Single Sign-on to NetStorage through iChain
Novell Cool Solutions: Tip
By Jim Short
Digg This -
Posted: 28 Jan 2005
In the past, iChain has had problems with single sign-on to NetStorage. Now, with NetWare 6.5 SP3 you can single sign-on easily by configuring the new "cookieless authentication" option for XTier/middle-tier authentication. TID10071930: Can't Single Sign-on to NetStorage through iChain has been updated with the following information:
NetStorage uses XTier authentication. XTier authentication currently does not accept standard single sign on techniques (auth header, query string, etc.) For SSO authentication, XTier authentication originally not only required username and password, but also a locally stored cookie. The first time a user hits NetStorage they are prompted to login. Then a SET COOKIE takes place to set the local cookie. The browser, in all subsequent logins, sends the local cookie. For iChain SSO to work, use NetWare 6.5 SP3 and enable "cookieless" authentication.
Fix:For Single Sign-On to work, use NetWare 6.5 SP3 and configure "cookieless" XTier (middle-tier) authentication as follows:
- Using NSADMIN (http://server/oneNet/nsadmin), the first screen that comes up is the general options for the middle-tier. One of the options on this page is "cookieless". The default value is 0 (off). Change this to 1 and restart the server.
- In the iChain ADMIN GUI, check the box to forward authentication information to Web Server on the Authentication Options button for the NetStorage accelerator, enable OLAC on the Access Control tab, and then configure OLAC on the NetStorage protected resource to send the CN rather than the DN in the basic auth header. (Add ICHAIN_UID - LDAP - CN in the OLAC configuration.)
Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com