User guide
Chapter 4: Operation and Maintenance
4-14
Notes
• If the repository server (update system) and repository server (reference system) are allocated for
load balancing, change or add roles during off-peak hours (e.g. night hours) when only a few users
are accessing the servers.
• Changing the role configuration in the SSO repository and then updating the role information in the
repository server will not reflect the changes in the authorization operation of the business server.
After role information in the repository server is updated, the access control information must be
updated on the business server.
• If access control information is updated and an error message is output, the business server
remains in the state where it performs authorization according to the previous access control
information. Correct the error, and then stop the business server as required until the access
control information is updated normally.
Amending Protection Resource
If the user issues a request to access resources such as a Web application in a business server, the
business server determines whether the resource is an authentication or authorization target based on
the protection resource. If the business server determines that the resource is an authentication or
authorization target, it performs authentication and determines whether the user can access the
resource based on the user information and role managed in the SSO repository.
The SSO administrator amends protection resources in the SSO repository as follows:
1. Change the protection resource in the SSO repository.
For details on how to change the resource, refer to 'Registering Site Configuration of Business
System' and 'Registering Protection Path' in Chapter 2, Environment Setup (SSO Administrators)
2. Change the information of the business server's protection resources (the authentication server
accepts authentication request) which were set in the authentication server's configuration file.
For details on how to change the information, refer to the 'Settings for Protection Resource' in
Chapter 2, Environment Setup (SSO Administrators).
3. Request the business server administrator to update access control information.
The business server administrator then operates the business server as follows: (*1)
1. On the business server, use the Interstage Management Console to select [System] > [Security] >
[Single Sign-on] > [Business system] > [Business system Name] > [Update access control
information] tab, and then click the [Update] button to update the access control information.
*1 f [Update access control information] in the business server environment setup is set to “Execute
when business server is started,” this operation is required only when the business server is
running. If it is set to “Execute manually as needed”,” this operation is required regardless of
whether the business server is running or stopped.
For details about setting for [Update access control information], refer to “Updating Access Control
Information”.
For details about the protection resource in the SSO repository, refer to “Protection resource” in
“Information Required for Authorization Using Roles”.