Chapter 10. WebSphere Connection Manager single sign-on using LTPA 329
10.2 Sample scenario
In this section, a sample scenario shown in Figure 10-1 on page 330, is
configured to illustrate the HTTP Access Services function implemented in
Everyplace Connection Manager. In this sample scenario, the following
machines are used:
Everyplace Connection Manager server
– SUSE Linux Enterprise Server 8 (Service Pack 3)
– IBM DB2 Universal Database 8.2
– IBM Directory Services V5.2
– IBM WebSphere Everyplace Connection Manager V5.1
LDAP Directory server
– Microsoft Windows 2000 Server ServicePack 4
– IBM Tivoli Directory Server 5.1
Reverse Caching Proxy server
– Microsoft Windows 2000 Server ServicePack 4
– IBM WebSphere Edge Server 2.0
WebSphere Everyplace Access server
– Microsoft Windows 2000 Server ServicePack 4
– IBM WebSphere Everyplace Access V5
Gatekeeper
– Microsoft Windows 2000 Professional
– IBM WebSphere Connection Manager Gatekeeper V5.0
HTTP client
– SUSE Linux Enterprise Server 8 (Service Pack 3)
– Mozzila 1.8a3
Important: The SSO scenario shown in this chapter requires the latest
fixpacks and code fixes. Visit the Connection Manager support Web site to get
the latest fixes:
http://www.ibm.com/software/pervasive/ws_everyplace_connection_manager/
support/
You should apply these fixes prior to using the sample scenario described in
this chapter.
330 IBM WebSphere Everyplace Access V5, Volume IV: Advanced Topics
Figure 10-1 SSO using LTPA sample scenario
Everyplace Connection Manager
This machine runs HTTP Access Services in Everyplace Connection Manager
V5.1.0.1. For details about HTTP Access Services, see Chapter 8, “Using
Everyplace Connection Manager HTTP Access Services” on page 273.
Port 80
Everyplace
Connection
Manager
HTTP
Services
Gatekeeper
https - Port 443
sles8
Edge
WebSphere
Everyplace
Access
with LTPA
Key
Reverse
Caching
Proxy
Proxy
Administration
http - Port 80
wea02
LDAP
Directory
Configuration
only
LDAP
Directory
Configuration
Users
dirs
Note: Everyplace Connection Manager V5.1.0.1 or later is required for this
scenario. It is recommended that you verify this requirement before
implementing SSO with LTPA. Execute the following command to make sure
this version is installed:
lswg -V
The result should be similar to the output shown in Example 10-1.
Chapter 10. WebSphere Connection Manager single sign-on using LTPA 331
Example 10-1 Verifying Everyplace Connection Manager version
IBM WebSphere Everyplace Connection Manager Version 5.1.0.1 (5724-E80)
C) COPYRIGHT International Business Machines Corp. and others 1994, 2004
Licensed Material -- Program Property of IBM --
All Rights Reserved
Nov 17 2004 / 15:44:21
Supported MNCs:
wctp Wireless Communications Transfer Protocol (WCTP)
snpp Simple Network Paging Protocol (SNPP)
LDAP Directory server
The LDAP Directory server runs Tivoli Directory Server 5.1, and the installation
for this scenario includes these components:
Tivoli Directory Server 5.1
DB2 Universal Database Server 8.1
Tivoli Directory Server Web Administration Tool 5.1
Reverse Caching Proxy server
The reverse proxy machine plays a major role in the architecture, and it is
responsible for redirecting the Everyplace Connection Manager messages to the
WebSphere Everyplace Access server and vice-versa.
The reverse proxy must be specifically configured to work with Everyplace
Connection Manager. Configuration options need to be made in the
ibmproxy.conf file.
Port directive
The reverse proxy configuration file (ibmproxy.conf) port directive is used in this
sample scenario and should look as shown in Example 10-2.
Example 10-2 Port directive
# Port directive:
# Port used by the server.
# Default: 80
# Syntax: Port <num>
Port 80
Note: For Windows machines, this file is located in the C:\Program
Files\IBM\edge\cp\etc\en_US directory, assuming that you used the default
values when you installed IBM WebSphere Edge Server.
332 IBM WebSphere Everyplace Access V5, Volume IV: Advanced Topics
SendRevProxyName directive
This directive must be configured so that application servers also send HTTP
traffic back to the reverse proxy. The configuration is illustrated in Example 10-3.
Example 10-3 SendRevProxyName
# SendRevProxyName directive:
#
# In a reverse proxy scenario, WTE normally sends the destination
# origin server name in the HOST header of the request to the origin
# server. If this directive is set to yes, WTE will instead send
# the WTE host name in the HOST header of the request to the origin
# server. This allows the origin server to use the WTE host name in
# redirects sent back. Therefore, subsequent requests to redirected
# locations will go through WTE.
#
# Default: no
# Syntax: SendRevProxyName <yes | no>
#
# Example:
# SendRevProxyName no
SendRevProxyName yes
Mapping rules
The mapping rules need to be updated because they vary for different scenarios.
Applications use different paths for their content location. The added directives
for this sample scenario are illustrated in Example 10-4 on page 333.
Note: Versions before Everyplace Connection Manager 5.0.1.1 did not accept
port 80 as a valid port.
Get IBM WebSphere Everyplace Access V5 Handbook for Developers and Administrators Volume IV: Advanced Topics now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
