NonStop Servlets for JavaServer Pages (5.0) System Administrator's Guide

ManualsBrandsHP ManualsServerHP NonStop G-Series

101

102

103

104

105

106

107

108

109

110

Configuring NSJSP

NonStop Servlets for JavaServer Pages (NSJSP) System Administrator’s Guide—525644-002

3-46

Configuring Single Sign-On Support

select this option, the contents of the password that is stored in the realm must be the

digested version of the clear text password, as digested by the specified algorithm.

When the authenticate() method of the realm is called, the (clear text) password

specified by the user is itself digested by the same algorithm, and the result is

compared with the value returned by the Realm. A match means that the user is

authorized.

To calculate the digested value of a clear text password, two convenient techniques

are supported:

•

If you are writing an application that needs to calculate digested passwords

dynamically, call the static Digest() method of the

org.apache.catalina.realm.RealmBase class, passing the clear text

password and the digest algorithm name as arguments. This method returns the

digested password.

•

A command line utility is provided to calculate the digested password, type

$NSJSP_HOME/conf/nsjsp_digestPassword \

{digest algorithm} {cleartext-password}

and the digested version of this clear text password is returned to standard output.

Configuring Single Sign-On Support

NSJSP enables users to authenticate themselves just once across the entire set of

web applications associated with a virtual host. To successfully configure NSJSP for

single sign-on support, the following requirements must be taken into account:

•

All clients that intend to use single sign-on support must provide support for

cookies, which maintain the user identity across web applications.

•

As implemented in the NSJSP container, the scope of single sign-on support is the

entire set of web applications registered with a single virtual host.

The system administrator must configure the

$NSJSP_HOME/conf/iTP_server.xml file as follows to enable single sign-on

support:

1. At the <Engine> or <Host> level, configure a <Realm> element that defines the

database of valid users and their corresponding roles. In the default configuration

shipped with NSJSP, this configuration is done at the <Engine> level.

It is recommended that you not configure a <Realm> element inside one of the

<Context> elements describing the web applications associated with this virtual

host. If you configure a <Realm> element inside a context element than the same

user credentials (username and password) need to be in this realm to support

single sign-on.

2. Nested inside the <Host> element, include the element as shown in

Example 3-31.