Secure Global Desktop Administration Guide > Users and authentication > Trusted users and third party authentication
Third party authentication gives users access to Secure Global Desktop without having to authenticate to a Secure Global Desktop server. Secure Global Desktop is able to trust the third party authentication mechanism because client applications (such as the browser-based webtop) and the Secure Global Desktop server have a shared secret: the username and password of a trusted user.
In a standard installation, there is just one trusted user. However, you might want to create additional trusted users if you:
com.tarantella.tta.webservices.client.views
package, either on the same host
as Secure Global Desktop or on a different host.You create and maintain the "database" of trusted users on the Secure Global Desktop server. Usually client applications only use the credentials of a single trusted user to access Secure Global Desktop services.
To create a new trusted user:
tarantella webserver stop
.
tarantella webserver add_trusted_user username
to create the trusted user. When prompted, type the password.
tarantella webserver list_trusted_users
to check the user has been created.http://server/axis/services/rpc/externalauth
. When prompted, log in as the trusted user./opt/tarantella/webserver/tomcat/version/webapps/sgd/WEB-INF/classes
directory.
/opt/tarantella/bin/jre/bin/java \ com.tarantella.tta.webservices.client.views.SgdPasswd \ --encode trusted_username:password
/opt/tarantella/webserver/tomcat/version/webapps/sgd/WEB-INF/classes/com/tarantella/tta/webservices/client/views/Resources.properties
file.
sgdaccess=
with the output obtained above.Note If you have relocated the webtop, you must perform this step on the remote host.
tarantella webserver start
.To change the password of an existing trusted user, you must first delete the user
(tarantella webserver delete_trusted_user
) and then follow the above steps to create the user again.
If you are using Secure Global Desktop web services to develop your own applications, the ITarantellaExternalAuth
web service is used for third party authentication. This web service is protected with Basic web server authentication so that you can only access it using the credentials of a trusted user:
http://server/axis/services/rpc/externalauth
URL is protected in the configuration file for the Axis web application: /opt/tarantella/webserver/tomcat/version/webapps/axis/WEB-INF/web.xml
/opt/tarantella/webserver/tomcat/version/conf/server.xml
./opt/tarantella/webserver/tomcat/version/conf/tomcat-users.xml
The tarantella webserver add_trusted_user
command is the only supported way to store trusted users on the Secure Global Desktop server.
If you have developed your own client applications using the com.tarantella.tta.webservices.client.views
package, you can store the trusted user credentials for the application in the same way as the browser-based webtop (see step 3 above). Otherwise, you need to develop your own methods for storing the credentials.
Every time you make a change to a trusted user, you must restart the Secure Global Desktop Web Server.
Copyright © 1997-2006 Sun Microsystems, Inc. All rights reserved.