frederic.vandevelde | 3 Sep 16:29 2007

JES5 UWC and Access Manager custom authentication module

Hi,

We are trying to change the authentication module that UWC is using  
to authenticate users to access manager.
We want users to pass by a custom authentication module which is  
trying to create a session for the user in Access Manager based
on specific criteria and pass to the standard LDAP module in case  
those criteria are not met.

In JES4 this is working perfectly by adapting the access manager  
login url called in login.jsp.

In JES5 the login.jsp file doesn't contain anymore this call to  
access manager login.

We have open a support call (37905540) but it didn't lead to a solution.

We can add the code from the JES4 login.jsp page in the JES5  
login.jsp page it will works but
is there a better way in JES5 UWC to call another AM module to  
authenticate users ?

Regards,
Frederic.

Steve Reynolds | 4 Sep 19:57 2007
Picon

Re: JES5 UWC and Access Manager custom authentication module

I had the same problem, no IplanetDirectoryPro cookie is created by the 
new JES5 CE login.  I thought it was me but I finally opened up a 
support case and yes the behavior is different.  It will recognize an 
established SSO token but will not create one on login.  This behavior 
is preventing me from moving forward on my JES5 implementation as we 
have other applications which use the the tokens for SSO and CE is a 
very common entry point.  I guess I'll have to cobble together a new 
login page and forward the user to /uwc from that.

If anyone has done the work and would like to share it, it would be 
appreciated.

steve

frederic.vandevelde@... wrote:
> Hi,
> 
> We are trying to change the authentication module that UWC is using to 
> authenticate users to access manager.
> We want users to pass by a custom authentication module which is trying 
> to create a session for the user in Access Manager based
> on specific criteria and pass to the standard LDAP module in case those 
> criteria are not met.
> 
> In JES4 this is working perfectly by adapting the access manager login 
> url called in login.jsp.
> 
> 
> In JES5 the login.jsp file doesn't contain anymore this call to access 
> manager login.
(Continue reading)

Vincent MAZARD | 5 Sep 16:56 2007
Picon

How to force webmail proxy to use a particule souce IP address

Hi everybody,

I have a serious issue on a multi-homed IMS platform (5.2 patch2 / Solaris 9 
Sparc)
the box has (unfortunately) two IP addresses in the same subnet (one for Ims 
and one for Calendar server)
on distinct network interfaces.
This box is used as a messenger express multiplexor.
No mailboxes. only a DMZ gateway used to access Webmail from the Internet.
When clients connect to the this gateway, it then connects to the backend 
postoffice
where the client's mailbox resides (in http).

The problem is that this box uses randomly both of its IP addresses, because 
they both
lead to the default gateway.
In result, if service.http.ipsecurity is enabled, the webmail session is 
quickly reset by the
backend server.

My question is then :

Is there a way to force the http service to use a particular source IP 
address ?

I found the 'interfaceaddress' channel keyword for the MTA. Is there an 
equivalent for the HTTP ?

Or :
Is there a way to 'tweak' the OS so that only one IP address will be used as 
(Continue reading)

Anthony Purcell | 5 Sep 17:04 2007
Picon

Re: How to force webmail proxy to use a particule souce IP address

Have you looked at the service.listenaddr configutil setting?

Regards,
Anthony

Vincent MAZARD wrote:
> Hi everybody,
> 
> I have a serious issue on a multi-homed IMS platform (5.2 patch2 / 
> Solaris 9 Sparc)
> the box has (unfortunately) two IP addresses in the same subnet (one for 
> Ims and one for Calendar server)
> on distinct network interfaces.
> This box is used as a messenger express multiplexor.
> No mailboxes. only a DMZ gateway used to access Webmail from the Internet.
> When clients connect to the this gateway, it then connects to the 
> backend postoffice
> where the client's mailbox resides (in http).
> 
> The problem is that this box uses randomly both of its IP addresses, 
> because they both
> lead to the default gateway.
> In result, if service.http.ipsecurity is enabled, the webmail session is 
> quickly reset by the
> backend server.
> 
> My question is then :
> 
> Is there a way to force the http service to use a particular source IP 
> address ?
(Continue reading)

Jeremy C Russell | 5 Sep 19:19 2007

docs.sun.com


Has anyone had any luck getting the Messaging Server 6.3 docs  <at>  sun.com
today?

I'm getting an Error: The requested item could not be found. any which way
I try to get to it...

Just wondering if I'm lucky enough to hit the same server (which is having
issues) every time I try.

Jeremy Russell
Unix Systems Administrator
Pre-Paid Legal Services, INC.
580.272.2834

---------------------------------------------------------------------------
Confidentiality Note:
This email and any attachment to it is confidential and protected by law 
and intended for the use of the individual(s) or entity named on the email.  
If the reader of this message is not the intended recipient, you are hereby 
notified that any dissemination or distribution of this communication is 
prohibited.  If you have received this communication in error, please 
notify the sender via return email and delete it completely from your email 
system.  If you have printed a copy of the email, please destroy it immediately.
Thank you
---------------------------------------------------------------------------

Joseph Sciallo | 5 Sep 19:36 2007
Picon

Re: docs.sun.com

Jeremy,

You're right, it appears that the MS 6.3 docs in 
http://docs.sun.com/app/docs/coll/1312.2 are not currently reachable. 
I'll check w/ the DSC folks to see what's going on.

If you need PDFs, you can download them as a zip file here:

http://www.sun.com/bigadmin/hubs/comms/files/COMMS5_DOCS.zip

- Joe Sciallo

Jeremy C Russell wrote:

>Has anyone had any luck getting the Messaging Server 6.3 docs  <at>  sun.com
>today?
>
>I'm getting an Error: The requested item could not be found. any which way
>I try to get to it...
>
>Just wondering if I'm lucky enough to hit the same server (which is having
>issues) every time I try.
>
>Jeremy Russell
>Unix Systems Administrator
>Pre-Paid Legal Services, INC.
>580.272.2834
>
>---------------------------------------------------------------------------
>Confidentiality Note:
(Continue reading)

Joseph Sciallo | 5 Sep 20:40 2007
Picon

Re: docs.sun.com

There was a problem that showed now be fixed. Please try to access the 
docs again.

Joe

Joseph Sciallo wrote:

> Jeremy,
>
> You're right, it appears that the MS 6.3 docs in 
> http://docs.sun.com/app/docs/coll/1312.2 are not currently reachable. 
> I'll check w/ the DSC folks to see what's going on.
>
> If you need PDFs, you can download them as a zip file here:
>
> http://www.sun.com/bigadmin/hubs/comms/files/COMMS5_DOCS.zip
>
> - Joe Sciallo
>
> Jeremy C Russell wrote:
>
>> Has anyone had any luck getting the Messaging Server 6.3 docs  <at>  sun.com
>> today?
>>
>> I'm getting an Error: The requested item could not be found. any 
>> which way
>> I try to get to it...
>>
>> Just wondering if I'm lucky enough to hit the same server (which is 
>> having
(Continue reading)

Vincent MAZARD | 6 Sep 15:54 2007
Picon

Re: How to force webmail proxy to use a particule souce IP address

The listenaddr is only used for the services to 'listen' to a particular IP.


It doesn't control which IP is used for outbound communications.

br,


Vincent




----- Original Message ----- 
From: "Anthony Purcell" <apurcell@...>
To: <Info-iMS@...>
Sent: Wednesday, September 05, 2007 5:04 PM
Subject: Re: [Info-iMS] How to force webmail proxy to use a particule souce 
IP address


> Have you looked at the service.listenaddr configutil setting?
>
> Regards,
> Anthony
>
> Vincent MAZARD wrote:
>> Hi everybody,
>>
>> I have a serious issue on a multi-homed IMS platform (5.2 patch2 / 
(Continue reading)

Vincent MAZARD | 6 Sep 15:57 2007
Picon

Re: How to force webmail proxy to use a particule souce IP address

This is a solution.
I would prefer a software solution but I'm afraid there aren't.

Thank a lot for this hint.

br,

Vincent

----- Original Message ----- 
From: "Brian C. Burkhart" <brian@...>
To: "Vincent MAZARD" <vmazard@...>
Sent: Wednesday, September 05, 2007 8:31 PM
Subject: Re: [Info-iMS] How to force webmail proxy to use a particule souce 
IP address


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

You can set the deprecated flag on the interface you don't want to be used
as a source address(ifconfig). That will keep any outbound communications
from going out that interface at the OS level, though. That may not be
what you want.

- -- 
     Brian C. Burkhart - Asst. Dir. Network Systems
   OneNet/Oklahoma State Regents for Higher Education
brian@... - Ph: 405-225-9444 - Fax: 405-225-9250

(Continue reading)

Sebastien Manningham | 7 Sep 16:38 2007
Picon

Re: use Communication Express with SSO and Access Manager Distributed Authentication User Interface

Hello,

I don't know if there is some improvements with this plugin, but last
year I tried it and was never able to install it. My contacts at Sun
suggested me to simply configure a reverse proxy to do the same job,
so I dropped this.

I am using the reverse proxy plugin with Sun Web server 6.1 SP5 and
this is fast to implement and working fine.

On 8/8/07, Bruno LEZORAY <bruno.lezoray@...> wrote:
> Hi all,
>
> We are installing a Communications Suite 5 platform with a
> frontend/backend architecture ; one frontend server, one backend server
> linked by a FW.
>
> Access Manager 7.1 is intalled on the backend server, Communications
> Express 6.3 is installed on the frontend.
> We want to enable SSO on Communications Express, using Access Manager.
>
> Because we are in a frontend/backend architecture, we think that we
> should use the Access Manager component "Distributed Authentication User
> Interface" on the frontend. This architecture is described in the "Sun
> Java System Access Manager 7.1 Technical Overview" (819-4669-10) guide
> page 67. The goal is to install Access manager only the backend server.
> Do you know if Communications Express is able to run with SSO enabled on
> a server where only the "Distributed Authentication User Interface" is
> installed ?
> First tests encounter some Java errors during the Web Server startup
(Continue reading)


Gmane