1. Manuals
  2. Brands
  3. Novell Manuals
  4. Software
  5. eBook Reader
  6. Administration manual

Novell eBook Reader Administration Manual

Novell ebook reader user manual
Hide thumbs
Table of Contents

Advertisement

Quick Links

Download this manual
Novell
Liberty Identity Provider
for Novell
eDirectory
TM
®
w w w . n o v e l l . c o m
A D M I N I S T R A T I O N G U I D E

Advertisement

Table of Contents
loading

Related Manuals for Novell eBook Reader

Summary of Contents for Novell eBook Reader

  • Page 1 Novell Liberty Identity Provider for Novell eDirectory ® w w w . n o v e l l . c o m A D M I N I S T R A T I O N G U I D E...

  • Page 2: Legal Notices

    Further, Novell, Inc. makes no representations or warranties with respect to any software, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, Novell, Inc. reserves the right to make changes to any and all parts of Novell software, at any time, without any obligation to notify any person or entity of such changes.
  • Page 3 Novell Trademarks eDirectory is a trademark of Novell, Inc. Novell is a registered trademark of Novell, Inc. in the United States and other countries. Third-Party Trademarks All third-party trademarks are the property of their respective owners.

  • Page 5: Table Of Contents

    Understanding the Value of the Novell Liberty Identity Provider ......5...
  • Page 6 Troubleshooting iManager ..........48 Liberty Identity Provider for Novell eDirectory...

  • Page 7: About This Guide

    Appendix C, “Troubleshooting Your Liberty IDP Installation and Configuration,” on page 43 — Tips and tricks for troubleshooting your IDP installation and configuration issues. Documentation Conventions In Novell documentation, a greater-than symbol (>) is used to separate actions within a step and items in a cross-reference path. A trademark symbol ( trademark.
  • Page 8 Liberty Identity Provider for Novell eDirectory...

  • Page 9: Overview

    Overview This section covers the following topics: Understanding the Liberty Alliance Liberty Alliance Architecture Understanding the Value of the Novell Liberty Identity Provider Benefits of the Liberty Identity Provider for Novell eDirectory Service Provider Sample Code Understanding the Liberty Alliance...

  • Page 10: Benefits Of The Liberty Identity Provider For Novell Edirectory

    Liberty Alliance 1.1 Identity Provider. “Liberty Server Requirements” on page 9 Liberty IDP. Once you have a supported server, and you have installed Novell eDirectory 8.7, you are ready to install and configure the Liberty IDP technology. Easily Create and Maintain User Identities Novell's Web-based configuration tools allows the administrator to quickly define and maintain user identities.

  • Page 11: Give Users Control To Federate And Defederate Their Identity Information

    Although the Liberty identity provider for Novell eDirectory software does not provide an actual Liberty SP, Novell provides sample code to accelerate the deployment of a Liberty SP. This code is in the form of sample Web pages, JSPs and other Java code that allows users to federate and display their federation information.
  • Page 12 Liberty Identity Provider for Novell eDirectory...

  • Page 13: Installing The Liberty Identity Provider

    The Liberty IDP is a self-contained installation and does not require licensed hardware to run. Liberty Server Requirements You must have Novell eDirectory version 8.7 installed in your Liberty environment prior to installing the Liberty identity provider. We recommend that you do not have eDirectory installed on the same machine where you will be installing the Liberty IDP.

  • Page 14: Installing Liberty Identity Provider Software

    The Novell-supported platform for installing the Liberty IDP is a Windows* 2000 server or workstation. To run the Liberty IDP, you must have: a static IP address an iManager-compatible browser: Internet Explorer 5.5 or above, or Netscape* 6.2 or above For additional information and full system requirements for Novell eDirectory 8.7, refer to the...
  • Page 15 Figure 1 Liberty Identity Provider Introduction If you accept the License Agreement, select the accept button, then click Next. Figure 2 License Agreement The Liberty IDP created by the installation is configured to run in a non-SSL mode by default. This mode is sufficient for testing purposes only.
  • Page 16 Figure 3 The Liberty IDP requires Novell iManager to be installed. Even if you already have iManager installed on your machine, click Next to proceed with the installation. Figure 4 The iManager installation is a wizard that consists of several screens that run on top of your Liberty IDP installation wizard.
  • Page 17 Figure 5 iManager Installation Read the Introduction screen, then click Next. Figure 6 iManager Introduction Read the Detection Summary screen, which indicates the components that will be installed with iManager, then click Next. WARNING: If the Web server, servlet container, and/or JVM show as already installed, you must quit the installation, remove the component(s), then begin the installation again.
  • Page 18 Select the directory where iManager should be installed. The default is C:\Program Files\Novell. Figure 8 Click Next. Review the Pre-Installation Summary. If you need to make changes, click Previous to return to the previous screens. Otherwise, click Install. Liberty Identity Provider for Novell eDirectory Detection Summary Choose Install Folder...
  • Page 19 Figure 9 Pre-Installation Summary iManager is installed on your machine. (This installation might take a few minutes.) If the iManager installation is successful, you will get an Install Complete screen. Review this screen, then click Done. Figure 10 Install Complete You are returned to the Liberty IDP installation.
  • Page 20 For the Liberty IDP Site Name, you normally specify the DNS Host Name of your IDP server. For example, idp.novell.com. IMPORTANT: Liberty Identity Provider for Novell eDirectory “Importing Trusted Roots” on page LDAP Configuration Page Do not use commas on any of the fields for this screen.
  • Page 21 Password, and Keystore Password. These files are used in the signing process and are referenced by the Liberty application’s web.xml file. (By default, this file is located at C:\Program Files\Novell\Tomcat\webapps\nidp\WEB-INF\web.xml.) For more information about digital signing and keys, see the Tool documentation (http://java.sun.com/j2se/1.4.1/docs/tooldocs/windows/keytool.html).
  • Page 22 Previous to go back to previous screens. If you accept the configuration, click Install. Figure 15 The installation will extend the schema using eDirectory. (This process could take several minutes.) When the installation is complete, click Done. Liberty Identity Provider for Novell eDirectory Application Name Page Pre-Installation Summary...

  • Page 23: Installing The Liberty Administration Plug-Ins When Imanager Is Already Installed On Your Edirectory Server

    You launch iManager by opening a Web browser and going to https://<ipaddress>/eMFrame/ iManager.html (case-sensitive), where <ipaddress> is the address of your server. For detailed instructions on how to launch iManager, see the "Novell Web Applications," html document that was placed on your desktop as part of the iManager installation.
  • Page 24 Delete the Tomcat, Apache, and other Liberty components located in the folder you created during the installation. By default, this folder is located at C:\Program Files\Novell. Delete all of the files in your Temp folder, located at C:\Documents and Settings\<user>\local settings\temp directory.

  • Page 25: Creating A Liberty Idp Site

    You launch iManager by opening a Web browser and going to https://<ipaddress>/eMFrame/ iManager.html (case-sensitive), where <ipaddress> is the address of your server. For detailed instructions on how to launch iManager, see the "Novell Web Applications," html document that was placed on your desktop as part of the iManager installation.
  • Page 26 Figure 16 Manage Liberty Identity Sites Page Click the New Site link. The New Liberty Identity Site page appears on the right-hand side. Liberty Identity Provider for Novell eDirectory...
  • Page 27 Figure 17 New Liberty Identity Site Page Enter a Descriptive Name for your site. (The name you choose is primarily for your own reference.) Enter the context for this site. The context identifies where you want to store this site object in the directory. (The default is located at the root, but you can choose the location you want.) Enter the Protocol and Base URL information.

  • Page 28: Define Site Properties

    The Common Domain is a DNS name that IDPs and SPs within a circle of trust have agreed upon and/or obtained for use between each other. Liberty Identity Provider for Novell eDirectory Step 7 in the previous section, you are now at the Site Properties page.

  • Page 29: Define Service Providers

    Enter your information in the empty field if you want to include it in the information that is transferred to and from providers. For example, if you are using Novell’s installed sample service provider code, you would enter the following URL: http://<ip address of SP server>/nwt/metadata.
  • Page 30 Provider link, or you can import an SP definition by clicking the Import Affiliate Service Provider Definition link. We recommend that you import definitions from another service provider. Click Import Affiliate Server Provider Definition. Figure 20 Liberty Identity Provider for Novell eDirectory Affiliate Service Providers Page Import Affiliate Service Provider Definition...

  • Page 31: Set Up Your Liberty Identity Server

    Enter the Descriptive Name and URL for the service provider’s definition you want to import. For example, if your IP address is 1.1.1.1, you would specify the URL as http://1.1.1.1/nwc/ metadata. Click OK. 4. Set Up Your Liberty Identity Server Continuing where you left off in list of your identity servers.
  • Page 32 View the User Federation you created. If you need to delete it, select Delete. Click Done. If you deleted any federations, those deletions will occur when the user completely logs out of all sessions and then logs back in. Liberty Identity Provider for Novell eDirectory Manage Federations...

  • Page 33: Configuring Your Liberty Identity Provider To Run In Ssl Mode

    Customizing Your Liberty IDP User Interface In order to become compliant with Liberty specifications, after you have successfully installed your Liberty identity provider for Novell a production environment. By default, your Liberty identity provider runs in test mode (HTTP). You must change this protocol to HTTPS in order to run securely (in SSL mode). You do this by configuring certificates.

  • Page 34: Creating Certificates For Apache

    The following table is a list of the JSP files that are available for the IDP: Table 1 JSP Files for the IDP File Name login.jsp Liberty Identity Provider for Novell eDirectory Definition Prompts the user to log in. “Modifying the...
  • Page 35 File Name main.jsp err.jsp postit.jsp defedask.jsp loget.jsp logframe.jsp logheader.jsp For a list of the .jsp files for the service provider, see Interface” on page Configuring Your Liberty Identity Provider to Run in SSL Mode Definition Displays the main page. Reports an error. Sends an automatic POST to another provider.
  • Page 36 Liberty Identity Provider for Novell eDirectory...

  • Page 37: A Installing And Configuring A Sample Service Provider

    Installing and Configuring a Sample Service Provider Novell provides sample code for you to use as part of the Liberty identity provider for Novell eDirectory Novell. This appendix provides information about how to install and configure a sample service provider (SP).
  • Page 38 The Liberty SP is provided as example code. You must accept this stipulation in order to proceed with the installation. If you accept the stipulation, select the accept button, then click Next. Liberty Identity Provider for Novell eDirectory Liberty Service Provider Introduction License Agreement...
  • Page 39 Figure 25 Example Code Stipulation The Liberty SP installation creates a fictitious SP called World Financial. Read the information about the SP, note the URL, and then click Next. Figure 26 World Financial Information In order for single sign-on to work seamlessly between the IDP and the SP when more than one IDP exists, you must enable Introductions on your IDP.
  • Page 40 Password, and Keystore Password. (This information does not have to match the keystore information you entered for the IDP.) For more information about digital signing and keys, see the Tool documentation Liberty Identity Provider for Novell eDirectory Common Domain Service Provider Test User (http://java.sun.com/j2se/1.4.1/docs/tooldocs/windows/keytool.html).

  • Page 41: Configuring Your Service Provider

    Configuring Your Service Provider Complete the following steps to configure your SP: Retrieve the Novell Liberty IDP for eDirectory metadata. In your Web browser, enter your IDP's URL (for example, if you didn't change the application name when you installed, your URL would be http://yourIDP'sDNSorIP/ nidp/metadata, assuming the defaults).

  • Page 42: Adding Additional Users

    For a list of the .jsp files for the identity provider, see Interface” on page Liberty Identity Provider for Novell eDirectory Definition Prompts the user to log in. Displays the main page. Reports an error. Sends an automatic POST to another provider. This feature is invisible to the user.

  • Page 43: Modifying Apache

    Go to your Apache httpd.conf file, located in your Apache directory. (The default location is C:\Program Files\Apache\conf\httpd.conf.) Comment out the line that says, "include "C:/Program Files/Novell/Tomcat/conf/liberty/ liberty_jk.conf" at the end of the file by putting a number sign (#) in front of it.
  • Page 44 JkMount /nidp Paste the data in your Apache ssl.conf file (the default location is C:\Program Files\Novell\Apache\conf\ssl.conf) before the line </VirtualHost> at the end of the file. Copy the entire virtual host section (from <VirtualHost_default_:443> to </VirtualHost>) of your Apache ssl.conf file (the default location is C:\Program Files\Novell\Apache\conf\ssl.conf).
  • Page 45 <Directory "C:/PROGRA~1/Novell/Tomcat/webapps/eMFrame/META-INF/"> AllowOverride None deny from all </Directory> JkMount /eMFrame/webacc JkMount /eMFrame/webacc/* JkMount /eMFrame/*.jsp In this same Apache ssl.conf file, add a line for a second SSL listening port for the common domain. (You could add a second IP address instead of a second port. See the site (http://httpd.apache.org/docs-2.0/vhosts/ip-based.html)for details.

  • Page 46: Importing Trusted Roots

    Allow Introductions Common Domain in the site configuration using iManager. Importing Trusted Roots Your well-known trusted roots file is located at C:\Program Files\Novell\jre\lib\security\cacerts. If any service provider uses SSL and the service provider's certificates are signed by a certificate authority that is not in this keystore, you will need to import the trusted root from the service provider's certificate to this keystore.

  • Page 47: C Troubleshooting Your Liberty Idp Installation And Configuration

    The following four log files are created during the Liberty IDP installation: 1. apache_install.log: This log file, located by default at C:\Program Files\Novell\apache_install.log, documents the various steps of the Apache installation. The key portion of this file is the "Installation operation completed successfully" message shown in the example below.

  • Page 48: Troubleshooting Post-Installation Issues

    The following three files are created after the Liberty IDP installation has completed: 1. logs: These files are located by default at C:\Program Files\Novell\Tomcat\logs\*. as you run the Web applications, you might trigger errors that throw exceptions in Tomcat. Typically, information about these types of errors is displayed in your Web browser window as you view your Web applications.
  • Page 49 Bootstrap: Service started 2. iManager_eMFrame_log.<date>: This log file, located by default at C:\Program Files\Novell\Tomcat\logs\iManager_eMFrame_log.<date>, generates a list of events that occur when the iManager application is being initialized. There should be no exceptions reported in this file. A successful initialization would normally result in the following entry at the end of the file: 2003-04-03 14:31:40 StandardManager[/eMFrame]: Seeding random number generator class java.security.SecureRandom...

  • Page 50: Enabling Advanced Logging

    If you point your browser to the IDP server (/nidp/ viewlog), you will get the following screen, which displays filter options and log file entries. Liberty Identity Provider for Novell eDirectory Uncomment this entry and the entry below (LogLevel) for debugging...

  • Page 51: Basic Troubleshooting Tips

    Figure 30 Basic Troubleshooting Tips This section includes troubleshooting information for Apache, Tomcat, and iManager. Troubleshooting Apache The following are simple tests you can conduct, either in standard or secure mode, to verify that Apache is up and running: Standard Mode: From a browser, go to http://<x.x.x.x> where <x.x.x.x> is the IP address of your Apache Web server.

  • Page 52: Troubleshooting Tomcat

    If you make changes to your Liberty configuration in iManager, you must restart Tomcat in order for the changes to take effect. Additionally, if you use iManager to defederate a user, you must restart Tomcat. Liberty Identity Provider for Novell eDirectory Sunsite Web site (http://...

Table of Contents