iPlanet Web Server 

Use

This procedure describes how to add a filter to an application running with iPlanet Web Server. This filter has two functions:

·       Enable the application to support Single Sign-On with SAP logon tickets from the Enterprise Portal

·       Provide logon tickets for multiple domains. For more information, see Issuing SAP Logon Tickets for Multiple Domains.

 

Procedure

The library used for iPlanet Web Server is called ipl_sso.dll. For details on where to find ipl_sso.dll, see SAP Note 0442401.

...

      1.      Copy the ipl_sso.dll library to a suitable location on the Web server and create a file calledverify.properties

      2.      Copy verify.pse from the Portal Server to the Web server.

This is only necessary if the Web server of the non-SAP application is installed on a different machine to the Portal Server.

You can find verify.pse at <servlet_engine>\irj\WEB-Inf\plugins\portal\services\usermanagement\data.

      3.      Add the following directive to magnus.conf, which is the configuration file for the iPlanet Web Server:

Init fn="load-modules" shlib="<path to lib>ipl_sso.<dll|so>"

funcs="CheckAccess,SendTeachCookie,Initialize" shlib_flags="(global|now)"

Init fn="Initialize" propertyfile="<path>/verify.properties"

      4.      Add the following directives to obj.conf, which configures the checking of the ticket per directory:

<Object ppath="<document-root>/<path to check>">

AuthTrans fn="CheckAccess"

</Object>

 

<Object ppath="<document-root>/irj/servlet/prt/portal/
prtroot/InitialLogonSupport.default">

Service method=(POST) fn="SendTeachCookie"

</Object>

Note that you have to use the same path for <document-root> as defined for document root in the default settings.

      5.      In the file verify.properties, set the following parameters:

Set the parameter

To the value

Comment

log_file

<path>

Specify the full path of a log file

log_level

0, 1, 2 or 3

These are the log levels.
0 - no logs written to the file
1 - Only errors are written to the file
2 - Errors and warnings are written to the file
3 - All information is written to the file

remote_user_alias

<value of the http variable to be added>

Name of the header variable in which the filter writes the authenticated user. Make sure not to use a <SPACE> in the name

application

sap or portal

Specifies whether the filter is to extract the SAP user ID or the portal user ID from the SAP logon ticket

pse_file

<path>

Specify the full path of the verify.pse file, which contains the digital certificate of the Portal Server.

      6.      Restart the Web server.

 

Result

Any HTTP request to the Web server that includes a logon ticket will be filtered by the shared library.