Use the following procedure to create an environment for the authentication server.
Start the Interstage Management Console.
Refer to "How to start the Interstage Management Console" for details on how to start the Interstage Management Console.
In the Interstage Management Console window, select System >> Security >> Single Sign-on >> Authentication infrastructure, and then click the Authentication infrastructure Settings tab.
In the Interstage Management Console window, select Setup Repository server and Authentication server to a single server and then click the Next button.
In the Interstage Management Console window, select the directory service that stores common user information, and then click the Next button.
When the Interstage Directory Service is used
Select Interstage Directory Service.
When Active Directory is used
Select Active Directory and then select the Use a Single Sign-on extended schema check box.
Point
To use Active Directory to authenticate users that already exist on Active Directory or users that have been added by methods other than the user management command, specify the following attributes.
Attribute | Attribute value |
|---|---|
ssoAuthType | basicAuth |
ssoCredentialTTL | 0 |
ssoFailureCount | 0 |
ssoUserStatus | good |
Set up the following items:
Authentication infrastructure URL
This item displays the URL of the authentication infrastructure for receiving accesses from business systems.
Specify the FQDN (host name + domain name) using up to 255 bytes.
The following characters can be used:
Alphanumeric characters
Symbols (. -)
However, these symbols cannot be specified at the beginning or end of the string.
Data cannot be entered using IPv6 format.
Numbers between 1 and 65535 can be specified for the port number.
Repository server (update system) URL
Specify the host name (including the FQDN) and port number of the repository server (for the update system) that will be made available to the authentication server. Be sure to specify this item.
Host name
Between 1 and 255 bytes of the following characters can be specified. Data cannot be entered using IPv6 format.
Alphanumeric characters
Symbols (. -)
The following symbols cannot be specified at the beginning or end of the string.
Port number
Values between 1 and 65535 can be specified. The default value is "10550".
Web Server used
Select which Web server will be used by the repository server and the authentication server. Be sure to select a Web server for the Web Server used item. The Web server that has been created as a Single Sign-On Server will not be displayed as an option.
When a Web server is selected, the host information and SSL status of the selected Web server will be displayed.
Specify the port number of the repository server (for the update system). Be sure to specify the port number.
Values between 1 and 65535 can be specified, and the default value is "10550".
The authentication server is created on the main host of the selected Web server.
The repository server is created on the virtual host for the selected Web server that uses the specified port number (the port number specified for the _default_ item).
Active Directory Settings
When using Active Directory for the Systemwalker authentication repository, specify the following connection information for Active Directory.
To use Active Directory as the directory service where user information is registered, be sure to specify the Active Directory Settings item.
Directory service URL
Specify the schema, host name (including the FQDN) and port number for Active Directory.
Specify the host name using up to 255 bytes.
The following characters can be used:
Alphanumeric characters
Symbols (. -)
However, these symbols cannot be specified at the beginning or end of the string.
Data cannot be entered using IPv6 format.
Values between 1 and 65535 can be specified for the port number, and the default value is "636".
Point
An environment for SSL communications must be set up if LDAPS communications are to be used between Active Directory and the Systemwalker Single Sign-On Server.
Connection DN
Specify the DN (distinguished name) for the Active Directory user.
Specify a string between 1 and 576 bytes long.
The specified user must have the following privileges.
Privileges required | |
|---|---|
If the extended schema for the Single Sign-On function is not used | Permission to view information about all users that use the Single Sign-On function |
If the extended schema for the Single Sign-On function is used | Permissions to view and update information about all users that use the Single Sign-On function |
Example:
When the connection DN is "Administrator"
The "Administrator" user belongs to the "Users" container, so specify the connection DN as follows:
CN=Administrator,CN=Users,DC=fujitsu,DC=com |
Connection DN password
Specify the password for the user whose DN (distinguished name) was specified for Connection DN, using up to 128 bytes.
The following characters can be used:
Alphanumeric characters
Symbols
Spaces
SSL configuration
If ldaps has been selected as the URL scheme for the directory service, select which SSL configuration to use for SSL communications.
User Information Registry Entry
Specify the directory where user information is stored. Be sure to specify the User Information Registry Entry item.
Specify a string between 1 and 576 bytes long.
Click the Show link for Authentication server detailed settings.
Set up the following items, and then click the Show link for Session management detailed settings.
Enable HTTP communication in Business system? in Communication Settings with Business system
Select either "HTTP" or "HTTPS" according to the communications method that is used to access the Web console for Systemwalker products.
Note that the default value for the HTTP communications method for Systemwalker products is "HTTP".
Authentication method in Authentication method Setting
Select Password/Certificate authentication.
Input User ID/Password in Password Authentication Settings
Select Form authentication page.
Set up the following items and click the Create button.
Use Session management? in Session management Setting
Select No. The following confirmation window will be displayed. Check the settings and then click the OK button.
In the Interstage Management Console window, select System >> Security >> Single Sign-on >> Authentication infrastructure >> Repository server >> Protection resource and then click the Create a New Site configuration tab.
Specify the FQDN and Port number items under Site Configuration Settings, and then click the Create button.
Specify the public URL for Systemwalker (except for the scheme part that indicates the protocol).
Be sure to specify the FQDN and port number.
Specify the FQDN (host name + domain name) using up to 255 bytes.
The following characters can be used:
Alphanumeric characters
Symbols (. -)
However, these symbols cannot be specified at the beginning or end of the string.
Data cannot be entered using IPv6 format.
Numbers between 1 and 65535 can be specified for the port number.
The default value is "443".
Example:
If the public URL for Systemwalker is "https://www.fujitsu.com:443", for example, specify the following values.
FQDN: "www.fujitsu.com"
Port number: "443"
In the Interstage Management Console window, select System >> Security >> Single Sign-on >> Authentication infrastructure >> Repository server >> Protection resource >> <FQDN: Port number> >> Protection path, and then click the Create a New Path configuration tab.
Set up the Path item under Path Configuration Settings.
Specify the path to be authorized. Be sure to specify the Path item.
Specify a string between 1 and 256 bytes long.
Note that the public URLs for Systemwalker products are as follows:
Systemwalker product | Public URL |
|---|---|
Systemwalker Centric Manager | /Systemwalker/ /MpScript/ |
Systemwalker Service Quality Coordinator | /SSQC/ |
Point
The number of characters
Because the Unicode UTF-8 character encoding is used, calculate the number of characters that can be used on the basis that one single-byte alphanumeric character uses one byte, and other characters use between one and four bytes.
Point
Windows versions of Systemwalker products
The 8.3 format file names that are automatically generated from long file names cannot be specified in URL paths.
A period (".") cannot be specified at the end of the <folder name>/<file name> strings that are specified in URL paths.
Note
Path specifications
Path strings must start with a forward slash "/".
To specify a directory, place a forward slash ("/") at the end of the string.
To authorize an entire site configuration, specify only a single forward slash ("/") for the path.
Strings containing the following substrings cannot be specified: "//", "/./" and "/../".
Strings ending with the following substrings cannot be specified: "/." and "/..".
Strings that end in a blank space cannot be specified.
For the path, specify the part of the path that follows the public URL for Systemwalker.
Example:
If the path "/admin/" is added to a site configuration where the public URL for the business system is "https://www.fujitsu.com:443", the "https://www.fujitsu.com:443/admin/" directory and all of its subdirectories will be protected.
Click the Create button.
In the Interstage Management Console window, select System >> Security >> Single Sign-on >> Authentication infrastructure, and then click the Business system setup file tab.
Specify the Public URL item under Business system information.
Specify the protocol (scheme) for the public URL for Systemwalker, and the site definition.
Be sure to specify the Public URL item.
Specify settings for Password set to the file.
Password
Specify the password that is used to encrypt the business system setup file.
Be sure to specify the Password item.
Password (re-entry)
Enter the password again.
Be sure to specify the Password (re-entry) item.
Specify the Repository Server URL under Authentication Infrastructure Information Settings.
Specify the FQDN (host name + domain name) of the URL for the repository server, as well as the port number.
Be sure to specify the Repository Server URL item.
Specify the FQDN (host name + domain name) using up to 255 bytes.
The following characters can be used:
Alphanumeric characters
Symbols (. -)
However, these symbols cannot be specified at the beginning or end of the string.
Data cannot be entered using IPv6 format. Numbers between 1 and 65535 can be specified for the port number.
Download the business system setup file by clicking the Download button. Copy the business system setup file to an arbitrary location for the following Systemwalker products, for which Web consoles have been installed.
This business system setup file is used in "Setting up the Systemwalker Single Sign-On Agent".
Systemwalker product | Installation type |
|---|---|
Systemwalker Centric Manager | Operation Management Server |
Systemwalker Service Quality Coordinator | Operation Management Client |
Change the default login screen for Interstage to the login screen for Systemwalker.
Note
Do not specify this setting if a single sign-on environment has already been created on a business system where the Systemwalker Single Sign-On function has not been installed.
Change the login screen by copying the files that are stored for the following Systemwalker products to either the server where the Systemwalker Single Sign-On Server has been installed or the server where Interstage Application Server has been installed.
Systemwalker product | Installation type |
|---|---|
Systemwalker Centric Manager | Operation Management Server |
Systemwalker Service Quality Coordinator | Operation Management Client |
Use the following procedure to copy the files.
Copy all of the files stored in the "Source 1" directory below to the "Destination 1" directory.
[Source 1]
The following storage directory for each Systemwalker product
OS | Location |
|---|---|
Windows | %F4AM_INSTALL_PATH%\F4AMidmg\sample\SSO\AuthServer\template |
UNIX | /opt/FJSVswaic/sample/SSO/AuthServer/template |
[Destination 1]
The following directory on the server where the Systemwalker Single Sign-On Server has been installed or the server where Interstage Application Server has been installed
OS | Location |
|---|---|
Windows | <Interstage installation directory>\F3FMsso\ssoatcag\pub\template |
UNIX | /etc/opt/FJSVssoac/pub/template/ |
Copy all of the files stored in the "Source 2" directory below to the "Destination 2" directory.
[Source 2]
The following storage directory for each Systemwalker product
OS | Location |
|---|---|
Windows | %F4AM_INSTALL_PATH%\F4AMidmg\sample\SSO\AuthServer\htdocs |
UNIX | /opt/FJSVswaic/sample/SSO/AuthServer/htdocs |
[Destination 2]
The following directory on the server where the Systemwalker Single Sign-On Server has been installed or the server where Interstage Application Server has been installed
OS | Location |
|---|---|
Windows | <Interstage installation directory>\F3FMihs\servers\<Web server name for the authentication server>(*1)\htdocs |
UNIX | /var/opt/FJSVihs/servers/<Web server name for the authentication server>(*1)/htdocs |
*1)
The Web server name for the authentication server is the Web server name that was entered in step 3 of "Creating an Environment for the Web Server Used for the Authentication Server".
In the Interstage Management Console window, select System >> Services >> Web Server.
Select a Web server for the authentication server, and then click the Start button.
If the Web server starts successfully, the following message will be displayed in the Interstage Management Console.
[Date/Time]...Web server name: <Web server name for the authentication server> |
If the Web server fails to start, take action according to the message that is displayed.
For the Windows version, set up the service dependency relationships between the Systemwalker authentication repository and the Web server used for the authentication server.
Set up the service dependency relationships by executing the following command:
ssosetsvc <Systemwalker authentication repository name> <Web server name used for the authentication server> |
For <Systemwalker authentication repository name>, specify the repository name that was specified in step 3 of "When the Interstage Directory Service is used" under "Creating an Environment for the Systemwalker Authentication Repository".
For <Web server name used for the authentication server>, specify the Web server name that was specified in step 3 of "Creating an Environment for the Web Server Used for the Authentication Server".
[Command location]
OS | Location |
|---|---|
Windows | <Interstage installation directory>\bin |
