Sun Java logo     ĸġÓ÷      Æøòç      ×ÄÅ¿      ĶġÓ÷     

Sun logo
Sun Java[TM] System Identity Manager 7.1 ê§Ü¡ 

ÜÉ 10 Ýý
ÇøÇÀÍÌ

ÆÛÝýßÈËòÈ´ùà Identity Manager ÇøÇÀÍÌÅü×äÎûæñع¡¢ËäæÛÜØë©ÍüÚÀÆ«ÅèÚè̽ÅèâÐÄ¡ÊãÓñÉ¥ÇøÇÀÍÌÓøòòÎûÊãüõ¡¤

óôáþÅèĶÅä÷îÅèôËæØÈ´ùÃËðÆî Identity Manager ê§Ü¡Ë·ÜÓÇøÇÀÍÌÎûÊÕÇéæñع¡¤


ÇøÇÀÍÌÅü×ä

Identity Manager Æ«Ýàç´ßÈËòÅèĶÅü×äËô̶ɷÓñÉ¥ÇøÇÀÍÌÓøòò¡¨

ȺÆÀ¡¢Ë·ÜÓÑÞé¬Ä¾äÄð±Æ«×äÇâÞòÊåÓñÉ¥ÇøÇÀÍÌÓøòòÎûñ¢äÄ¡¤ËóÇñ¡¢àôÅøѥɻàÒÎÎÝàç´ößûªðÂÎû [ĸġÓ÷] Åü×äÇô̽ǿЩÝßݾç´ÎûÓ÷Óò¡¤


Óî̱ÇÑÊãçªÉ¢ÎûàôÄ«âêÑôÉ¢äÆ

ËíçßÝá¢Identity Manager ËðÆîϯƫÅè̦ȴÇÑÊãçªÉ¢ÎûàôÄ«âêÑôÉ¢äÆ¡¤ÈþÑÒ¡¢ÚÀÆ«ÅèüÈÊÕË·ÜÓØÙåôÎìǵÄã security.authn.singleLoginSessionPerApp ØÙåôúèÍÌÎûÔ«¡¢ÅèÏíÙòÊäÔ¶àôÄ«óÜÆîá£È¢ÎûÇÑÕëâêÑôÉ¢äÆí°ÆøÓî̱ҳġ¡¤æÚúèÍÌÑÒÅýÉÖÊäÔ¶àôÄ«óÜÆîá£È¢ÇØê¢ (ËóÇñ¡¢ê§Ü¡ÔÞÄõÓò¡£ËðÆîϯÄõÓòÍÐ Identity Manager IDE) ÎûÄ¡Ô¶úèÍÌÎûÎìǵ¡¤ÙòȺúèÍÌÎûÔ«üÈÊÕÒ³ true¡¢É»Æ«Ú°Ì±ÊäÔ¶ËðÆîϯÚèÆîÞÌÄ¡àôÄ«âêÑôÉ¢äÆ¡¤

ÇñΪÄØÙÚÈ硢ЬËðÆîϯƫàôÄ«ÈÝÇéÔ¶âêÑôÉ¢äÆ¡§ÈþƷȴ޲ѥÎûàôÄ«âêÑôÉ¢äÆÏñѽҳËðÆîÄãÅâÈ´Õ桤ÇñΪËðÆîϯè×àÒÕæÎûâêÑôÉ¢äÆÙÚÈçٯɢ¡¢Ð¬äÄÈÜٯݷÓã÷ââäâêÑôÉ¢äÆËäÜÜÅÏâêÑôÉ¢äÆ¡¤


Ùïî£ê§Ü¡

Identity Manager ÇãÇéÔ¶ìÒ×ÈßÈËòÙïî£ê§Ü¡¡¨


Ý×ç´È¢ë¥øý

ËðÆîÝ×ç´È¢ë¥øýÚæÄèËðÆîϯÌÏê§Ü¡ÔÞÝàç´Ä¡Ô¶ÍÐÇéÔ¶ÄâÇÑÙïî£âÐÈçÇô̽ÎûûâÓIdentity Manager Ýàç´èÒÉ¢ÅèĶÄùÕ©Ëôê§Ü¡ë¥øý¡¨

ùÃÍõàôÄ«óÜÆîá£È¢

àôÄ«óÜÆîá£È¢ÌùåøàôÄ«í¼ÜÚåúÜÚÎûâõÇÙ¡¢àôÄ«í¼ÜÚåúÜÚâÐÄ¡ÊãÌùåøËðÆîϯàôÄ« Identity Manager ÕëÍÔËðÆîÄæàôÄ«í¼ÜÚÎûâõÇÙÌÏâûÊ©¡¤ÊäÔ¶àôÄ«óÜÆîá£È¢ÉáÅýÑÄÄ¡ÍÐÇéÔ¶àôÄ«í¼ÜÚåúÜÚ¡¤

àôÄ«Õë¡¢àôÄ«óÜÆîá£È¢äÄóôÑçàôÄ«í¼ÜÚåúÜÚâõ¡¤ÇñΪƷÝÃÌùÄ¡Ô¶àôÄ«í¼ÜÚåúÜÚ¡¢Ð¬äÄËðÆîæÚåúÜÚ¡¢ÅâÆÆÍÔÅýÉÖÎûàôÄ«í¼ÜÚäÄÅèåúÜÚÌùåøÎûâûʩݨܡ¡¤ÇñΪàôÄ«óÜÆîá£È¢ÄãÅýÉÖÇéÔ¶ÄØÌùåøÎûàôÄ«í¼ÜÚåúÜÚ¡¢Ð¬ Identity Manager äÄóôÑçÔïÆîÈÝÊäÔ¶àôÄ«í¼ÜÚåúÜÚÎûàôÄ«Óî̱ݽЬ¡¢ÅèíýÌùÓÑݨܡÔáÔ¶åúÜÚ¡¤

àôÄ«Óî̱ݽЬ

àôÄ«Óî̱ݽЬäÄÔïÆîÈÝÇãàôÄ«óÜÆîá£È¢ÄãÌùåøÎûàôÄ«í¼ÜÚåúÜÚ¡¤è×ÍõÊäÄ¡Ô¶ÇãàôÄ«óÜÆîá£È¢ÄãàôÄ«Îûí¼ÜÚåúÜÚ¡¢Æ·È´Ä¡Ô¶åúÜÚÑÒàÒÎÎüéàôÄ«Óî̱ݽЬÔïÆîÎû¡¤

Identity Manager äÄâ£ÈõÜÉÄ¡Ô¶àôÄ«í¼ÜÚåúÜÚÎûÓî̱ݽЬ¡¢ÅèÊîÌùÓÑݨܡġԶâõÇÙÄãÎûÔáÄ¡Ô¶àôÄ«í¼ÜÚåúÜÚ¡¤ÇñΪȩÅü¡¢Ð¬äÄݨܡæÚàôÄ«í¼ÜÚåúÜÚ¡¤ÇñΪÆÂÚõ¡¢Ð¬ÆÆäÄïÇÑüâ£ÈõÊäÔ¶àôÄ«í¼ÜÚåúÜÚ¡¢Îþ̯ÑÜÔ¶Óî̱ݽЬȩÅüÍÐÑÒÄØåîâ£ÈõàõÜ¢ÑÜÔ¶ÄâÅýÉÖÓî̱ݽЬÎûàôÄ«í¼ÜÚåúÜÚ (ËäÇãòñÑ¥ËðÆî)¡¤


Þ¬â¡

ÇñΪàôÄ«óÜÆîá£È¢ÅýÉÖÇéÔ¶àôÄ«í¼ÜÚåúÜÚ¡¢Ð¬ÊôÈ´àôÄ«Óî̱ݽЬÎûàôÄ«í¼ÜÚåúÜÚóÜÍóÇãí¼ÜÚâõÎû޲ѥġԶÈíåô¡¤


àôÄ«Óî̱ݽЬî¯Ëó

ÇãĶÇÄÙ×ÍõÈíåôÎûàôÄ«Óî̱ݽЬî¯ËóÄ㡢ݽЬäÄÚ·íºó¤Äã̽ڵîùÊåá£È¢Îû IP ÈíÉß¡¢àÓÑ¥óôÑçÆÆÑÒÉÁÈíÍõ 192.168 ê½æûĸ¡¤ÇñΪÇã IP ÈíÉßÄãÊÆ̯ 192.168.¡¢Ð¬Ý½Ð¬Ùòã®Çß true Ô«¡¢ËäÅâäÄòÙ̽ȺàôÄ«í¼ÜÚåúÜÚ¡¤

á£È¢î£î¯Ëó 10-1 Ù×ÍõÈíåôÎûàôÄ«Óî̱ݽЬ

 

<Rule authType='LoginConstraintRule' name='Sample On Local Network'>

  <match>

    <ref>remoteAddr</ref>

    <s>192.168.</s>

  </match>

  <MemberObjectGroups>

    <ObjectRef type='ObjectGroup' name='All'/>

  </MemberObjectGroups>

</Rule>

 

î¾òÒàôÄ«óÜÆîá£È¢

Ú·Åü×äÏÐÇÄÄãòÙ̽ [Configure]¡¢àÓÑ¥òÙ̽ [Login] ÅèÇô̽ [Login] Ó÷Óò¡¤

àôÄ«óÜÆîá£È¢ÛÒÞÌüÏÆü¡¨

Ú· [Login] Ó÷ÓòÄã¡¢ÚÀÆ«Å表

Ó¼ÓÑî¾òÒÑÜàôÄ«óÜÆîá£È¢¡¢îùÚ·ÛÒÞÌÄãòÙ̽æÚóÜÆîá£È¢¡¤

ÝÃÌù Identity Manager âêÑôÉ¢äÆÓî̱

Çã [Modify Login Application] Ó÷ÓòÄã¡¢ÚÀÆ«ÅèÒ³ÊäÔ¶ Identity Manager àôÄ«âêÑôÉ¢äÆÝÃÌùç·ÕëÔ« (Óî̱)¡¤òÙ̽ÄÑÕ롣šúÌÌÏÒðÄæÑ¥¡¢ÇÂѺġĶ [óÃÇô]¡¤ÚÀÐúÇ¡ÎûÓî̱äÄüÏÆüÇãàôÄ«óÜÆîá£È¢ÛÒÞÌÄ㡤

ÚÀÆ«ÅèÝÃÌùÊäÔ¶ Identity Manager àôÄ«óÜÆîá£È¢ÎûâêÑôÉ¢äÆç·Õ롤åµËðÆîϯàôÄ« Identity Manager óÜÆîá£È¢Õ롢ɻäÄËðÆîÆøЩØÙåôÎûâêÑôÉ¢äÆç·ÕëÔ«¡¢ÓÓê«ËðÆîϯâêÑôÉ¢äÆÇÞÆÜٯɢÈÔÙòÇãÆÜËôÔáÔ¶ÅÊßæêØÕëâæç·Õ롤ÚÙáá¡¢ÓÓê«ÅøËôÎûÅÊßæäÄóÃÇôÇãËðÆîϯÎû Identity Manager âêÑôÉ¢äÆÄã¡¢ÅèÏíÇãÊäȹßÈÅøîùÊåÕëÆ«ËòóôÑ硤

Ó¼àôÄ«ê§Ü¡ÔÞüÈÊÕħàôÄ«óÜÆîá£È¢âêÑôÉ¢äÆç·ÕëÔ«¡¢Ð¬æÚÔ«è×ÆÜËôÍÔÈ´ÎûàôÄ«É¢äÆÝçÙòÈ´Õ桤ܢȴâêÑôÉ¢äÆÎûç·ÕëÔ«Ùò̽ÊîÍõËðÆîϯàôÄ«ÕëÎûÈ´ÕæÔ«¡¤

ØÜè× http ç·ÕëÍÔÝÃÌùÎûÔ«è×ÍÔÈ´ Identity Manager óÜÆîá£È¢ÒÕÈ´ìàûÀ¡¢ËäóÀÇ¿ÍõàôÄ«óÜÆîá£È¢âêÑôÉ¢äÆç·ÕëÔ«¡¤

ØôÆîè×óÜÆîá£È¢ÎûÇô̽

Çã [Create Login Application] ÌÏ [Modify Login Application] Ó÷ÓòÄã¡¢ÚÀÆ«ÅèòÙ̽ [Disable] òÙâúÅèØôÆîàôÄ«óÜÆîá£È¢¡¢Ú·ÈÔÏàÅÏËðÆîϯàôÄ«¡¤ÇñΪËðÆîϯè©æÜàôÄ«ÄØØôÆîÎûóÜÆîá£È¢¡¢Ð¬æÚÄõÓòäÄÙò̧Óìä»ðÒÇ×ÈÝßåÅîÓ÷Óò¡¢ÅèÑÀÆüæÚóÜÆîá£È¢ÆøЩÄØØôÆÚÀÆ«ÅèÝàç´î¾òÒÈÜÓÔÆøòçËôî¾òÒüÏÆüÇãȺÓ÷ÓòĸÎûعÕÉ¡¤

ÇãÚÀּ̽òÙ̽æÚòÙâúÄæЩ¡¢àôÄ«óÜÆîá£È¢ÙòÏñѽØôÆîÎíè衤ҳÇøÇÀØÄËÄ¡¢ÚÀàÒÎÎØôÆîê§Ü¡ÔÞàôÄ«¡¤

î¾òÒàôÄ«í¼ÜÚåúÜÚ

àôÄ«í¼ÜÚåúÜÚÛÒÞÌüÏÆü¡¨

Çã [Login Module Groups] Ó÷ÓòÄã¡¢ÚÀÆ«ÅèÐúÇ¡¡£î¾òÒÌÏÉ´ØæàôÄ«í¼ÜÚåúÜÚ¡¤Ú·ÛÒÞÌÄãòÙ̧̽ÄãÄ¡Ô¶àôÄ«í¼ÜÚåúÜÚÅèâÐÈçî¾òÒ¡¤

î¾òÒàôÄ«í¼ÜÚ

ÇñĶòÓÄ«àôÄ«í¼ÜÚÎûæÛÜØæñعÍÐâÐÈçòÙ̽¡¤(ÄâÑÒÍÔÈ´òÙâúÝçÆ«ÆîÍõÊäÔ¶àôÄ«í¼ÜÚ¡¤)

ѺġĶ [Save] ÅèóÃÇôàôÄ«í¼ÜÚ¡¤Ä¡ÆÙóÃÇôÄæÑ¥¡¢ÚÀÆ«ÅèÙòí¼ÜÚÍóåôÇãàôÄ«í¼ÜÚåúÜÚÄã̧ÅìÍÔÈ´í¼ÜÚÍÔÇãÎûÈíåô¡¤


ÎÃãô

ÇñΪÙò Identity Manager àôÄ«ØÙåôҳƫÝàç´ë¥øýàôÄ«ÇéԶ˷ÜÓ¡¢Ð¬Ò³ Identity Manager ë¥øýÆøíºÎûÍÔÈ´Ë·ÜÓĸ¡¢Ú¨æÀÎûËðÆîϯ ID ÌÏÙïî£ÒÕëæÒÞÇÑ¡¤


ÇñΪËðÆîϯ ID ÌÏÙïî£ÎûÜÚÇÙÄâÇÑ¡¢Ð¬ÇñΪàôÄ«Ë·ÜÓÕëÎûËðÆîϯ ID ÌÏÙïî£êØ Identity Manager [User Login] ÏÐÞÌÄãÍÔòÓīϯÄâÒÞÜÊ¡¢àôÄ«ÙòäÄÆÂÚõ¡¤ÝÕËèË·ÜÓÄãÈ´Ä¡ËèÆ«×äÈ´÷ÕÌùá¬Ü©¡¢åµÆÂÚõÎûàôÄ«è©æÜâ¾ç´ÑÀÌùȹí°Ñ¥¡¢ÏíäÄڰ̱÷ÕÌùÚ¨æÀ¡§è×ÝÕËèË·ÜÓÈÔËÆ¡¢É»ËðËðÆîϯÄóÆ«Ýàç´ Identity Manager È©ÅüàôÄ«¡¢ËðÆîϯڨæÀ޲ѥõäÑÒäÄÝ·÷ÕÌù¡¤


ØÙåôÇÁÆîæñäãÎûë¥øý

ÇñΪÚÀÈ´ÇéÔ¶ÇãèÒüÕÍÐüÊòÒĸÒÞÇÑÎûæñäã (ËóÇñØÜè×ÒÞÇÑèÒüÕÅäñ¢ÌùåøÎûÌ¥Ô¶æñäã¡¢ÍÐÅîÏÐ NT ÍÐ AD ê½ÙÑô¿èºÄãÏêǶÎûê½ÙÑÈùΤðÂÎûí°Ô¶æñäã)¡¢Ð¬ÚÀÆ«ÅèÇãË·ÜÓØÙåôÎìǵÄãÙòæÚÜÚæñäãÝÃÒ³ÇÁÆîæñä㡤

ÙòæñäãÝÃÒ³ÇÁÆîÄæÑ¥¡¢ÚÀÆ«üéËðÆîϯë¥øýâÐī̧ÄãÄ¡Ô¶ÇÁÆîæñäã¡¢ÈþËðÆîƶġԶÇÁÆîæñäãÙòËðÆîϯè×ÑÐÈÝ̧ùÃôúÎû Identity Manager ËðÆîϯ¡¤ËóÇñ¡¢ËðÆîϯƫÅèÙò̧æñäãÚ¨æÀÝÙá¸ÈÝÅìÎûæñäã AD-1 Îû Identity Manager ËðÆîϯ¡¤Ž¢ÇÙÄ«í¼ÜÚÆ«×ääÄÌùåøËðÆîϯÆÒâüë¥øýâÐÄ«æñäã AD-2¡¤ÇñΪ AD-1 ů AD-2 ÒÕÌùåøÒ³ÇÁÆîæñäã (ÇãȺÚÅÎÓĶ¡¢ÆÆÔ¯ÑÒÇãÒÞÇÑÎûÌ¿ÏêǶê½ÙÑÄã)¡¢Ð¬åµËðÆîϯâûɳë¥øýâÐÄ« AD-2 Ñ¥¡¢Identity Manager Æ«Åèè×ÑÐ̯ÒÞùÃôúÎû Identity Manager ËðÆîϯ¡¢ÅÉÎÎÑÒÇãæñäã AD-1 ĸÞòÊÆ̦ȴÒÞÇÑ accountId ÎûËðÆîϯ¡¤

ÆîËôÑÀÌùȺ˷ÜÓØÙåôÎìǵúèÍÌÎû֪ȢÇñÅèĶî¯ËóÄãÍÔÆü¡¨

á£È¢î£î¯Ëó 10-2 ØÙåôÇÁÆîæñäãÎûë¥øý

 

<Attribute name=’common resources’>

    <Attribute name=’Common Resource Group Name’>

        <List>

            <String>Common Resource Name</String>

            <String>Common Resource Name</String>

        </List

    </Attribute>

</Attribute>

 


ØÙåô X509 ðÕøýë¥øý

ËðÆîĶÇÄæñعÌÏá£Ê©ØÙåô Identity Manager Îû X509 ðÕøýë¥øý¡¤

ÆÒÓÑ۾ǵ

Ó¼ÓÑÇã Identity Manager ÄãÅÅßÎÙ×Íõ X509 ðÕøýÎûë¥øý¡¢îùíýÌùÄØÆßíýØÙåô÷äÇ× (ÆîÅÂê¦êØÈùΤðÂ) SSL ë¥øý¡¤Ú·ÆîÅÂê¦ÎûËÅÐù¡¢ÝÕÏÐÆüÜÊÇÙ X509 ݽî¯ÎûËðÆîϯðÕøýóÜÄØã¾Ä«ößûªðÂÄã (ÍÐÆ«Ýàç´ßáìäƦûô̽ðÂËðÆî)¡¢ÈÔÆîÍõøÜå÷ËðÆîϯðÕøýÎûÆ«ÏêǶðÕøýóÜÄØã¾Ä« Web óÜÆîá£È¢ÈùΤðÂÎûÆ«ÏêǶðÕøýÏÚý¬ÇôÍóÙ´Ä㡤

ȺÆÀ¡¢ÆÒâüòÙ̽ÍÔËðÆîÎûÆîÅÂê¦ðÕøýËôâÐÈçÆîÅÂê¦ë¥øý¡¤Ó¼ÓÑíýë¥ÝÕԶٯɢ¡¨

  1. ËðÆî Internet Explorer¡¢òÙ̽ [ÄÖ̦]¡¢àÓÑ¥òÙ̽ [ê½ëãê½æûòÙâú]¡¤
  2. òÙ̽ [ÄùÕ©] íºü¾¡¤
  3. Çã [ðÕøý] Ù´ÙÑÄ㡢ѺġĶ [ðÕøý]¡¤
  4. òÙ̽ÆîÅÂê¦ðÕøý¡¢àÓѥѺġĶ [âÐâê]¡¤
  5. Çã [ðÕøýÆøÎû] Ù´ÙÑÄã¡¢íýë¥òÙ̽ [ÆîÅÂê¦ë¥øý] òÙâú¡¤

ØÙåô Identity Manager Äã X509 ðÕøýë¥øý

Ò³ X509 ðÕøýë¥øýØÙåô Identity Manager¡¨

  1. Åè [Configurator] ÎûËÎǹ (ÍÐ̦ÇÑá«ûâÓîÎûËÎǹ) àôÄ« [Administrator Interface]¡¤
  2. òÙ̽ [Configure]¡¢àÓÑ¥òÙ̽ [Login]¡¢ÅèüÏÆü [Login] Ó÷Óò¡¤
  3. ѺġĶ [Manage Login Module Groups]¡¢ÅèüÏÆü [Login Module Groups] Ó÷Óò¡¤
  4. ÇãÛÒÞÌÄãòÙ̽àôÄ«í¼ÜÚåúÜÚ¡¤
  5. Çã [Assign Login Module...] ÛÒÞÌÄã¡¢òÙ̽ [Identity Manager X509 Certificate Login Module]¡¤Identity Manager äÄüÏÆü [Modify Login Module] Ó÷Óò¡¤
  6. ÝÃÌùàôÄ«È©ÅüëæÊ塤ƫÚÙÌ¿ÎûÔ«ÇñĶ¡¨
    • ÆÒÓÑ - ȺàôÄ«í¼ÜÚҳȩÅüë¥øýÎûÆÒÓÑí¼ÜÚ¡¤àÒï¢ë¥øýÑÒÈ©ÅüÍÐÆÂÚõ¡¢ë¥øýá£Ê©ÝçäÄâÐÈçÛÒÞÌÄãÎûĶġԶàôÄ«í¼ÜÚ¡¤ÇñΪã¯È´Ä¡Ô¶àôÄ«í¼ÜÚ¡¢Ð¬ê§Ü¡ÔÞÆ«È©ÅüàôÄ«¡¤
    • ÆÒëæ - ȺàôÄ«í¼ÜÚҳȩÅüë¥øýÎûÆÒÓÑí¼ÜÚ¡¤ÇñΪë¥øýÈ©Åü¡¢Ð¬ë¥øýá£Ê©äÄâÐÈçÛÒÞÌÄãÎûĶġԶàôÄ«í¼ÜÚ¡¤ÇñΪÆÂÚõ¡¢Ð¬ë¥øýÙòÄâäÄú«úýâÐÈ硤
    • ËÍÙÜ - ȺàôÄ«í¼ÜÚÄâÑÒÈ©Åüë¥øýÎûÆÒÓÑí¼ÜÚ¡¤ÇñΪë¥øýÈ©Åü¡¢Ð¬ë¥øýá£Ê©ËäÄâäÄú«úýâÐÈçĶġԶàôÄ«í¼ÜÚ¡¢Èþê§Ü¡ÔÞÆ«È©ÅüàôÄ«¡¤ÇñΪë¥øýÆÂÚõ¡¢Ð¬ë¥øýäÄú«úýâÐÈçÛÒÞÌĸÎûĶġԶàôÄ«í¼ÜÚ¡¤
    • òÙðåÍÌ - ȺàôÄ«í¼ÜÚÄâÑÒÈ©Åüë¥øýÎûÆÒÓÑí¼ÜÚ¡¤àÒï¢ë¥øýÑÒÈ©ÅüÍÐÆÂÚõ¡¢ë¥øýá£Ê©ÝçäÄú«úýÛÒÞÌÄãÎûĶġԶàôÄ«í¼ÜÚ¡¤
  7. òÙ̽àôÄ«ÒÞÄëùÃôúݽЬ¡¤ÈºÝ½Ð¬Æ«ÅèÑÒÄùÐúÎûݽЬÍÐÈÜÓÔÒÞÄëùÃôúݽЬ¡¤(îùÙ¶ïåĶåçô½ÚµÈ´ùÃÐúÇ¡ÈÜÓÔÒÞÄëùÃôúݽЬÎûæñع)¡¤
  8. ѺġĶ [Save] ÏÓÇß [Modify Login Module Group] Ó÷Óò¡¤
  9. ÍÐϯ¡¢Óìä»ÇøÚêàôÄ«í¼ÜÚÎûâûÊ© (ÇñΪàôÄ«í¼ÜÚåúÜÚÄãÄØÑÀÌùÇéÔ¶àôÄ«í¼ÜÚ)¡¢àÓѥѺġĶ [Save]¡¤
  10. ÇñΪÌþÆÜÑÀÌù¡¢Ð¬ÙòàôÄ«í¼ÜÚåúÜÚÑÀÌùá¿àôÄ«óÜÆîá£È¢¡¤Çã [Login Module Groups] Ó÷Óòĸ¡¢ÑºÄ¡Ä¶ [Return to Login Applications]¡¢ÇÂòÙ̽àôÄ«óÜÆîá£È¢¡¤ÙòàôÄ«í¼ÜÚåúÜÚÑÀÌùá¿óÜÆîá£È¢Ñ¥¡¢ÑºÄ¡Ä¶ [Save]¡¤

  11. Þ¬â¡

    ÇñΪÙò waveset.properties óòÕùÄãÎû allowLoginWithNoPreexistingUser òÙâúÝÃÌùÒ³ true Ô«¡¢Ð¬åµØÙåô Identity Manager X509 ðÕøýàôÄ«í¼ÜÚÕ롢˷ÜÓäÄßÈÆüÚÀòÙ̽ [New User Name Rule]¡¤ÈºÝ½Ð¬ÆîÍõíýÌùÇñÈôÌÔÇØÒÞùÃÎûàôÄ«ÒÞÄëùÃôúݽЬÊÆÄâ̯ËðÆîϯÕëÐúÇ¡Îûä»ËðÆîϯ¡¤ [New User Name Rule] Æ«ÆîÎûòÓÄ«Å¿í°êØ [Login Correlation Rule] ÒÞÇÑ¡¤ÆÆäÄã®ÇßÞÌÄ¡ÇóÈ롢ȺÇóÈëäÄÈ©Ò³ÆîÍõÐúÇ¡ä» Identity Manager ËðÆîϯڨæÀÎûËðÆîϯÇØꢡ¤ Çã idm/sample/rules ÄãÈ´ä»ËðÆîϯÇØê¢Ý½Ð¬Îûî¯Ëó¡¢ÇØÒ³ NewUserNameRules.xml¡¤


ÐúÇ¡Ëäã¾Ä«àôÄ«ØÙåôݽЬ

Identity Manager X509 ðÕøýàôÄ«í¼ÜÚäÄËðÆîàôÄ«ÒÞÄëùÃôúݽЬËôíýÌùÇñÈôÙòðÕøýæñÕèè×ÑÐÈÝïËåµÎû Identity Manager ËðÆîϯ¡¤Identity Manager ÅýÑÄÄ¡Ô¶ÄùÐúÒÞÄëùÃôúݽЬ¡¢ÇØÒ³ Correlate via X509 Certificate subjectDN¡¤

ÚÀľƫÅèìÁÅûÚÀÈÜÄ×ÎûùÃôúݽЬ¡¤ÊäÄ¡Ô¶ÒÞÄëùÃôúݽЬÆÒâüò×ÇöÝÕËèÑÀðÒÔÏЬ¡¨

ã®ëÄÈÝàôÄ«ØÙåôݽЬÎûÅ¿í°È´¡¨

ã®ëÄÈÝàôÄ«ÒÞÄëùÃôúݽЬÎûðÕøýÅ¿í°ÎûÌÔÇØèëËó¡¨

cert.field name.subfield name

ÅèĶҳݽЬƫÅèËðÆîÎûÅ¿í°ÇØê¢î¯Ëó¡¨

àôÄ«ØÙåôݽЬ (ËðÆîã®Ä«Å¿í°) äÄã®ÇßÄ¡ÍÐÇéÔ¶ AttributeConditions ÎûÛÒÞÌ¡¤[Identity Manager X509 Certificate Login Module] äÄËðÆîÝÕËèÛÒÞÌÊÆ̯ÒÞùÃÎû Identity Manager ËðÆîϯ¡¤

Çã idm/sample/rules ÄãÅýÉÖàôÄ«ÒÞÄëùÃôúݽЬÎûî¯Ëó¡¢ÇØÒ³ LoginCorrelationRules.xml¡¤

ÐúÇ¡ÈÜÓÔÒÞÄëùÃôúݽЬѥ¡¢ÚÀÆÒâüÙòÆÆã¾Ä« Identity Manager¡¤Ú· [Administrator Interface] ÄãòÙ̽ [Configure]¡¢àÓÑ¥òÙ̽ [Import Exchange File]¡¢ÅèËðÆîóòÕùã¾Ä«Åü×䡤

àÁæÜ SSL ÝÙîÀ

Ó¼ÓÑàÁæÜ SSL ÝÙîÀ¡¢îùÝàç´ SSL ÝÙîÀ̯ÄØØÙåôÎûóÜÆîá£È¢ÄõÓòÄæ URL (ËóÇñ https//idm007:7002/idm/user/login.jsp)¡¤ÚÀäÄÝ·ÉËÏ¡ÚÀÙòâÐÄ«ÇøÇÀÎûê½×»¡¢ËäßÈÆüÚÀÑÀÌùÓÑã®ØÊá¿ Web ÈùΤðÂÎûԶĩðÕøý¡¤

â¬öËÙÂ÷î

Ýàç´ X509 ðÕøýÈÔàõÆíÎûë¥øýÙÂ÷îäÄÇãàôÄ«ÏÐÞÌĸÅèòãë¨Ø¹ÕÉÎûÊ°È¢ÞÞÉË¡¤ÇñëæÉùðìÎûâ¬öË¡¢îùÇã Identity Manager ÈùΤðÂĸè×ÍõÅèĶùËɱÌÏìÒ×ÈâÐÈçØÑ÷Ç¡¨

ÇñΪÆîÅÂê¦ðÕøýúèÍÌÇã http îùÊåÄãÎûÇØê¢ÄâÑÒ javaxservlet.request.X509Certificate ¡¢ÚÀäÄȭ̯ġԶعÕÉÏÐÆüÇã http îùÊåÄãÊÆÄâ̯ȺúèÍÌ¡¤Ó¼ÓÑÊÕÆßÝÕÔ¶ÙÂ÷

  1. ÚöÆî SessionFactory ØÑ÷Ç¡¢ÅèÑçÒà http úèÍÌÎûÉùðìÛÒÞÌ¡¢ËäíýÌù X509 ðÕøýÎûÇØꢡ¤
  2. ËðÆî Identity Manager ØæòãÝÃÞ¬Ëôî¾òÒ LoginConfig Îìǵ¡¤
  3. Ùò Identity Manager X509 ðÕøýàôÄ«í¼ÜÚÄæ <LoginConfigEntry> ÄãÎû <AuthnProperty> ÎûÇØê¢üÈÊÕÒ³ÆßíýÇØꢡ¤
  4. óÃÇô¡¢àÓÑ¥ÓìæÜ¡¤

ÚÀÆ«×äõäëæÓÑÇ¿ÜÃØæ¡¢àÓÑ¥ÇÂÓìä»ìÁÅûàôÄ«óÜÆîá£È¢ÄãÎû Identity Manager X509 ðÕøýàôÄ«í¼ÜÚ¡¤


ÅûÙïËðÆîÌÏê§Ü¡

ÅûÙïÆîÍõíýÏñØ´ðÙüÕÌÏóÃÇôÕ»ÄãÈùΤðÂæñÕèÅèůÇãÈùΤðÂÌÏçÐç¬Äæâæã®òÓÎûÍÔÈ´æñÕèÎûñ¢ÙïÍÌÌÏÉùðìÍÌ¡¤

ÅèĶÇÖåçßÈËòħȴùÃÇñÈôÇã Identity Manager ÈùΤðÂÌÏçÐç¬ÄãËðÆîÌÏê§Ü¡ÅûÙïÎûÊÕÇéæñع¡¢ËäúÏÓÝħȴùÃÈùΤðÂÌÏçÐç¬ÅûÙïÏÚý¬ÎûÙÂ÷

Ì¿ÅûÙïÏñû¬ÎûæñÕè

ĶÏÐüÏÆüħÇã Identity Manager ܨÐÂÄãÌ¿ÅûÙïÏñû¬ÎûæñÕèùËÐΡ¢ÅýÑÄÆîÍõÏñû¬Êäê¡ùËÐÎæñÕèÎûÙï¤

ÏР10-1 Ì¿ÅûÙïÏñû¬ÎûæñÕèùËÐÎ  

æñÕèùËÐÎ

RSA MD5

NIST Triple DES 168 ÈíÄ÷ÏÚý¬ (DESede/ECB/NoPadding)

PKCS#5 Ù×ÍõÙïî£ÎûÅûÙï 56 ÈíÄ÷ÏÚý¬ (PBEwithMD5andDES)

ÈùΤðÂÅûÙïÏÚý¬

 

çßÝÃ

ØÙåôòÙâú1

çÐç¬ÅûÙïÏÚý¬

 

çßÝÃ

ØÙåôòÙâú 1

á¬Ü©Çǫ́Çóâ¤

ÑÒ

 

 

ËðÆîϯÙïî£

 

ÑÒ

 

ËðÆîϯÙïî£ñ¥á£Ø´òç

 

ÑÒ

 

ËðÆîϯÇß÷»

 

ÑÒ

 

æñäãÙïî£

 

ÑÒ

 

æñäãÙïî£ñ¥á£Ø´òç

ÑÒ

 

 

ÈùΤðÂÌÏçÐç¬ÄæâæÎûÍÔÈ´È´ÕæÓ×ç¥

 

ÑÒ

 

1Ýàç´Ë·ÜÓØÙåôÎìǵÎû pbeEncrypt úèÍÌÍÐ[Manage Server Encryption] É¢äÆâÐÈçØÙåô¡¤

ÈùΤðÂÅûÙïÏÚý¬ÙÂ÷îêØÇß÷»

îùïåûôÅèĶÇÖåç¡¢Åè̽ڵȴùÃÈùΤðÂÅûÙïÏÚý¬Ëôäã¡£Èíåô¡£êÄû¬ÌÏËðÆîÎûÚ¦ËÄÙÂ÷îÎûÇß÷»¡¤

ÈùΤðÂÅûÙïÏÚý¬ËôÈÜÈôݨ¡©

ÈùΤðÂÅûÙïÏÚý¬ÑÒè×ê¢Îû triple-DES 168 ÈíÄ÷ÏÚý¬¡¤ÈùΤðÂÅÅßÎÌ¥ê¡ùËÐÎÎûÏÚý¬¡¨

ÇãÈôݨêÄû¬ÈùΤðÂÅûÙïÏÚý¬¡©

ÈùΤðÂÅûÙïÏÚý¬ÑÒÇãóÃÇôÕ»ÄãêÄû¬ÎûÎìǵ¡¤ÇãǶÈôá¿ÌùóÃÇôÕ»ÄãÝçäÄÈ´ÝÂÇéæñÕèÅûÙïÏÚý¬¡¤

ÈùΤðÂÇñÈôÏ¡ç¬ËðÆîÔáÔ¶ÏÚý¬è×ÄØÅûÙïæñÕèâÐÈçæØÙïÌÏÓìä»ÅûÙï¡©

óÃÇôÇãóÃÇôÕ»ÄãÎûÊäġǹÅûÙïæñÕèÝçÅèÈùΤðÂÅûÙïÏÚý¬ (ÆîÍõÅûÙïæÚæñÕè) Îû ID Щ¡¤ÙòÅýÉÖÅûÙïæñÕèÎûÎìǵûôÄ«Ø´ðÙüÕÑ¥¡¢Identity Manager äÄËðÆîêØÅûÙïæñÕèÎû ID Щê¼ùÃôúÎûÈùΤðÂÅûÙïÏÚý¬âÐÈçæØÙï¡¢àÓÑ¥ËðÆîÒÞÇÑÎûÏÚý¬Óìä»ÅûÙï (ÇñΪæñÕèÄØüÈÊÕ)¡¤

ÇñÈôÊÕä»ÈùΤðÂÅûÙïÏÚý¬¡©

Identity Manager ßÈËòħÇØÒ³¡Öê§Ü¡ÈùΤðÂÅûÙï¡×ÎûÉ¢äÆ¡¤ÈºÉ¢äÆÄøÝÂåîÚæûâÎûÇøÇÀê§Ü¡ÔÞÙÚÈçÇéâúÏÚý¬ê§Ü¡É¢äÆ¡¢ÅýÑÄ¡¨

îùÙ¶ïåÆÛÝýÄãÎû¡Öê§Ü¡ÈùΤðÂÅûÙï¡×¡¢Åè̽ڵȴùÃÇñÈôËðÆîȺɢäÆÎûÊÕÇéæñع¡¤

ÇñΪüÈÊÕ¡ÖÆøЩ¡×ÈùΤðÂÏÚý¬¡¢äÄè×ܢȴÅûÙïæñÕèÝßÈ©ÄïëûìàûÀ¡©

ÊôÈ´ìàûÀ¡¤ÄóÙòËðÆîÅûÙïæñÕèÎû ID Щê¼Ù¶äùÎûÏÚý¬è×ܢȴÅûÙïæñÕèâÐÈçæØÙïÍÐÓìä»ÅûÙÇñΪܨÆíä»ÎûÈùΤðÂÅûÙïÏÚý¬ËäÝÃÌùÒ³¡ÖÆøЩ¡×ÏÚý¬¡¢Ð¬Ç¶ÈôÓÑÅûÙïÎûä»æñÕèÝçÙòËðÆîæÚÈùΤðÂÏÚý¬¡¤

Ò³õâÉ­àõÆíÇéÏÚý¬ÙÂ÷îÅèůҳêÄû¬ÊÕØíìÒ×ÈÎûæñÕèÉùðìÍÌ¡¢îùËðÆî [ê§Ü¡ÈùΤðÂÅûÙï] É¢äÆè×ÍÔȴ̦ȴ¡ÖÆøЩ¡×ÈùΤðÂÅûÙïÏÚý¬ÎûܢȴÅûÙïæñÕèÓìä»ÅûÙ

åµÚÀã¾Ä«ÎûÅûÙïæñÕèÊôÈ´ÅûÙïÏÚý¬Æ«ÆîÕë¡¢äÄàõÆíÄïëûÎíÎÓ¡©

Ó¼ÚÀÙòÉÖÈ´ÅûÙïæñÕèÎûÎìǵã¾Ä«ÈÝóÃÇôÕ»¡¢ÈþÅûÙïæÚæñÕèÕëÍÔËðÆîÎûÏÚý¬ËäÄâÇãȺóÃÇôÕ»Ä㡢ЬæñÕèÄóÆ«ã¾Ä«¡¢ÈþàÒÎÎâÐÈçæØÙ

ÇñÈôÏñû¬ÈùΤðÂÏÚý¬¡©

ÇñΪÈùΤðÂÆÜØÙåôÒ³ËðÆîÙïî£ÅûÙï (PBE) - PKCS#5 ÅûÙï (Ýàç´ pbeEncrypt úèÍÌÍÐ [Manage Server Encryption] É¢äÆÇãË·ÜÓØÙåôÎìǵÄãÝÃÌù)¡¢Ð¬ËðÆîçßÝÃÏÚý¬ÅûÙïÈùΤðÂÏÚý¬¡¤è×ÍõÇøæÒÎûÍÔÈ´ Identity Manager¡¢çßÝÃÏÚý¬ÝçÑÒÒÞÇÑÎû¡¤

ÇñΪÈùΤðÂØÙåôÒ³ËðÆî PBE ÅûÙЬÊäȹÚöÙ¯ÈùΤðÂÕëÝçäÄܨÆíÄ¡Ô¶ PBE ÏÚý¬¡¤Ýàç´ßÈËòÄ¡Ô¶Ùïî£ (Ú·ÈùΤðÂÖÖÌùÎû׸ÙïܨÆí) ØøÒ³ PBEwithMD5andDES Ùïî£ËôܨÆí PBE ÏÚý¬¡¤PBE ÏÚý¬ã¯ÇãØ´ðÙüÕÄãêÄû¬¡¢ËäÅâÚ·Äâ̦ȴÆãļÍÌ¡¤Æ¶ÆÀ¡¢PBE ÏÚý¬è×ÍõÇÁÆîÄ¡Ô¶ÇÁÇÑóÃÇôÕ»ÎûÍÔÈ´ÈùΤðÂÝçÑÒÒÞÇÑÎû¡¤

Ó¼ÓÑÚöÆîÈùΤðÂÏÚý¬Îû PBE ÅûÙï¡¢Ùïî£ PBEwithMD5andDES ÆÒâüÆ«ÆËíçßÝá¢Identity Manager ÄâÅýÉÖȺÙï¢ÈþȺÙïî£ÚèÆî PKCS#5 íºäí¡¢ÝÂÇé JCE ßÈËòϯèÒÉ¢ (ËóÇñ Sun ÌÏ IBM ßÈËòÎûèÒÉ¢) ÄãÝçßÈËòħæÚíºäí¡¤

ʼƫÅèã¾ÅøÈùΤðÂÏÚý¬ÅèÇøÇÀÇâóÃÇôÇãÆÀÝåãá©

Æ«Å衤ÇñΪÈùΤðÂÏÚý¬ÑÒ PBE ÅûÙïÎû¡¢Ð¬Çãã¾ÅøÄæЩ¡¢ÙòËðÆîçßÝÃÏÚý¬è×̧âÐÈçæØÙïÌÏÓìä»ÅûÙÝÕËðÚµÆÆԯƫÅèñÁÇ¡ÍõÆÛñ¢ÈùΤð PBE ÏÚý¬ÈÔÝ·á¡Ñ¥ã¾Ä«ÒÞÇÑÍÐ̧ÅìÈùΤðÂÄ㡤ÇñΪËðÆîçßÝÃÏÚý¬ÅûÙïÈùΤðÂÏÚý¬¡¢Ð¬Çãã¾ÅøÄæЩÄâëæÓÑǶÈôçßǿݨܡ¡¤

ÙòÏÚý¬ã¾Ä«ÈùΤðÂÑ¥¡¢ÇñΪæÚÈùΤðÂØÙåôÒ³ËðÆî PBE ÏÚý¬¡¢Ð¬ÙòæØÙïÝÕËèÏÚý¬¡¤àÓÑ¥¡¢ÇñΪæÚÈùΤðÂØÙåôÒ³ËðÆî PBE ÏÚý¬ÅûÙЬÙòËðÆîÆÛñ¢ÈùΤðÂÎû PBE ÏÚý¬Óìä»ÅûÙïÝÕËèÏÚý¬¡¤

ÔáËèæñÕèäÄÇãÈùΤðÂÌÏçÐç¬ÄæâæâÐÈçÅûÙï¡©

ÇãÈùΤðÂÌÏçÐç¬Äæâæã®òÓÎûÍÔÈ´æñÕè (È´ÕæÓ×ç¥) ÝçÆñØÜè×ÈùΤðÂ-çÐç¬âêÑôÉ¢äÆòññ¢Ü¨ÆíÎûè×ê¢ 168 ÈíÄ÷ÏÚý¬âÐÈç triple-DES ÅûÙ

çÐç¬ÏÚý¬ÙÂ÷îêØÇß÷»

îùïåûôÅèĶÇÖåç¡¢Åè̽ڵȴùÃçÐç¬Ëôäã¡£óÃÇô¡£Å¡àõÌÏÏñû¬ÎûÚ¦ËÄÙÂ÷îÎûÇß÷»¡¤

ÅûÙïÍÐæØÙïæñÕèÎûçÐç¬ÏÚý¬ËôÈÜÈôݨ¡©

Êäȹ Identity Manager ÈùΤðÂÝÙîÀÈÝçÐç¬Õë¡¢ÏÏÌîعæÀǨßÐÝçÙòܨÆíä»Îûòññ¢ 168 ÈíÄ÷ triple-DES âêÑôÉ¢äÆÏÚý¬¡¤ÈºÏÚý¬ÙòÆîÍõÅûÙïÍÐæØÙïÍÔÈ´ÇãæÚÈùΤðÂÌÏæÚçÐç¬Äæâæã®òÓÎûÑ¥úýæñÕ衤è×ÍõÊäÔ¶ÈùΤðÂ/çÐç¬èס¢Ü¨ÆíÎûâêÑôÉ¢äÆÏÚý¬ÝçÑÒÙÄÄ¡Îû¡¤

ÇñÈôÙòçÐç¬ÏÚý¬Å¡àõÈÝçÐ笡©

âêÑôÉ¢äÆÏÚý¬ÆñÈùΤðÂòññ¢Ü¨Æí¡¢àÓÑ¥ÇãÈùΤðÂÌÏçÐç¬ÄæâæÇøÇÀÇââÐÈçǨßС¢ÅÉÎÎÑÒËðÆîØøÒ³ÏÏÌîÈùΤðÂÈÝçÐç¬Ø¹æÀǨßÐÎûÄ¡ÝåÅ¡ÎûÇÁÆî׸ÙïÅäÏÚý¬è×âêÑôÉ¢äÆÏÚý¬âÐÈçÅûÙ

ÇãÏÏÌîعæÀǨßÐÕë¡¢ÈùΤðÂäÄÑçææçÐç¬ÅèíýÌùçÐç¬ÅÅßÎÎûí¼È¢¡¤çÐç¬Æ«ÅèÇãÌ¥ê¡í¼È¢ÄãÉ¢äÆ

ʼƫÅèÊÕä»ÆîÍõÅûÙïÍÐæØÙïÈùΤðÂÈÝçÐç¬È´ÕæÓ×ç¥ÎûçÐç¬ÏÚý¬ãá©

Identity Manager ßÈËòħÇØÒ³¡Öê§Ü¡ÈùΤðÂÅûÙï¡×ÎûÉ¢äÆ¡¢Ì§ÄøÝÂåîÚæûâÎûÇøÇÀê§Ü¡ÔÞÙÚÈçÇéâúÏÚý¬ê§Ü¡É¢äÆ¡¢ÅýÑÄܨÆíä»Îû¡ÖÆøЩ¡×çÐç¬ÏÚý¬ÌÏËðÆîæÚ¡ÖÆøЩ¡×çÐç¬ÏÚý¬ÊÕä»ÍÔÈ´çÐ笡¤ÝÕÑÒÆîÍõÅûÙïÊäÔ¶âêÑôÉ¢äÆÏÚý¬ (ÆîÍõÏñû¬ÇãÈùΤðÂÌÏçÐç¬Äæâæã®òÓÎûÍÔÈ´È´ÕæÓ×ç¥) ÎûÏÚý¬¡¤ÕüðãË·ÜÓØÙåôÄã pbeEncrypt úèÍÌÎûÔ«¡¢ÙòËðÆîçßÝÃÏÚý¬ÍÐ PBE ÏÚý¬ÅûÙïä»Ü¨ÆíÎûçÐç¬ÏÚý¬¡¤

çÐç¬ÏÚý¬óÃÇôÇãÈùΤð¡£çÐç¬ÎûÄïëûÇâÅÉ¡©

ÇãÈùΤðÂĸ¡¢çÐç¬ÏÚý¬ÞóçùÈùΤðÂÏÚý¬Ä¡íµóÃÇôÇãóÃÇôÕ»Ä㡤ÇãçÐç¬Ä¸¡¢çÐç¬ÏÚý¬óÃÇôÇãÆÛñ¢àôòçñ¢î£Ä㡤

ÇñÈôÏñû¬çÐç¬ÏÚý¬¡©

Ïñû¬çÐç¬ÏÚý¬ÎûÅÉÈ¢êØÏñû¬ÈùΤðÂÏÚý¬ÎûÅÉÈ¢ÒÞÇÑ¡¤ÇñΪÈùΤðÂØÙåôÒ³ËðÆî PBE ÅûÙЬÙòËðÆî PBE ܨÆíÎûÏÚý¬ÅûÙïçÐç¬ÏÚý¬¡¤ÇñΪæÚòÙâúÒ³ False¡¢Ð¬ÙòËðÆîçßÝÃÏÚý¬è×̧âÐÈçÅûÙîùÙ¶ïåЩÓÝíº÷îÒ³¡ÖÇñÈôÏñû¬ÈùΤðÂÏÚý¬¡©¡×ÎûÝýåç¡¢Åè̽ڵÊÕÇéæñع¡¤

ʼƫÅèã¾ÅøçÐç¬ÏÚý¬ÅèÇøÇÀÇâóÃÇôÇãÆÀÝåãá©

Æ«ÅèÝàç´¡Öê§Ü¡ÈùΤðÂÅûÙï¡×É¢äÆã¾ÅøçÐç¬ÏÚý¬¡¢Þóçùã¾ÅøÈùΤðÂÏÚý¬Ä¡íµ¡¤îùÙ¶ïåЩÓÝíº÷îÒ³¡ÖʼƫÅèã¾ÅøÈùΤðÂÏÚý¬ÅèÇøÇÀÇâóÃÇôÇãÆÀÝåãá©¡×ÎûÝýåç¡¢Åè̽ڵÊÕÇéæñع¡¤

ÇñÈôïÚäÚÈùΤðÂÌÏçÐç¬ÏÚý¬¡©

Ýàç´Ú·ÈùΤðÂóÃÇôÕ»ÄãÉ´ØæÈùΤðÂÌÏçÐç¬ÏÚý¬É»Æ«Ùò̧ïÚäÚ¡¤îùâ¡ãô¡¢Æ·ÓÑÄóÇãËðÆîÑÜÏÚý¬ÅûÙïÈùΤðÂæñÕèÍÐÄóÈ´çÐç¬ËíòÊÍõæÚÏÚý¬¡¢ÞóÄâóÜæÚÉ´ØææÚÏÚý¬¡¤ËðÆî¡Öê§Ü¡ÈùΤðÂÅûÙï¡×É¢äÆÓìä»ÅûÙïÍÔȴ̦ȴÆøЩÈùΤðÂÏÚý¬ÎûÈùΤðÂæñÕè¡¢ËäÇÑÊãŧÆøЩÎûçÐç¬ÏÚý¬êØÍÔÈ´çÐ笡¢ÅèíýÏñÇãÉ´ØæǶÈô÷®ÎûÏÚý¬ÄæЩÆÜÇãËðÆîæÚ÷®ÏÚý¬¡¤


ê§Ü¡ÈùΤðÂÅûÙï

Identity Manager ÈùΤðÂÅûÙïÅü×äÆ«üéÚÀÐúÇ¡ä»Îû 3DES ÈùΤðÂÅûÙïÏÚý¬¡¢àÓÑ¥ËðÆî 3DES ÍÐ PKCS#5 ÅûÙïè×ÝÕËèÏÚý¬âÐÈçÅûÙï¡¢ÇñĶè·ÍÔÆü¡¤Æ·È´Ì¦È´ÇøÇÀê§Ü¡ÔÞûâ×äÎûËðÆîϯÄßÆ«ÅèÙÚÈç [ê§Ü¡ÈùΤðÂÅûÙï] É¢äÆ (Ú· [ÈùΤðÂÉ¢äÆ] íºü¾Çô̽ȺɢäÆ)¡¤

è· 10-1 ê§Ü¡ÈùΤðÂÅûÙïÉ¢äÆ

ê§Ü¡ÈùΤðÂÅûÙïÉ¢äÆ

òÙ̽ [Run Tasks]¡¢àÓÑ¥Ú·ÛÒÞÌÄãòÙ̽ [Manage Server Encryption]¡¢ÅèҳȺɢäÆØÙåôÅèĶæñع¡¨


ÇøÇÀÍÌËðÆîÅÉÕù

ËÎÒ³ Identity Manager ê§Ü¡ÔÞ¡¢ÚÀÆ·ÓÑÇãÝÃÌùÕëÍÐÅèÑ¥ÙÚÈçÅèĶÐúú¾Êãüõ¡¢É»Æ«âÐÄ¡ÊãàµÅ·Ì¿Ïñû¬Ú¨æÀÌÏí°ðãÎûÇøÇÀÍÌÓøòò¡¤

ÝÃÌùÕë

ÚÀóÜæÚ¡¨

ÇãËðÆîßæâæ

ÚÀóÜæÚ¡¨

ÇñΪÚÀÎûóÜÆîá£È¢ÈùΤðÂêØ Servlet 2.2 ÒÞÕ©¡¢Identity Manager ÇøæÒá£Ê©äÄÙò http âêÑôÉ¢äÆç·ÕëÝÃÌùÒ³çßÝÃÔ« 30 Å¡úÌ¡¤ÚÀÆ«Åèî¾òÒúèÍÌËôüÈÊÕȺԫ¡§ÈþÚÀóÜæÚÙòæÚÔ«ÝÃÌùҳġԶç¤É¥ÎûÔ«ÅèìÁÅûÇøÇÀÍÌ¡¤ÄâÓÑÙòæÚÔ«ÝÃÌùÒ³ØíÍõ 30 Å¡úÌ¡¤

Ó¼ÓÑüÈÊÕâêÑôÉ¢äÆç·ÕëÔ«¡¨

  1. î¾òÒ web.xml óòÕù¡¢Ì§ÈíÍõÚÀóÜÆîá£È¢ÈùΤðÂÆøòçðùÄãÎû idm/WEB-INF Æøò硤
  2. üÈÊÕĶÇÄÈçÄãÎûí°Ô«¡¨
  3. <session-config>
    <session-timeout>30</session-timeout>
    </session-config>



ĸġÓ÷      Æøòç      ×ÄÅ¿      ĶġÓ÷     


ÅÆǵæÀ¨ 820-2292¡¤  Copyright 2007 Sun Microsystems, Inc. ÎêûâÍÔÈ´¡¤