Administration Manual
Modifying the S
earch The IAP Archive agent
If you selected
Internet Address in step 11 of Configuring the HP EAs–D SSO database and the Generate
SSO T okens agen
t, perform the following steps in the user’s mail file:
1. In the Share d C
ode section of the user’s mail file, o pen the Agents list and select the Search The IAP
Archive agent.
2. Open the agent.
3. In the I nitialize section of the agent:
a. Remove the “
’”characterfrom’gConfigLoginItem = ITEM_INET_ADDR.
b. Add the “’”charactertogConfigLoginItem = ITEM_SHORT_NAME.
The item is changed to ’gConfigLoginItem = ITEM_SHORT_NAME.
c. Save the cha
nge and close the agent.
Configuring S SO on the IAP
Installing the secret key
For the IAP to accept Domino SSO authentication, you must install the secret SSO key into the L3 Registry
running on
the IAP kickstart server.
NOTE:
SSO can only be used with IAP version 1 .6.1 or later. If you are using IAP version 1.6.1, make sure
the 1.6.1 Hotfixsoftwareisinstalled.
To install the SSO secret, SSH into the IAP kickstart machine, and then perform the following steps:
1. Navigate to the /install/tools/registry/loader directory and issue the following
command:
vi SSO_DOMINO.archive
2. In line 4 of the SSO_DOMINO.archive file, enter the secret SSO key after key:.
For example, key:[secret SSO key]
Use the secret key as it appears in the XML file that you exported earlier. (See step 10 in
“Configuring the HP EAs–D SSO database and the G enerate SSO Tokens agent” on page 96). Be
sure to include all text between the <RIMSSO version=”1.6”> and </RIMSSO> tags in the XML
file, including the da te stamp that appears at the end.
3. Navigate to the /install/tools/registry/bin directory and run the RegistryLoader using the
following command:
regloader.pl -l
Domino SSO is enabled on the IAP after the RegistryLoader is run.
IMPORTANT:
Whenever the IAP is kickstarted, the SSO secret key is lost and these steps must be repeated.
102
Configuring IAP single sign-on