?
In this example, the Messaging Server application ID is msg50, the host URL is sesta.com, and the port is 8882.
|
For more information about configuring Messaging Server for SSO, see the Sun Java System Messaging Server 6 2005Q4 Administration Guide.
