test

Sun Java System Instant Messaging 7.2 Administration Guide

Configuring Instant Messaging to Support Access Manager-Based SSO and Policies

Two iim.conf parameters support Instant Messaging SSO.

Table 5–1 Instant Messaging Single Sign-On Parameters

Parameter 

Description 

iim_server.usesso

Determines whether or not the Instant Messaging server should depend on the SSO provider during authentication. The Access Manager Session API provides the Instant Messaging server with the ability to validate session IDs sent by the client.

Possible values include: 

0 – Do not use the SSO provider.

1 – Use the SSO provider first and default to LDAP if the SSO validation fails.

-1 – Use only the SSO provider without attempting LDAP authentication even when SSO authentication fails.

Default: 1 if you chose to leverage Access Manager for SSO when you ran the configure utility. Otherwise, the default value is 0.

iim_server.ssoprovider

Specifies the class implementing the com.sun.im.provider.SSOProvider interface. If iim_server.usesso is not equal to 0 and this option is not set, the server uses the default Access Manager-based SSO Provider that is internally defined in Instant Messaging. Typically, you will not modify this parameter.

Default: None 

ProcedureTo Enable SSO for Instant Messaging

  1. Ensure that the Access Manager SDK is installed on the same host as the Instant Messaging server.

    See Sun Java Communications Suite 5 Installation Guide for more information.

  2. Ensure that Instant Messaging services are assigned to the organization in the Access Manager console (amconsole).

    If you are using other Communications Suite server products in your deployment, such as Messaging Server, you may need to manually configure Access Manager–based services for Instant Messaging.

    See Adding Instant Messaging and Presence Services to a Sub-organization in Access Manager for Single Sign-On and Policy Management Support for instructions.

  3. Run the configure utility.

    See To Configure Instant Messaging After Installation for instructions.

  4. When prompted whether you want to use Access Manager for SSO, select yes.

  5. Set the iim.policy.module parameter to identity:

    1. Open iim.conf and find the iim.policy.module parameter.

    2. Set the parameter:


      iim.policy.module = "identity"

  6. Restart the Instant Messaging server:

    imadmin start