This section describes the procedure for setting up a repository server that configures the authentication infrastructure.
Use the Interstage Management Console of the machine in which a repository server is set up. Refer to the Operator’s Guide for details of starting the Interstage Management Console. Refer to the Operator’s Guide for details of the items to be defined in the Interstage Management Console.
Setting up a Repository Server in the System with a Single Repository Server
Perform the following procedure to set up a repository server in a single-repository server configuration:
Repository server setup
1. Create an SSO repository.
2. Register user information and role configuration in the SSO repository. 3. Set up the repository server.
Setting up a Repository Server in the Multiple Repository Server Configuration
Perform the following procedure to set up a repository server in the multiple-repository server configuration:
Set up an SSL communication environment of the repository server (update system) Set up a repository server (update system)
Perform the same procedure as that for setting up a repository server in the single repository server configuration.
1. Create an SSO repository (master) of the repository server (update system). 2. Register user information and role configuration in the SSO repository (master). 3. Set up the repository server (update system).
Set up a repository server (reference system)
1. Back up the SSO repository data for the repository server (update system).
2. Set up an SSL communication environment of the repository server (reference system). 3. Create an SSO repository (slave) for the repository server (reference system).
Repository Server Setup
Setting up a Repository Server for Addition of a Repository Server (Reference System)
Perform the following procedure to add a repository server (reference system) during operation:
Set up an SSL communication environment of the repository server (update system)
This step is not required when an SSL communication environment has been set up in the repository server (update system).
Set up a Repository Server (Reference System)
Perform the same procedure as that for setting up a repository server (reference system) in the system with multiple repository servers.
1. Back up the SSO repository data for the repository server (update system).
2. Set up an SSL communication environment of the repository server (reference system). 3. Create an SSO repository (slave) for the repository server (reference system).
4. Restore the SSO repository in the repository server (reference system).
5. Change the setting of the SSO repository for the restored repository server (reference system). 6. Set up the repository server (reference system).
7 Change the setting of the SSO repository for the repository server (update system).
Creating an SSO Repository
Create an SSO repository to set up a new authentication infrastructure.
Use the Interstage Management Console of the machine in which a repository server is set up and perform the procedure below. Refer to the Operator’s Guide for details of the items to be defined in the Interstage Management Console.
The SSO administrator must undertake the role of the repository administrator as described in the Interstage Management Console.
1. Select [Services] and then [Repository] from the System menu. Click on the [Create a New Repository] tab.
2. Specify items as described below.
Items with (*1) can be specified only when creating an SSO repository; they cannot be changed after the SSO repository has been created. Take special care when setting these values.
General Settings
− Repository Name (*1)
Specify the name of an SSO repository to be created. − Administrator DN (*1)
Specify a DN (distinguished name) of the administrator that manages the SSO repository to be created in the DN (distinguished name) format. (Example: cn=manager)
− Administrator DN password
− Administrator DN password (re-enter)
Re-enter the password for the SSO administrator. − Public Directory (*1)
'ou=interstage,o=fujitsu,dc=com' has been specified. Change this directory as necessary. − Create Default Tree? (*1)
Click 'Yes.'
When 'Create' is clicked and 'ou=interstage,o=fujitsu,dc=com' is specified in the public directory, the following directory trees are created:
Tree to be created Use
ou=User,ou=interstage,o=fujitsu,dc=com For registration user information
ou=SSO ACI,ou=interstage,o=fujitsu,dc=com For registering access control information ou=Resource,ou=SSO ACI,ou=interstage,o=fujitsu,dc=com For registering protection
resources
ou=Role,ou=SSO ACI,ou=interstage,o=fujitsu,dc=com For registering role configuration − Port number (*1)
Specify a port number to be used in non-SSL communication. − Enable SSL encryption? (*1)
Select 'No'.
If it is necessary for a user application to access the SSO repository using SSL communication, select 'Yes'. In this case, specify [SSL Port number] and [SSL configuration].
− SSL Port number(*1)
Specify the port number used in SSL communication. Specify this to select 'Yes' in [Enable SSL encryption?]. − SSL configuration
Select the SSL configuration used in SSL communication. Specify this to select 'Yes' in [Enable SSL encryption?].
Repository Server Setup
Detailed settings
Database Configuration
− Maximum number of searchable entries
Maximum number of entries that can be searched The default is '500 entries'. Change the value as necessary.
− Cache Size
The default is '1,000 pages'. One page consists of 4 kilobytes. Change the value as necessary. − Search Timeout
The default is '3,600 seconds'. Change the value as necessary. − User password encryption method (*1)
Select 'SHA.'
− Database Storage Directory (*1)
The following directory has been specified. Change the directory as necessary.
'C:\Interstage\Enabler\EnablerDStores\IREP'
'/var/opt/FJSVena/EnablerDStores/FJSVirep'
'/var/opt/FJSVena/DStores/FJSVirep' Access log Configuration
− Output Access Log?
Output access log Always select 'Yes'. − Output level
Select 'Client requests' and 'Server errors'. Select other items as necessary. − Access log storage directory
Change the value as necessary. − Rotation Type
Change the value as necessary. − Size
Change the value as necessary. − Number of access log files
Change the value as necessary.
4. Check the checkbox of the created SSO repository and click the Start button to start the SSO