Contents

About This Guide

What You Are Expected to Know

The Identity Server Documentation Set

Documentation Conventions Used in This Manual

Typographic Conventions

Terminology

Chapter 1   Introducing Identity Server

Identity Server Solution

Sun ONE Directory Server

Identity Server Policy Service

Identity Server Management Service

Identity Server Console

Cross-Domain Single Sign-On

Web Server

Common Domain Services

Key Features and Benefits

What’s New in Identity Server 6.0

Support to Liberty Specifications

SAML Support

Chapter 2   Deployment Considerations

Directory Issues

Installing Against an Existing Directory

Unsupported DITs

Directory Replication

Policy Management Issues

Roles

Policies and Policy Agents

Service Attributes

Installing Other Products for Use With Identity Services

Remote Web Servers

Policy Agent

Multiple Directory Servers for Failover and High Availability

LDAP Load-Balancers

Hardware Requirements

Optimal Hardware Requirements

Recommended Hardware Configurations

Software Requirements

Operating System Requirements

Sun ONE Directory Server Patches

Sun ONE Certificate Server 4.7 Patch Installation

Java Requirement

Remote Web Server Requirements

Web Browser Requirements

Chapter 3   The Identity Server Installation Program

Before You Begin

Installation Methods

Installation Program Options

Setting the Domain Name

On UNIX

On Windows 2000

Chapter 4   Installing Identity Server with a New Directory Server

Before You Begin

Setting the Domain Name

Removing Old Instances of Identity Server

To Install Identity Server Services with a New Directory Server

Chapter 5   Installing Identity Server Against an Existing Directory Server

Overview of Installation Tasks

Running the Identity Server Installation Program

Post-Installation Configuration

Before You Begin

Directory Server Issues

Migrating Pre-6.0 Versions of Identity Server

Using Appropriate Administrator Privileges

Displaying the Installation Wizard on UNIX

Using Java 1.3.1_06

Setting the Domain Name

Removing Old Instances of Identity Server

Choosing a Procedure for Enabling Services

Installing Identity Server Schema

To Install Identity Server Schema

Manually Configuring the Directory Server

To Enable the Referential Integrity Plug-In

To Add Identity Server Indexes

Installing User and Policy Management Services

To Install User and Policy Management Services

Automatically Enabling Policy Management Services

Manually Enabling Policy and User Management Services

Enabling User Management Only

Enabling Policy Management Service Only

Enabling Both User and Policy Management Services

Starting Identity Server and Logging In

To start Identity Server on UNIX

To start Identity Server on Windows

To Log into the Identity Server Console

Adding Identity Server Object Classes to Existing Directory Entries

Before You Begin

Utilities and Scripts You Can Use

Two Approaches to Modifying the Existing DIT

Marking Organizations

Marking People Containers

Marking Organizational Units

Marking Users

Marking Static Groups

Marking Dynamic (Filtered) Groups

Marking Assignable Dynamic Groups

Marking Group Containers

Adding Custom Object Classes to Identity Server Schema

Modifying the Creation Templates

Adding Attributes to the Organization Schema

Adding Attributes to the User Schema

Loading Identity Server LDIF into Your Directory

installExisting.ldif

install.ldif

Results of Identity Server and Directory Modifications

Chapter 6   Installing Identity Server Console

Before You Begin

To Install the Identity Server Console

Chapter 7   Installing Common Domain Services

Before You Begin

To Install Common Domain Services

Chapter 8   Basic Configurations

The Cross-Domain Single Sign-On Component

Overview of CDSSO Installation

Before You Begin

To Install CDSSO

To Configure the CDSSO Component

To Configure Identity Server Web Agents to Work With the CDSSO Component

Installing Multiple Identity Server Instances Against the Same Directory Server

Support for Directory Replication and High Availability

Replication Considerations

Configuring Identity Server to Support Directory Replication

Configuring LDAP Load-Balancers to Work With Identity Server

Chapter 9   Silent Installation

About Silent Installation

Generating a StateFile on Solaris

Installing Using the Statefile

Generating a StateFile on Windows

Installing Using the Statefile

Variables in the Statefile

Chapter 10   Post-installation Tasks

Starting Identity Server Services

On Solaris

On Windows

Installing and Uninstalling Identity Server Schema from the Command Line

To Install Identity Server Schema

To Uninstall Identity Server Schema

Logging In to the Administration Console

Uninstalling Identity Server

Uninstalling Identity Server on UNIX

Uninstalling Identity Server On Windows

Appendix A   Migrating Data from DSAME 5.1 to Identity Server 6.0

Introduction

Backing up the Existing Installation

Uninstalling DSAME 5.1

On Solaris

On Windows

Configuring Directory Server for IS 6.0 Schema

Installing Identity Server 6.0 on Directory Server 5.1

Migrating Directory Server Data

Migration Tasks

Migrating Schema Changes

Migrating DSAME 5.1 Policies

Migrating Authentication Entries

Migrating Services

Updating Authentication Entries to Identity Server 6.0

Updating Identity Server Console Service Entries to 6.0

Enabling Federation Management

Updating Policies to Identity Server 6.0

Migrating Console Changes

Migrating Agents

Changes in Authentication Services

Authentication Service (Core) [amAuth.xml]

Authentication related attribute changes in User Service [amUser.xml]

Services in Identity Server 6.0

Name Changes to Attributes and Object Classes

Index

Previous      Index      Next

---

Copyright 2003 Sun Microsystems, Inc. All rights reserved.