User guide
Setup of Authentication Server
2-77
Setting Up Environment for Destination Machine for Copying
1. For SSL communication using the authentication server, create the Interstage certificate
environment by executing the scsmakeenv command with the -e option on the destination machine
for copying.
Refer to 'SSL Commands' in the Reference Manual (Command Edition) for details of the
scsmakeenv command.
2. When SSL communication is used by the authentication server and you are permitted to use the
same certificate for the load-balancing machines, transfer the site certificate and private-key using
the scsimppfx command. Refer to the Reference Manual (Command Edition) for details of the
scsimppfx command.
When SSL communication is used by the authentication server but using the same certificate for
the load-balancing machines is not permitted, newly acquire a site certificate and register it in the
site certificate environment as described in Preparations for SSL Communication. In this case, the
nickname of the site certificate to be used when requesting the certificate for SSL communication
must be the same as that specified in the authentication server already installed. Also the
nickname of the CA certificate to be used at registering the certificate for SSL communication must
be the same as that specified in the already set authentication server.
3. On the destination machine for copying, execute the ssocloneac command with the -c option. The
environment for the authentication server, Interstage HTTP Server, and the SSL communication for
SSL communication (*1) are duplicated.
4. On the Interstage Management Console, select [Security] and then [Single Sign-on] from the
System menu. Click [Authentication infrastructure] and [Authentication server]. On the [Settings]
tab, click [Detailed Settings [Show]]. The environment of the original authentication server for
copying is set in [Host name and Port number] of [Communication Settings with Repository server
(reference system)]. Therefore, change this environment depending on the operating conditions,
and click [Update].
For details of the items to be set on the Interstage Management Console, refer to the Operator’s
Guide.
5. After the repository server (reference system) is set, start the authentication server.
Refer to 'Starting an Authentication Server' for an explanation of the authentication server start.
6. Delete the environment information file of the authentication server.
*1 The SSL configuration for SSL communication is copied only when the authentication server uses
SSL communication.
Notes
• For load distribution of the authentication server, the related multiple authentication servers must
have the Interstage Single Sign-on of the same version, edition, and installation directory. The
same platform must also be used.
• The load balancer must be set up so that the requests from the same client transfer to same
authentication servers.
• Use the following settings when the load balancer is Interstage Traffic Director.
− Operation Mode: bridge
− Measure of load Balancing and uniqueness of connection: Balancing for each node