Use the ssoclsetup command (the Interstage Single Sign-On setup command) to set up Interstage Single Sign-On.
By executing the ssoclsetup command, the following servers (which are required for Interstage Single Sign-On) will be created.
Repository server (update system)
Authentication server
Business Server
The information set up by the ssoclsetup command is as follows:
Item | Settings |
|---|---|
Public directory | ou=interstage,o=fujitsu,dc=com |
Administrator DN | cn=manager |
Authentication Web server name | SSOauth |
Authentication server port number | 10443 |
Idle monitoring time | 30 minutes |
Re-authentication interval | 480 minutes |
Lock User | Consecutive failures: 6 |
Release lock | Auto release time: 30 min. |
Business server name | FJapache |
Business server port number | 80 |
Note
The following information is required to execute the ssoclsetup command:
(Mandatory)
Server FQDN
SSL definitions
(Optional)
SSO repository name
Port number of the SSO repository
For the server FQDN, specify the FQDN of the Admin Server that was specified when it was installed.
For the SSL definitions, specify the SSL definitions that were created in "Setting up for SSL communications".
For the SSO repository name, specify up to eight alphanumeric characters. If this option is omitted, "rep001" will be specified.
For the port number of the SSO repository, specify the port number of the SSO repository that was specified during installation.
Refer to "G.3.2 Interstage Single Sign-On System Creation Command" for details on the ssoclsetup command.
When the ssoclsetup command is executed, the password for the administrator DN will need to be entered, so enter the value that was specified during installation.
Creation procedure:
Execute the ssoclsetup command.
ssoclsetup FQDN SSLConfName [-rn RepositoryName] [-lp LDAPPort]
/opt/FJSVcfmg/sso/bin/ssoclsetup FQDN SSLConfName [-rn RepositoryName] [-lp LDAPPort]
Enter the password for the administrator DN of the SSO repository.
Example
The command execution example below uses the following settings:
- Server FQDN: ssoserver.example.com - SSL definition name: AuthSSL
Change the server FQDN and SSL definition name as necessary.
ssoclsetup ssoserver.example.com AuthSSL Please input SSO Repository administrator DN password Password: Retype: IREP: INFO: irep10815: Password file was created. file=C:\INTERS~3\F3FMsso\ssoatcsv\conf\tmp_passwdfile checking the repository configuration... (1/4) initializing the repository... (2/4) creating the public directory. (3/4) updating the repository management list... (4/4) IREP: INFO: irep70001: Repository environment configured. [rep001] IHS: INFO: ihs01000: The command terminated normally. IHS: INFO: ihs01000: The command terminated normally. IHS: INFO: ihs01000: The command terminated normally. IREP: INFO: irep70000: Repository environment setup updated. [rep001] IHS: INFO: ihs01000: The command terminated normally.
The command execution example below uses the following settings:.
- Server FQDN: ssoserver.example.com - SSL definition name: AuthSSL
Change the server FQDN and SSL definition name as necessary.
The execution example uses a Bourne shell.
# /opt/FJSVcfmg/sso/bin/ssoclsetup ssoserver.example.com AuthSSL Please input SSO Repository administrator DN password Password: Retype: UX:IREP: INFO: irep10815: Password file was created. file=/etc/opt/FJSVssosv/conf/tmp_passwdfile checking the repository configuration... (1/4) initializing the repository... (2/4) creating the public directory. (3/4) updating the repository management list... (4/4) UX:IREP: INFO: irep70001: Repository environment configured. [rep001] UX:IREP: INFO: irep10000: Repository started. [rep001] UX:IHS: INFO: ihs01000: The command terminated normally. UX:IHS: INFO: ihs01000: The command terminated normally. UX:IHS: INFO: ihs01000: The command terminated normally. UX:IREP: INFO: irep70000: Repository environment setup updated. [rep001] UX:IREP: INFO: irep10000: Repository started. [rep001] UX:IHS: INFO: ihs01000: The command terminated normally.
Creating test site certificates
Test site certificates can be used only when testing needs to be conducted before using a site certificate issued by a certificate authority. The following example shows how to create a test site certificate.
Note
Test site certificates can only be used for test environments.
Do not use test site certificates in actual operations.
Example
The command execution example below uses the following settings:
- Nickname of the test site certificate: testCert - First and last name: ssoserver.example.com - Organizational unit: FUJITSU TOKYO - Organization: FUJITSU - City or locality: Shinjuku - State or province: Tokyo - Country code: jp
The password that is entered is not displayed. For the first time, you will register the password. Enter "yes" to create a certificate using the information displayed to confirm the password that has been entered. Enter "no" to enter the information again.
scsmakeenv -n testCert New Password: Retype: Input X.500 distinguished names. What is your first and last name? [Unknown]: ssoserver.example.com What is the name of your organizational unit? [Unknown]: FUJITSU TOKYO What is the name of your organization? [Unknown]: FUJITSU What is the name of your City or Locality? [Unknown]: Shinjuku What is the name of your State or Province? [Unknown]: Tokyo What is the two-letter country code for this unit? [Un]: jp Is <CN=ssoserver.example.com, OU=FUJITSU TOKYO, O=FUJITSU, L=Shinjuku, ST=Tokyo,C=jp> correct? [no]: yes SCS: INFO: scs0102: Self-sign certificate was issued
The execution example uses a Bourne shell.
# JAVA_HOME=/opt/FJSVawjbk/jdk5;export JAVA_HOME # scsmakeenv -n testCert Password: Input X.500 distinguished names. What is your first and last name? [Unknown]: ssoserver.example.com What is the name of your organizational unit? [Unknown]: FUJITSU TOKYO What is the name of your organization? [Unknown]: FUJITSU What is the name of your City or Locality? [Unknown]: Shinjuku What is the name of your State or Province? [Unknown]: Tokyo What is the two-letter country code for this unit? [Un]: jp Is <CN=ssoserver.example.com, OU=FUJITSU TOKYO, O=FUJITSU, L=Shinjuku, ST=Tokyo,C=jp> correct? [no]: yes UX:SCS: INFO: scs0102: Self-sign certificate was issued #
Note
If an Interstage certificate environment has already been created, there will be a prompt asking you to enter the password for the Interstage certificate environment, so enter the password that was specified when the Interstage certificate environment was created.
