• No results found

NetIQ Access Manager 3.2 integration

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "NetIQ Access Manager 3.2 integration"

Copied!
9
0
0

Loading.... (view fulltext now)

Download now ( 9 Page )

Full text

(1)

KeyShield SSO

KeyShield SSO

NetIQ Access Manager 3.2 integration

NetIQ Access Manager 3.2 integration

system integrator documentation

(2)

Introduction

KeyShield SSO authenticates not only a browser session but the user's device at all. All widely used platforms are supported, visit

http://www.keyshieldsso.com/clients-authentication for detailed information. Once the NAM is connected to the KeyShield SSO, no further browser session authentication is required. This is perfect for all desktop users who are authenticating every morning to eDirectory or Active Directory.

Mobile users can profit from KeyShield SSO integration as well, because they don't need to type their username and password on the touch screen keyboard. At iOS device for example, the username and password can be stored in so called keychain. Then they can start the KeyShield SSO client and start using the browser. That's it.

Installation steps

1. Install integration module

First of all, you need a configured and running NAM with at least one LDAP user source. See the screenshot below for reference. In this case we have 2 different user sources (LDAP directories). The integration package consist of few libraries, which has to be installed into the NAM LIB directory at the NAM server. We provide a comfortable installation script

inst_kshield-netiq_1.0.1.bin

which is available for download at www.keyshieldsso.com/downloads. This script does NO changes to NAM, it just stores required libraries into the LIB directory and sets necessary access rights to them. Once you are done with libraries installation, you can start configuring SSO authentication for NAM. List of 2 configured user stores:

(3)

2. Define authentication class

Please note: For detailed description refer to the Identity Server Guide section

3.2 Creating Authentication Classes.

You need to create a new Authentication Class first. Use whatever Display Name you prefer, easy and descriptive one is recommended. The Java class

property value must be set to Other and Java class path to

cz.tdp.kshield.integration.KShieldClass (see the screen shot below)

Click Next to properties page. Here you must add at least a kshieldUrl

property. It's value has to be a complete link to your KeyShieldSSO server. For example http://172.22.78.101:8485 or https://172.22.78.101:8486 for SSL connection (not required inside the server room).

If you need to use more then one user stores or the KeyShield SSO server is using more then one LDAP sources, you have to map them to each other. Each store has to be mapped by a separate property. The name of the property is constructed by user_store_name .connectorID. The value of the property has

to be the respective KeyShield SSO server connector name (visit the configuration page of the KeyShield SSO web management console for a list of connectors and their names).

(4)

If the user is not authenticated to the KeyShield SSO server, SSO authentication fails. The control is then passed to the PasswordClass authentication class by default. If you need to fall back to different class, you can define a fallbackClass property. It's value is a name of existing

authentication Java class (e.g. PasswordClass, BasicClass, ProtectedPasswordClass), which is requested to be used if the SSO

authentication fails.

Now confirm creation of the new authentication class and it appears in the list – see the screen shot below.

(5)

3. Define authentication method

Please note: For detailed description refer to the Identity Server Guide section

3.3 Configuring Authentication Methods.

Now the new authentication method, instance of the KeyShield SSO authentication class, has to be created. Make sure that Identifies User

option is checked. (see the screen shot below) User stores must be selected here again.

Now confirm creation of the new authentication method and it appears in the list – see the screen shot below.

(6)

4. Define authentication contract

Please note: For detailed description refer to the Identity Server Guide section

3.4 Configuring Authentication Contracts.

Also a new Authentication Contract has to be created. This contract will use KeyShield SSO authentication method. The URI attribute must be set as well. The value is not used but it must be unique within the NAM instance. It's recommended to use just /kshield

For a proper function of the Authentication contract, authentication card must be configured incl. A picture. Please use Customizable and it's picture or upload whatever you want.

(7)

Now confirm creation of the new authentication contract and it appears in the list – see the screen shot below.

(8)

5. Specify authentication defaults

Please note: For detailed description refer to the Identity Server Guide section

3.5 Specifying Authentication Defaults.

The SSO authentication must be used as the first authentication contract, otherwise the user will be asked for username and password, certificate, card, etc Please refer to the screen shot below for a proper SSO configuration – KeyShield SSO contract must be set as default.

Please note: if this SSO authentication fails (for example because the user is not authenticated to the KeyShield SSO server), the control is passed to the fallback Authentication class configured as a property of the KeyShield SSO Authentication Class.

(9)

6. Restart Identity server

Now restart Identity Server to apply changes. Now you can use the KeyShield SSO authentication with your NetIQ Access Manager.

References

Download now ( PDF - 9 Page - 364.39 KB )

Related documents

Barney, J.B., 1991. Firm Resources and Sustained Competitive Advantage..pdf

In general, as long as the number of firms that possess a particular valuable re- source (or a bundle of valuable resources) is less than the number of firms needed to generate

Perceptions of Transition and the Crisis in Macedonia

This paper provides an analysis of people’s perceptions about the effects of the transition process and economic crisis in Macedonia, as extrapolated from UNDP surveys

ASNA A L A S K A S C H O O L N U R S E S A S S O C I A T I O N

Not only are we trying to promote ourselves, but we are also trying to make things better for the students we serve, the future of school nursing and the health of our

Annotating a corpus of Early Modern English writing for categories of discourse presentation

Since our aim was to compare the forms and functions of discourse presentation in EModE with those of PDE, the sampling frame for our corpus follows the principles of

2021 URBAN LAND MEDIA PLANNER

ADVERTISE IN URBAN LAND AND REACH A GLOBAL AUDIENCE The Urban Land Institute’s flagship publication, Urban Land magazine, provides insight into leading trends and issues in

Has the Basel II Accord Encouraged Risk Management During the 2008-09 Financial Crisis?

This paper defines risk management in terms of choosing sensibly from a variety of risk models, discusses the selection of optimal risk models, considers combining alternative

Walks of Life: The Journey of (some) Women

P18 simply put, “I do not do anything physically romantic to a platonic female friend.” Likewise, P25 stated, “I would be more intimate with a romantic partner.” Three

Trustworthiness in E-Commerce

A study conducted by Consumer WebWatch between December of 2001 and January of 2002 found that less than 30% of online shoppers trust online stores and 80% feel it is important