Secure Global Desktop 4.31 Administration Guide > Users and authentication > Can I use SafeWord PremierAccess with web server authentication?

Can I use SafeWord PremierAccess with web server authentication?

Yes. You can configure web server authentication to use the third-party SafeWord® PremierAccess. See http://www.securecomputing.com for more information.

Secure Global Desktop web server authentication relies on the web server setting the REMOTE_USER variable to identify the user. However, when users are authenticated using SafeWord PremierAccess this variable is not set. The following configuration allows you to export the HTTP_SAFEWORD_USER variable to the REMOTE_USER variable.

To enable support for SafeWord PremierAccess, configure each member of the array as follows:

1. On the web server, configure SafeWord authentication to protect the /tarantella/cgi-bin/secure/ directory (classic webtop) or the /sgd URL (browser-based webtop).
2. Test that the web server authenticates using SafeWord.
3. For the classic webtop, enable support for SafeWord by running the following command:

   tarantella config edit --tarantella-config-server-cgibin-bootscript secure/ttaauthsafeword.cgi

4. For the browser-based webtop, configure the web server to export the HTTP_SAFEWORD_USER variable so that the Tomcat component of the Secure Global Desktop Web Server can access it. To do this for Apache component of the Secure Global Desktop Web Server:
   1. Edit the /opt/tarantella/webserver/apache/version/conf/httpd.conf file.
   2. Uncomment out the line:
      JkEnvVar HTTP_SAFEWORD_USER " "
   3. Uncomment out the lines:
      <Location "/sgd">
SSLOptions +StdEnvVars +ExportCertData
</Location>
5. Restart the Secure Global Desktop Web Server and the Secure Global Desktop server.

When this configuration is complete, enable web server authentication in Array Manager.

Copyright © 1997-2007 Sun Microsystems, Inc. All rights reserved.