Skip past navigation linksSecure Global Desktop 4.40 Administration Guide > Users and Authentication > Trusted Users and Third-Party Authentication

Trusted Users and Third-Party Authentication

Third-party authentication gives users access to SGD without having to authenticate to an SGD server. SGD is able to trust the third-party authentication mechanism because client applications (such as the webtop) and the SGD server have a shared secret: the user name and password of a trusted user.

In a standard installation, there is just one trusted user. However, you might want to create additional trusted users if in the following circumstances:

You create and maintain the "database" of trusted users on the SGD server. Usually client applications only use the credentials of a single trusted user to access SGD services.

You create a new trusted user as follows:

  1. Log in as superuser (root).
  2. Stop the SGD Web Server.
  3. Add the new trusted user to the "database" of trusted users on the SGD server.
    1. Think of a user name and password for the trusted user.
    2. Create the trusted user.

      Use the following command:

      Skip past command syntax or program code# tarantella webserver add_trusted_user username

      When prompted, type the password.

    3. Check the user is created.

      Use the following command:

      Skip past command syntax or program code# tarantella webserver list_trusted_users
    4. Check that the trusted user works.

      Go to the http://SGD-server/axis/services/rpc/externalauth URL. When prompted, log in as the trusted user.

  4. Add the new trusted user to the webtop web application.
    1. Change to the /opt/tarantella/webserver/tomcat/version/webapps/sgd/WEB-INF/classes directory.
    2. Encode the user name and password of the trusted user.

      Use the following command

      Skip past command syntax or program code# /opt/tarantella/bin/jre/bin/java \
   com.tarantella.tta.webservices.client.views.SgdPasswd \ 
   --encode trusted_username:password
    3. Copy the output.
    4. Edit the /opt/tarantella/webserver/tomcat/version/webapps/sgd/WEB-INF/classes/com/tarantella/tta/webservices/client/views/Resources.properties file.
    5. Replace the text after sgdaccess= with the encoded username and password.
    6. Save the changes.

    Note If you have relocated the webtop, you must perform this step on the remote host.

  5. Start the SGD Web Server.
  6. Repeat these steps on each SGD server in the array.

To change the password of an existing trusted user, you must first delete the user with the tarantella webserver delete_trusted_user command and then follow the above steps to create the user again.

Information for Application Developers

If you are using SGD web services to develop your own applications, the ITarantellaExternalAuth web service is used for third-party authentication. This web service is protected with Basic web server authentication so that you can only access it using the credentials of a trusted user:

The tarantella webserver add_trusted_user command is the only supported way to store trusted users on the SGD server.

If you have developed your own client applications using the com.tarantella.tta.webservices.client.views package, you can store the trusted user credentials for the application in the same way as the webtop (as described above). Otherwise, you need to develop your own methods for storing the credentials.

Every time you make a change to a trusted user, you must restart the SGD Web Server.

Related Topics

Copyright © 1997-2007 Sun Microsystems, Inc. All rights reserved.