Novell is now a part of Micro Focus

Teaming iChain with Novell Portal Services

Novell Cool Solutions: Feature

Digg This - Slashdot This

Posted: 20 May 2002

We found these guidelines (dog ears, and all) in the clutches of one of our system engineers. Unfortunately, we can't attribute the documenting of these steps to anyone because those we talked to can't remember who they got them from. So if you remember committing these steps to paper -- in this life or another -- drop us a line and we'll gladly give you credit.

Novell's iChain and Portal Services products create some serious synergy when used together. For one thing, since they both leverage eDirectory, they can be combined to create elaborate security schemes and access rights and privileges.

This document was written to help you take the first step to harnessing this power -- getting everything set up and running together. If you have suggestions or other tips regarding iChain and Novell Portal Services, drop us a line.

This document is assuming that you have correctly installed the Novell Portal Services software, iChain Internet caching server, iChain schema extensions, and correctly installed the snapins for ConsoleOne.

If you need help getting to this point, the following documentation may help: Novell Portal Services Setup -
iChain Internet Caching Setup -

To set up the iChain Internet caching server for a Novell Portal Services implementation, complete the following:

Access and open the ConsoleOne that has been upgraded with the iChain snapins. (NOTE: Location in the tree does not matter for the user object, iChain Service Object, and Access Control Rule that you are about to create.)

  1. Select "New User". This user will be a guest account for the iChain machine (example name iChainGuest_User) and choose a password.
  2. Select the New iChain Object icon (to the right of the New Object icon on the toolbar).
  3. A dialog box should appear. Select iChain Service Object.
  4. Name the object (example ISO_OBJECT).
  5. Once the object has been created, open the properties page (right click on the ISO_OBJECT and select properties).
  6. Select "General".
  7. Browse for the Guest User (example iChainGuest_User).
  8. Choose "Apply".
  9. Select the "Protected Resource" tab.
  10. Select "Add".
  11. Name the Resource (For example purposes we will name it RESOURCE1).
  12. Give the URL Prefix of the DNS name that is associated with the iChain internet caching server (example
  13. Apply the changes and close the properties page.
  14. Select the "New iChain Object" icon again.
  15. A dialog box should appear. Select "iChain Access Control Rule".
  16. Name the Access Control Rule (example ISO_Access_control_OBJ).
  17. Once the object has been created, open the properties page (right click on the ISO_Access_control_OBJ and select "Properties").
  18. Select "Resource".
  19. Select "Add".
  20. Add the resource name that was just created in the ISO_OBJECT. Example: add RESOURCE1.
  21. The URL Postfix should be set to /*
  22. Now select the "Apply" and go next to the "Resource" tab.
  23. Add the contexts of any users you want to have access (example contexts are novell and users.novell. (NOTE: You must specify all contexts you want included, inheritance doesn't flow down.
  24. Apply and close the properties page.
  25. Close ConsoleOne.

Access the URL of the ICS server where you installed the iChain Internet caching server software to launch the ICS browser-based administration tool. For example,
    http://xx.xx.xx.xx:1959/appliance/config.html, where xx.xx.xx.xx is the IP address for the ICS server.
You should have configured an IP address during the installation of the iChain Internet caching server software.

NOTE: If the ICS server is located behind a firewall and you are accessing the ICS browser-based administration utility from a browser outside that firewall, you must open ports 1959, 2222, and 1100 on the firewall to administer the ICS server.

Accept the default user name (do not enter a password) > click OK.

Click Cache > Access Control >

  1. Specify the ISO Object Name (example, CN=ISO_OBJECT,OU=iChain,O=portal)
  2. Specify the LDAP Guest User Name (example: CN=iChainGuest_User,OU=iChain,O=portal)
  3. Specify the LDAP ip address
  4. Specify the LDAP User Name and password (this user should have admin rights)
  5. Select "Apply"
  6. Refresh ACLCHECK

Click Authentication >

  1. Select "Insert"
  2. Enter a profile name (example, profile1)
  3. Select the LDAP authentication radio button
  4. Select the LDAP Options Button
  5. Enter the LDAP IP address
  6. Insert the contexts of the users (example: O=novell and OU=users,O=novell)
  7. Choose OK, then OK again
  8. Select "Apply"

Click Web Server Accelerator >

  1. Select "Insert"
  2. Select a name (example, acc1)
  3. Select the DNS (This should match the DNS name of the iChain box; previously we gave an example of
  4. Insert a web server address, this should be the IP address of the Novell Portal Services machine
  5. Check the box in the Accelerator IP addresses field
  6. Select the Alternate Host Name and enter the IP address of the Novell Portal Services machine
  7. Check the "Enable Authentication" box
  8. Select the "Authentication Options" button
  9. Adjust the Maximum Idle Time to whatever you feel is appropriate (example, 30 minutes)
  10. Check the Forward Authentication Information to Web Server. This option passes the credentials from the user's login to the iChain box onto the Novell Portal Services server, allowing for a single sign on. (NOTE- If Novell Portal Services is installed with Internet Information Server, you will need to make this change. On The Novell Portal Services Server go to Start > Programs > Administrative Tools > Internet Services Manager. Open up your site and right click on the default Web site. Select properties > Directory Security. Edit the Anonymous Access and Authentication Control. Uncheck the Integrated Windows Authentication.
  11. Choose OK, then OK again
  12. There should be an existing profile (example was profile1)
  13. Select "Add"
  14. (OPTIONAL)- You can setup SSLizer through this page by Checking the Enable SSLizer box. SSLizer provides SSL communication between the iChain box and end users browser.
  15. Choose OK, then OK again

Click Management >

  1. Check the "Enable PIN List". This will tell the iChain box what not to cache. Novell Portal Services creates dynamic pages based on the user that is logged into the portal. We do not want iChain caching this user-specific information.
  2. Select insert
  3. Enter */nps/servlet/portal*
  4. Select PIN type to Bypass
  5. Select "Apply"

Now make this change on the Novell Portal Services machine. At the root directory of your web server (example for Apache web server = C:\Program Files\Apache Group\Apache\htdocs, for Internet Information Server = C:\Inetpub\wwwroot) we will need to create an index.html or default.htm (depending on the web server: Apache = index.html, Internet Information Server = default.htm). In this file you will need to put the following code:

    <META HTTP-EQUIV="Refresh" CONTENT="0; URL=/nps/servlet/portal?render=on">

Save the file.

You are now ready to make sure that everything is working together correctly.

Open a browser and enter the URL of your iChain box (example At this point you should be prompted by a Certificate Name Check. Accept and then you should be taken to the iChain default login screen. Enter contextless credentials of a user that is in one of the contexts that you specified earlier (example username: admin password: novell). Click "Login", and you should now be successfully logged into both iChain and Novell Portal Services, with your portal now showing in the browser and the URL looking something like this:

Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions.

© Copyright Micro Focus or one of its affiliates