Novell Home

How to Single Sign On to GroupWise and the Novell Client for Linux on your Linux Desktop.

Novell Cool Solutions: Feature
By Joe Harmon

Digg This - Slashdot This

Posted: 17 Nov 2005
 

Applies To:

  • Novell Linux Desktop 9
  • SUSE Linux 10.0
  • Common Authentication Service Adapter (CASA) 1.5

Disclaimer:

This solution is provided as a service to the community and is not supported by Novell. There are certain portions of this service that are in an early development phase and therefore may not be fully functional. For example; the solution given for the single sign on to the Novell Client for Linux product is for a single tree only. The multiple tree option is not yet available.

Solution:

This solution implements a technology called the Common Authentication Service Adapter (CASA). This technology is used to store and manage your user credentials via the CASA Manager. The CASA Manager also interfaces with the GNOME Key Ring and KDE's Kwallet technologies, allowing you to manage all three from one interface if desired.

  1. Let's start out by downloading all of the packages needed for this solution. If you are going to implement the full solution, then you will need the following packages. Note: The links given in this solution are for the i586 (32 bit) platform. If the links are not available, then you can find the casa builds here. GroupWise and the Novell Client for Linux were both downloaded from the http://download.novell.com site. CASA also require mono 1.1.7 and newer version of gtk-sharp. These are already included with the shipping version of SUSE Linux 10.0 and are available as updates through red carpet on NLD. While these are available from http://www.mono-project.com/Downloads, it would be preferred that you just update them from red carpet for NLD.

  2. If you are going to be doing a Single Sign On to the Novell Client for Linux (NCL) then you first need to make sure that NCL has been installed. If you are installing NCL for NLD 9 or SUSE Linux Professional 9.3 then please follow this procedure. If you are going to be installing NCL for SUSE Linux 10.0 then please follow this procedure.

  3. If you are going to be using the single sign on piece for the GroupWise cross platform client then the next step is to install the GroupWise client. Start out by extracting the gw700lnxc.tar.gz file that you just downloaded. This can be done by right clicking on the file and choosing the extract option, or by typing tar -xzf gw700lnxc.tar.gz within a terminal window. Once extracted you should have a novell-groupwise-gwclient-7.0-20050803.i386.rpm file. Install this file by either double clicking on the file or by typing rpm -ivh novell-groupwise-gwclient-7.0-20050803.i386.rpm within a terminal window as root.

  4. After NCL and GroupWise are installed, you will need to install the last three packages. This can be done by typing rpm -ivh CASA-gui-1.5.127-0.i586.rpm CASA-1.5.127-0.i586.rpm novell-ncl-autologin-1.0.0-1.i586.rpm within a terminal as root. Once this is done, reboot to get a fresh start of the CASA daemon.

  5. Once you workstation comes back up you should be prompted to login to your workstation. If you chose the option to to automatically login to the workstation then you will not be able to use CASA. Note: Your workstation login may look different from this login depending on the OS you are using.

  6. Your credentials will be automatically recorded in the CASA Manager during the login to the desktop. The CASA packages do not, as of yet, create a menu item for the CASA Manager, so our next step is to create a launcher that we can use for accessing the CASA Manager. Right click on your desktop or panel and choose the option to create a launcher. Note: Your options for creating a launcher will differ from workstation to workstation. In this example we are using GNOME on SUSE Linux 10.0. 

  7. We will give it the name of CASA Manager. The command is /opt/novell/CASA/bin/CASAManager.sh. The icon is located at /opt/novell/CASA/images/CASA_32.png.

  8. Now launch the CASA Manager. You will be prompted to enter in a password for managing and encrypting your persistent credentials.

  9. Verify that your credentials have been recorded. You should see an entry labeled SS_CredSet:Desktop. If you do not see it then stop here. You must have the SS_CredSet:Desktop in the CASA Manager before the rest of the options can be used, because they are all tied to your desktop credentials. 

  10. If you double click on the SS_CredSet:Desktop you will will see that it contains an encrypted store of your credentials.

  11. Once you verified that the SS_CredSet:Desktop credential was created, you can start and login to GroupWise.

  12. Once you have successfully logged into GroupWise a new credential should have been created in your CASA Manager. If you CASA Manager is still open then you can just press F5 to refresh it. Once you have verified that SS_CredSet:GroupWise  is in the CASA Manager, your GroupWise single sign on is ready to go. Try it out. Close GroupWise and launch it again. It should sign you in automatically.

  13. Last but not least we will work on the single sign on plugin for NCL. You should already have the novell-ncl-autologin-1.0.0-1.i586.rpm package installed from step 4 above. This is the plugin that will enable us to capture the NCL credentials and then automatically login to the server for you. However, before we can use it, there are a few prerequisites that we need to fulfill. First we need to run the Novell Client Configuration Wizard. You do this by clicking on the NCL icon and choosing System Settings. We really only need to change two items, so make sure that only the Login and Service Location Protocol (OpenSLP) options are selected. Then press the Start Wizard button.

  14. Fill out the Default Tree and the Default Context (optional) sections. As stated in the disclaimer, this currently only works for a single tree environment. The Default Context needs to be the context of the user logging into the server via NCL. 

  15. The Service Location Protocol (SLP) setting will allow you to browse for your Tree, Context, and Server within NCL. It will also make it easier to resolve the tree name when CASA attempts to capture your NCL credentials. To configure SLP for you workstation, you will need a Scope List (typically a container in eDirectory), Directory Agent (IP or DNS of your DA), and the Broadcast Only option checked (optional). If you do not have SLP setup within your network then you can use a small workaround to this by placing an entry in your /etc/hosts file which contains the IP address of the server you are connecting to, which resolves to your tree name.

  16. Now bring up the NCL login by selecting Novell Login in the NCL drop down menu. Put in your username and password. The tree and context should already be filled out with your preferred tree and context. If not then fill them out as well. Important: Do not fill out the server field with this initial login. There is a known issue where if the server field has an IP address or DNS name, then the credentials will be recorded under the server name rather than the tree name. This will cause the single sing on process to fail. If you are unable to authenticate without this field being populated, then please move on to the manual process in steps 18 and 19.

  17. Once you authenticate, you should see a new entry in the CASA Manager. It should reflect the name of you tree. If it reflects the name of your server then you will need to follow the manual process outlined in steps 18 and 19.

  18. If you need to put the entry in manually then right click in the CASA Manager screen and choose New Secret. In the Secret ID field put in SS_CredSet: and then then name of the tree. In this example I used SS_CredSet:MY_TREE as my Secret ID. The tree name needs to be in all caps, even if the actual tree name is not caps. Next, put Password (with a capital P) in the Key field and the password of the user that will be logging in, into the Value field. Don't worry, it won't be stored in clear text. As soon as you click on the + symbol it will be encrypted and will be added it the the Key-Value pairs section.

  19. Add another key labeled FDN_NDAP with the username and context as the value. Again, click the + symbol to add it to the Key-Value pairs.

  20. That's it. You should be done. Now if you reboot, you should automatically login and run you login scripts.


Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com

© 2014 Novell