Accelerating eGuide with iChain and Single Sign On
Novell Cool Solutions: Feature
By Jerry Hancock, Will Peterson
Digg This -
Posted: 25 Nov 2003
During this lab you will accelerate Novell eGuide. eGuide is configured on the private workstation to do LDAP lookups on the iChain tree and display the resultes. By accelerating eGuide to the iChain appliance, the public workstation will gain access indirectly through the iChain proxy service. In this lab you will also learn how to protect eGuide as a resource through iChain and enable Single Sign On.
Novell eGuide has the capability of being secured and accelerated via Novell iChain:
- You can enable silent authentication in Novell eGuide so that users are automatically logged in when they access eGuide through iChain.
- You can use web acceleration technologies to accelerate access to Novell eGuide by using iChain.
- You can load balance multiple instances of eGuide through iChain.
The high-level steps for these three items are listed below. For further details on how to complete each step, see the Novell iChain Administration Guide.
1. (Optional) In iChain, Create an LDAP Authentication Profile. This step is only necessary if you want iChain to pass user credentials to eGuide.
Before authentication will work with the proxy services, we need to create an authentication profile that will point the authentication requests to our LDAP server.
- Open the iChain browser-based administration tool and click on the "Configure" panel and "Authentication" tab.
- Click "Insert" to add a new profile. (Figure 1.1)
- Name the authentication profile "ldap". Select "LDAP Authentication" and select "LDAP Options". (Figure 1.1)
- Enter the IP address of your internal eDirectory server for the "LDAP server address" (Figure 1.2)
- Enter LDAP username and password. (Figure 1.2)
- Select "Use distinguished name" for the LDAP login name format. (Figure 1.2)
- Click "Insert" to add and LDAP context that contains all authenticating users.
- Click "OK", "OK", and then "Apply"
2. In iChain, configure eGuide as a web accelerator
- From the iChain browser-based administration tool, click the "Web Server Accelerator" tab.
- Add a web server accelerator by clicking on "New", and specifying the Name, DNS Name, & Web Server Address. (Figure 2.1)
3. (Optional) To enable iChain to pass the authentication credentials to eGuide
- Check the "Enable authentication" box. (Figure 2.1)
- Specify the Authentication Options and LDAP profile created earlier in step 1. (Figure 3.1)
4. (Optional) To transmit content over HTTPS, enable the SSLizer in iChain
- Check the "Enable Secure Exchange" box. (Figure 2.1)
- Specify the Certificate. If "Auto" is selected, iChain will automatically generate a certificate, however the users will be presented with an unknown certificate each time they enter eGuide until a certified certificate is assigned. (Figure 2.1)
Note: Turning on Secure Exchange will force users to be prompted to display non-secure items from their browser. The "AOL Instant Message" & "Yahoo Instant Message" data handlers use a non secure request when checking if other users are online. These handlers (and others that have been obtained) can be changed so the "Show non-secure items" prompt will not appear.
5. Configure iChain so it does not cache dynamic eGuide content
- From the iChain browser based administration tool and click on the "Configure", "Management". Check the "Enable pin list" checkbox. (Figure 5.1)
- Add the URL Mask "hostname.domain/eGuide/*", and set the Pin Type to "Bypass". (Figure 5.1)
- From eGuide Administration Utility, ensure that your LDAP data source is configured to the same directory as the iChain LDAP authentication profile (from step 1 above).
- Click Restrictions.
- Disable Allow Save Credentials.
- After configuring multiple instance of eGuide, add each instance to the Web Server Addresses. (Figure 7.1)
- Check the Load Balance at Session Level Only check box.
From Console One. Find your iChain Service Object, add a new protected resource. Specify the name, URL Prefix, and Access type. (Figure 5.2)
(Note: Secure verifies Username, password, & ACL rights. Restricted verifies Username, and password. Public allows all requests access.)
(Note: You will need to refresh your iChain server to reflect these changes.)Figure 5.2
6. Configure eGuide
7. (Optional) Configure iChain to load balance eGuide
Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com