Creating a page with a portlet that executes the JSP  Creating the single sign-on JSP

Appendix D: Using the Enterprise Portal Samples

Creating proxy authentication information

When the new page displays in Portal Interface, the contents of the new portlet indicate that the current user does not have any proxy authentication information for the target back-end application. This section describes how to create the proxy authentication information, define the back-end-application asset type, and represent the new portlet as an asset in the Enterprise Security framework.

NoteIf you create proxy authentication information at the asset level, any user who has READ permission on the asset—through any role—can use this information to connect to the back-end application. You should either limit the users with access rights to the back-end application, or carefully select the users to whom you grant READ permission to the back-end application.

StepsDefining the asset

  1. Log in to Portal Studio as a user with the Portal Security Officer (PSO) role. If you accepted the defaults during EP installation, the user name is “pso” and the password is “123qwe”.

  2. In the Portal Studio window, select Administer | Organizations, then select Assets under the Organization Manager.

  3. Click New on the toolbar.

  4. When the Create Asset window displays, complete the fields:

  5. Click OK.

Now that you have created the asset, you must specify how to protect access to that asset. For this example, you will provide proxy authentication information for accessing the asset at the role level.

WARNING! Grant READ permissions on assets to all users in the PortalUser role. If you do not have READ permission on an asset, proxy authentication information is not returned, regardless of whether you set up proxy authentication information at the asset, role, or subject level.

StepsCreating proxy authentication information

To define a user's proxy authentication information for an asset:

  1. Log into Portal Studio with a user that has the Portal Security Officer (PSO) role. If you accepted the defaults during EP installation, the user name is “pso” and the password is “123qwe.”

  2. In the Portal Studio window, select Administer | Organizations, then select Assets under the Organization Manager.

  3. Right-click Application_1 asset and select Edit. The Edit Asset window displays.

  4. Make a note of the AssetDN. You may want to write it down or copy it using Ctrl+C.

  5. Connect to Jaguar Manager and select Servers | Jaguar | Installed Web Applications | SSO.

  6. Right-click the SSO Web application in the right pane and select Edit JSP. The Edit JSP SSO window displays.

  7. Locate the following line of code:

    String asset = "a1=Application_1,o=sybase,c=us";

  8. Edit the value of the AssetDN (inside the quotes) to match the value of the Application_1 asset you created.

  9. Select File | Save and click OK.

  10. Select File | Exit to close the Edit JSP SSO window.

  11. Right-click the SSO Web application in the left pane and select Refresh.

  12. Select File | Exit to close Jaguar Manager.

StepsGranting permissions to the asset

  1. Log into Portal Studio with a user that has the Portal Security Officer (PSO) role. If you accepted the defaults during EP installation, the user name is “pso” and the password is “123qwe.”

  2. In the Portal Studio window, select Administer | Organizations, then select Assets under the Organization Manager.

  3. Right-click Application_1 in the detail view and select Manage Access Permission. The Manage Access Permission on Asset window displays.

  4. Select PortalUser from the list of roles. Select READ from the Available Permissions list and click Add to move it to the Assigned Permissions list. Confirm that the newly granted permission displays in the Access Permissions Granted On The Asset list at the bottom of the window.

  5. Click OK to save the granted permissions.

StepsCreate a proxy authentication information

  1. Log into Portal Studio with a user that has the Portal Security Officer (PSO) role. If you accepted the defaults during EP installation, the user name is “pso” and the password is “123qwe.”

  2. Select Administer | Organizations, select Users under the Organization Manager, and right-click the user for whom you want to create access to proxy authentication and select Proxy Authentication.

    NoteIf you have not created users yet, create a new user and assign them the PortalUser role. then click New on the toolbar. Refer to the Portal Studio online help—click Help in the Create New User window—or the Enterprise Security Administration Guide for details

  3. When the Manage User Proxy Authentication Information window displays, click New, then click Find in the Create User Proxy Authentication Information window.

  4. Select Application_1 and click OK.

  5. Enter the following information to complete the user proxy authentication information:

  6. Click OK. The Manage User Proxy Authentication Information window displays the new proxy authentication information entry.

  7. Click OK to exit the window.

You have finished creating the role-level proxy authentication information. Anyone who has the PortalUser role and uses sso.jsp to access the back-end application authenticates to that application using the user name and password provided in this last procedure.




Copyright © 2004. Sybase Inc. All rights reserved. Creating the single sign-on JSP

View this book as PDF