Sun Access Manager - Single Sign-on set up

I just installed Sun Java Enterprise System 5 with Access Manager 7.1. I want to do two simple testing for the Single Sign-On. I create a two-page website with a login hosted in Sun Web Server 7.0. When I open this website, I want it automatically redirect to Access Manager to check the identity. Once the identity checking pass, Access Manager will redirect back to the website and open the login.

I browse all the documentation from Sun and other forum. I still cannot figure out the configuration. Here it's my problems
1. I try to deploy php application to Sun Web server, it seems not accepted
2. how to configure agent in web server or application server? and generate a key
3. How to configure the website into Access Manager to authenticate it?
wasabi3689Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Brian UtterbackPrinciple Software EngineerCommented:
It's not exactly the same set up, but this article may help you:

http://developers.sun.com/identity/reference/techart/sso.html

The setup you describe is pretty complex. A better choice for help on your specific problem is probably at http://forum.java.sun.com 
0
wasabi3689Author Commented:
I read the http://developers.sun.com/identity/reference/techart/sso.html before and tried it but it still complex. I want something simple and straigh forward for the setup.
0
Brian UtterbackPrinciple Software EngineerCommented:
Unfortunately, there really isn't anything simple for single-sign-on. That's why it has only recently become
a reality. Authentication on the server is much easier. Do you really need the full scale SSO? Figuring out
what you really need is the first step towards figuring out the solution. Perhaps there is a simpler solution
that will still fit your needs.
0
Cloud Class® Course: CompTIA Cloud+

The CompTIA Cloud+ Basic training course will teach you about cloud concepts and models, data storage, networking, and network infrastructure.

wasabi3689Author Commented:
Here it's what I want.

I want to create a SSO system so that the users are no need to login more than once if they want to open different websites

These websites are hosted either in apache server or tomcat and they are developed either by php, java...

Now the problem is when a user clicks on a site, he needs to input his user name and password, then when he opens another site, he needs to do again.

With the SSO, users just need to input login once.

what is the simple solution?
0
Brian UtterbackPrinciple Software EngineerCommented:
There is no simple solution that is secure.  Sorry to be the bearer of bad news, but that is the
simple fact. SSO is hard.

It can be done more simply if you do not really need the solution to be secure. If you trust your uses
and are using logins more for bookkeeping than for access control, then there might be simple solutions,
but I don't know off hand what they are. And, alas, most people do require the security, particularly these
days for SOX compliance.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
wasabi3689Author Commented:
hi blu,

Please tell me simple solution if I don't really need the solution to be secure. How can I do that?
0
Brian UtterbackPrinciple Software EngineerCommented:
Just set a cookie. Use a cgi-script to set up the cookie, and then read the cookie from the other applications.
0
wasabi3689Author Commented:
Do you have sample code?
0
Brian UtterbackPrinciple Software EngineerCommented:
Nope, sorry.  But it would be pretty simple. Present a form that asked for a password and account. Then encode the information
about the user account into a cookie and return it to the browser. Then on all you applications, simply look for that cookie and use the account info from there. This is the method that was originally used by various sites, and still used to recall preferences, but it is not at all secure, since once the coding in the cookie is cracked, anybody could impersonate anybody else.
0
wasabi3689Author Commented:
Here it what I plan.

I plan to create a standard login module for every application (php, java, jsp...etc). Then every applcation used this standard login module.

The form include two input field user name and password and a submit button. But can you tell me more specific how to look for the cookie... how to code this part? or a link for this method for a reference
0
Brian UtterbackPrinciple Software EngineerCommented:
You mentioned PHP in the original question, so I am going to assume that you are using it. Read this:
http://docs.php.net/manual/en/features.cookies.php
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Unix OS

From novice to tech pro — start learning today.