 |
Pre-requisites
- Sun Portal Server 7.1 and above
- Sun Secure Global Desktop (SGD) Server 4.40 and above
- SGD portlet v 1.10.849 (First Open Source Version) or
- SGD portlet v 1.10.851 (WebSynergy? support)
- SGD portlet v 1.10.853 (Web Space 10 support)
Configuration
Portal administrators may configure the portlet by setting the following preferences. Please consult your portal application's documentation on setting preferences (as defined in the JSR-168 specification).
location
Prior to version 1.10.851, this value was mandatory and had to be set. It is still recommended that the value is set. See the note below for an alternative.
The URL is used by the portlet to connect to the SGD web server and its value should be the URL of SGD web server, typically, the part of the URL before the
"/sgd" path.
Example: to configure the portlet to use the SGD server "access.indigo-insurance.com", with the web server listening for HTTPS on port 8080, you would set this preference to:
https://access.indigo-insurance.com:8080
Multiple values may be entered here. The portlet will load-balance users between the listed SGD servers, using a simple round-robin algorithm.
Version 1.10.851 and above: if this value is not set by an administrator, users are presented with a text field into which they can enter a location. The value is stored in portlet preferences for re-use.
username
The name of a user trusted by SGD to allow another component (the portal application) to perform authentication. To enable single sign-on, set this to a trusted user configured on the SGD server.
This preference is optional: when not set, set incorrectly, or when "Third-party authentication" is disabled on the SGD server, portal users will be presented with the standard SGD login dialog.
For more details, see the topic on Trusted Users and Third-Party Authentication in the Secure Global Desktop Software 4.40 Administration Guide.
password
The password of a user trusted by SGD to allow another component (the portal application) to perform authentication. To enable single sign-on, set this to the password of a trusted user configured on the SGD server.
This preference is optional: when not set, set incorrectly, or when "Third-party authentication" is disabled on the SGD server, portal users will be presented with the standard SGD login dialog.
For more details, see the topic on Trusted Users and Third-Party Authentication in the Secure Global Desktop Software 4.40 Administration Guide.
tcc-location
For advanced use. Normally, the Secure Global Desktop client is downloaded directly from the SGD web server by the user's web browser. However, there can be security or performance reasons for locating the client elsewhere.
This is an optional preference and, when set, can be either a keyword or an absolute or relative URL.
| | URL | Action | Examples |
| | Not Set | The client is downloaded from the SGD web server configured in the location attribute. | |
| | Absolute | The client is downloaded from the absolute URL. | http://myserver.mydomain.com/sgd/tcc |
| | /relative | The client is downloaded from the URL, which is relative to the root of the web- or application server. | /localcache/tcc |
| | relative | The client is downloaded from the URL, which is relative to the root of the portlet. | localcache/tcc (modified to /<portletURL>/localcache/tcc) |
| | tcc | The client is downloaded from the SGD server configured in the location attribute. However, with this setting, the client does not contact the SGD web server directly; instead, the portlet proxies the request from the client to the SGD web server. | |
If set, the URL should point to the root location of the SGD client - the actual client exists in a java sub-directory of the root. The root location typically ends with "/tcc".
netlet-sgd-enabled
Set to "yes" to operate in SRA mode with Sun Portal Server 7.2.
Set to "no" to operate in SRA mode with Sun Portal Server prior to version 7.2.
The value has no effect on other portal servers.
tcc-connect-timeout
The time the portlet will wait (in seconds) when servicing a request and there is no connection between the SGD client and server.
tcc-sra-proxy-route
This attribute is the network connection rule to tell the SGD client to send its AIP traffic to the SOCKS proxy via the local netlet. This setting is only effective if the portlet detects that it is running through an SRA. If running in open portal server mode, this setting is not used.
For example, if the Netlet is listening on port 5555, the rule would be:
CTSOCKS:localhost:5555
Creating and Configuring a static netlet rule:
- Go to the psconsole -> Secure Remote Access -> Netlet.
- Select "DeveloperSample" for DN (assuming you have deployed the SGD portlet under "DeveloperSample").
- We have to create a new netlet rule. Goto Advanced -> Rules, Click on create a new rule.
- Enter the Rule name of your choice and 'Map Local Port to Destination Server Port' as 5555 (unused Local port), <hostname>.<domainname> (SOCKS server location), 1080 (destination port).
- Save the Rule and restart the gateway.
Troubleshooting
In the event of failures, please gather the logs from the application server and portal. Also confirm that you can successfully log into the Secure Global Desktop server using the standard webtop.
For single-sign-on, please check that you set the "username" and "password" preferences correctly, and that "Third-party authentication" is enabled on the SGD server. You might need to restart the SGD web server to have this take effect.
Release Notes
Please build the portlet with JDK 1.5.
Known Issues
Logging out from the portal doesn't always logout from SGD. With PS7.2 and Access Manager, logout from SGD is immediate in open mode. In SRA mode, it can be delayed by several minutes.
Tested On
| | Server | Operating System | Notes |
| | Sun Java System Portal Server 7.1u1 | Solaris 10, x86 | |
| | OpenPortal? Portlet Container 2.0 Beta | Windows XP | No editor for preferences: add the value of location in portlet.xml |
| | JBOSS 4.2.2 & Portal 2.6.4 | Windows XP | Repackage WAR file to include additional JBOSS specific |
| | Liferay 5.01 on Glassfish V2u2 | Windows XP | |
| | uPortal 2.6.1 on Tomcat 5.5.25 | Solaris 10, x86 | |
| | Web Space 10 | Windows XP | Version 1.10.853+ |
|