3.2 Configuring the Authentication Server

To configure the Authentication Server, you must first create an iChain Service Object (ISO). An iChain service is a logical entity that defines an iChain domain and the resources of that domain. Configuration for your iChain service is contained in an ISO. To set up a basic iChain implementation, you must create an ISO and set up the service parameters for the object. In addition, to set up your basic implementation, you must also set up access to Web-based application resources.

3.2.1 Creating an iChain Service Object

  1. From ConsoleOne®, select an OU in which to create your ISO, then select File > New > iChain Object.

    or

    Click the New iChain object icon (to the right of the New Object icon).

  2. Select iChain Service Object, define a name for the service or domain (for example, ISO), then click OK.

3.2.2 Setting Up a Protected Resource

To integrate and allow access to Web-based application resources, you must set the appropriate parameters in the ISO.

To set up a protected resource for an iChain service:

  1. From ConsoleOne, click the Protected Resources tab on the ISO object you created for this configuration.

  2. Click Add (the icon with the plus [+] sign).

  3. Specify a name for the resource and the URL for the resource in this format: http://www.resource.com/*, where www.resource.com is the DNS name specified when you created the Web Server Accelerator.

    In this example, it is accelerator.ichain.net/*.

  4. Set the Access to this resource as Restricted.

  5. Click OK, then click Apply to save the resource.

  6. If you configured or enabled FTP in the Web-based administration utility, you are prompted to refresh the iChain Proxy Server. Otherwise, you need to go to the Web-based administration utility and click Configure, click Access Control, then click Refresh ACLCheck to read the new protected resource.

NOTE:Novell Technical Support does not support the password management servlets used in the iChain configuration. These servlets are not developed by the iChain development team; therefore, no bugs related to these servlets will be fixed.

The ConsoleOne Password Policy TAB contains options for writing to the ISO object. This means that the password management servlet from forge.novell.com or a custom developed servlet can read password properties from an iChain object. However, Novell Technical Services does not support servlets from forge.novell.com. For more information, see TID 407040.