25.1 Using iChain for Authenticating to Teaming or Conferencing

You can use Novell® iChain® to eliminate a dual user login into your network and into Teaming or Conferencing. The instructions in this section assume that you have an understanding of iChain, as described on the Novell iChain 2.3 Documentation Web site and that you have iChain set up and running on your system.

There are many ways to configure iChain. This section illustrates one possible way to configure iChain to support Teaming or Conferencing. Before following the steps in this section, you must have Teaming or Conferencing, as well as iChain, installed, configured, and running.

25.1.1 Meeting iChain Requirements

In order to get the best performance and reliability from iChain with Teaming and Conferencing, you must install iChain 2.3 Support Pack 5 Release 4 version 2.3.410. This software is available on the iChain Patches tab on the Novell Downloads Web site. Follow the installation instructions that are provided with the patch.

25.1.2 Setting Up an iChain Web Server Accelerator for Teaming or Conferencing

  1. Access the iChain Proxy Administration Tool at the following URL:

    http://proxy_server_address:port/appliance/config.html

  2. Click Configure, then click Insert to create a new Web server accelerator for Teaming or Conferencing

    The new accelerator is enabled by default.

  3. In the Name field, provide a unique and descriptive name for the new accelerator.

    For example, you might want to call it Teaming or Conferencing, as appropriate.

  4. Select Allow Pages to Be Cached at the Browser.

  5. Select Enable Multi-Homing.

    1. In the Multi-Homing Options dialog box, select Domain-Based Multi-Homing to configure the Teaming or Conferencing URL as a DNS name prepended to your Internet domain name, for example:

      http://teaming.corporate.net

      The A record for the DNS name must already exist. The Proxy Administration Tool does not create it for you.

    2. In the DNS Name field, specify the DNS A record.

    3. Click OK to save your multi-homing settings.

  6. If you have created a custom login page for your Teaming or Conferencing Web site, specify it in the Custom Login Page Location field.

    The default location for custom login pages is sys:\etc\proxy\data. The custom login page must be an HTML file with a .htm extension. If it is located in a directory other than the default, specify the full pathname for the file.

  7. Select Enable Secure Exchange.

    1. In the Port field on the right, specify the port number that the iChain proxy server should use to communicate with the Web server where Teaming or Conferencing is installed.

    2. If desired, select Enable Secure Access between the iChain Proxy and the Origin Web Server.

    3. Click OK to save your secure exchange options.

  8. Under the Web Server Addresses box, click Insert.

    1. Specify the IP address or DNS hostname of the Web server where you have installed Teaming or Conferencing.

    2. Click OK to add the Web server to the list in the Web Server Accelerator dialog box.

  9. Click OK to save the new Web server accelerator.

25.1.3 Adding the New Web Server Accelerator to the iChain Server Object in ConsoleOne

  1. Start ConsoleOne in a location where the iChain snap-ins are installed.

  2. Browse to and right-click the iChain Server object, then click Properties.

  3. Click Protected Resource to display a list of protected resources.

  4. Click the Plus icon to add a new protected resource.

    1. In the Resource Name field, provide a unique and descriptive name for the new protected resource, which is the Web server accelerator.

    2. In the URL Prefix field, specify the part of the URL that precedes the application-specific part of the URL; for example:

      teaming.corporate.net/*

    3. Select the type of access you want to provide for users to view the URL: Secure, Restricted, or Public.

    4. Click OK to save the new protected resource.

  5. Select the new protected resource, then click the Parameters icon to display the OLAC Parameters dialog box.

    1. In the Name column, specify Authorization.

    2. In the Data Source column, specify ldap.

    3. In the Value column, specify cn.

      These settings add an extended HTTP request header called X-Authorization that stores each user’s cn (common name). The cn is retrieved from the LDAP server by the iChain OLAC process so that users can log in automatically.

    4. Click OK to save the OLAC parameters.

  6. When prompted, click Yes to refresh the iChain proxy configuration with the new changes.

  7. Provide the password to the proxy server, then click OK to perform the refresh operation immediately.

25.1.4 Using iChain for Authentication

Now that you have created an iChain Web server accelerator for Teaming or Conferencing and have configured the iChain Server object for the new Web server accelerator, users should be able to authenticate to Teaming or Conferencing in a single step, using their eDirectory or LDAP passwords.