convergence + sso
807574Mar 27 2009 — edited Feb 10 2020Hello,
I have following problem with convergence and sso.
I have deployed:
uwc, access manager 7.1 (legacy mode) on web server.
convergence, access manager client's sdk on application server 9.1. (client sdk because access manager is installed on different container than convergence)
I have managed to setup sso. I can for example login to access manager on user john_doe, then enter http://example.com/uwc and without authorization I can enter my mailbox. But if I try to enter http://example.com:8080/iwc I get login page of iwc.
In iwc.log I can find:
AUTH: ERROR from com.sun.comms.client.web.sso.SSOFilter Thread httpSSLWorkerThread-8080-1 at 2009-03-27 14:53:22,379 - Unabled to load the class due to com/iplanet/sso/SSOException
AUTH: ERROR from com.sun.comms.client.web.sso.SSOFilter Thread httpSSLWorkerThread-8080-1 at 2009-03-27 14:53:22,380 - Unabled to instantiate SSO Provider
AUTH: DEBUG from com.sun.comms.client.web.auth.IwcAuthController Thread httpSSLWorkerThread-8080-1 at 2009-03-27 14:53:22,388 - No valid session found, redirecting to login page
AUTH: DEBUG from com.sun.comms.client.web.auth.IwcAuthController Thread httpSSLWorkerThread-8080-1 at 2009-03-27 14:53:22,396 - Redirecting to: /iwc_static/layout/login.html?lang=en-us&4.01_145408&svcs=calendar,mail,abs
AUTH: DEBUG from com.sun.comms.client.web.sso.SSOFilter Thread httpSSLWorkerThread-8080-2 at 2009-03-27 14:58:36,006 - /iwc/svc/iwcp/login.iwc is passthrough the filter
I have setup sso in convergence based on:
http://wikis.sun.com/display/CommSuite/Sun+Convergence+Administrative+Tasks
I also don't understand how convergence uses Access Manager client SDK to talk to Access Manager, I have followed the documentation but can't see it (I think I've installed client SDK correctly because I have tested it with http://example.com:8080/amclient/webapps/* webapps).
Do you have any suggestions?
Regards
Marek Barczyk
# iwcadmin -u admin -W password_file -l | grep auth
auth.am.callbackhandler = com.sun.comms.client.security.auth.AppCallbackHandler
auth.am.cookiedomain = .example.com
auth.am.cookiename = iPlanetDirectoryPro
auth.am.indexname = LDAP
auth.am.loginimpl = com.sun.comms.client.security.auth.modules.impl.SunAMLoginModule
auth.am.realmmode = false
auth.custom.callbackhandler =
auth.custom.loginimpl =
auth.custom.servicename =
auth.ldap.basedn =
auth.ldap.binddn =
auth.ldap.bindpwd =
auth.ldap.callbackhandler =
auth.ldap.dcroot =
auth.ldap.domainfilter =
auth.ldap.enablessl =
auth.ldap.host =
auth.ldap.loginimpl =
auth.ldap.maxpool =
auth.ldap.minpool =
auth.ldap.monitoringinterval =
auth.ldap.port =
auth.ldap.refreshinterval =
auth.ldap.schemaversion =
auth.ldap.timeout =
auth.ldap.ugfilter =
base.enableauthonlyssl = false
# iwcadmin -u admin -W password_file -l | grep sso
sso.adminpwd = .......................
sso.adminuid = amadmin
sso.enable = true
sso.enablerefreshsso =
sso.enablesignoff = true
sso.notifyserviceimpl = com.sun.comms.client.security.sso.impl.AMSSOTokenListener
sso.refreshinterval =
sso.ssoserviceimpl = com.sun.comms.client.security.sso.impl.AMSSOProvider