How to Use SSO with Novell Security Manager
Novell Cool Solutions: Feature
By Christian Schwarz
Digg This -
Posted: 5 Apr 2006
To use SSO with Novell Security Manager 6.200, follow these steps:
1. Create a new NDS user with a password.
2. Right-click on your tree and select trustees of this object.
3. Click Add Trustee and select the user you have created. On entry rights, select browse and inheritable; on all attribute rights, select compare, read and inheritable.
4. Click OK.
5. Log in to Webadmin on NSM and browse to System/User Authentication.
6. Enable Novell eDirectory.
7. In the Server field, enter the IP address of your eDirectory Server and click Save.
8. Enable Single-Sign-On (SSO) and enter (as SSO bind user) the new user in LDAP notation, or use the Browse eDirectory button.
9. Enter the password of this user and click Save.
10. In the context field, enter the contexts where your users reside, or use the Browse eDirectory button. Remember - these contexts are not inheritable!
11. Click Save.
12. Go to Novell eDirectory User/Group/Container-based Access Control.
13. Enter the user/group/container of the users you want to allow to surf over the HTTP proxy and click save.
14. Go to Proxies HTTP in Webadmin and enable the HTTP Proxy.
15. In the Operation Mode field, select eDirectory Single Sign On.
16. Now disconnect and re login to eDirectory.
17. Point your browser HTTP-Proxysettings to the NSM IP address at port 8080.
18. Open a web site and have fun!
I'm not sure why, but if you restart Astaro/NSM or disable and reenable SSO, you have to disconnect (log off) from eDirectory and login again. You have to do the same if your network connection is lost or if you have restart the eDirectory server. The automatic reconnect of the Netware client doesn't seem to work.
Also, you must use the Netware client in IP-only mode. If you are using IP/IPX or IPX only, the IPX address will be stored in eDirectory, and Astaro/NSM won't be able to find you.
In some cases, a user may have multiple IP addresses stored in eDirectory. To resolve this, you have to do a DSRepair.
You can find further information about SSO at:
Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com