03-23-2009 05:40 AM
Excuse me if I am missing the point here but...we have installed LMS on two servers, server one runs the Portal, CS, CM, Assistant and IU; the second server runs RME, CV, IPM and DFM (as well as the default CS, Portal and Assistant). I have run through the workflow for server setup and set up the two servers to use our ACS server for TACACS. Now this is where I may ne missing the point - when I sign into server one, and click on a ling to an applet on server two it asks me to authenticate again....I thought that with a multi server setup, and TACACS then I would only need to authenticate once to access applets across both servers.
03-23-2009 05:43 AM
I would think (haven't tried this) that you would not need to set tacacs on the SSO slave server. Rather keep the authentication module on "local"
Have you tried this?
Cheers,
Michel
03-23-2009 07:25 AM
You have to configure the two servers equal at "AAA Mode Setup" for ACS.
On the "Single Sign-On Setup" is the difference -> Master and Slave server.
03-23-2009 07:53 AM
The point here is that I used the workflow>server setup assistant and would have suspected that the system would have known to set this as it needed to make it work. I did find a patch for ACS integration and Common Services which I have now installed, but it has made no difference.
03-23-2009 08:59 AM
I don't use the setup assistant, sry.
But you can look for the ACS configuration by checking the setup under "Common Services" -> "Server" -> "Security" -> "AAA Mode Setup"
There you have to configure the ACS servers IP addresses, the admin-user for LMS to configure the ACS and the applications of LMS which you want to register on ACS. Normally you will select all applications.
This configuration you have to do on both servers, no matter if it is the slave or the master.
After that you have to configure the single sign-on.
Master:
Select "Master (SSO Authentication Server)"
Slave:
Select "Slave (SSO Regular Server)"
and put the whole server name of the master in the field and the port (by default 443).
03-23-2009 09:04 AM
Checked all of the above - still got the same issue....
03-23-2009 09:08 AM
Is it possible to get screenshots of the ACS configuration and the single sign-on?
03-23-2009 09:22 AM
03-23-2009 09:23 AM
03-23-2009 10:05 AM
Is it possible, that you are looking on the equal common services?
Because on my system the address field on the bottom (the server name) is different on each of the servers.
In all the screenshots it is the same...
You have one Common Services on every server which you have to configure seperate!
Server2 should be the SSO slave?
03-23-2009 12:50 PM
You have not configured single sign on.
Both server1 and 2 are master in the screen shots
One should be master the other slave
And slave should be using the local module and the other tacacs
Cheers,
Michel
03-23-2009 01:16 PM
I don't think that it is right to use the local module at the slave.
If you don't use the ACS integration on the slave, you will not be able to select the permissions for those parts of LMS which are installed on the slave.
To have full permission control on the ACS it is important to integrate all modules of LMS, no matter where they are installed!
Here you can find a whitepaper for integration:
03-24-2009 04:49 AM
As I read his story I see he wants to use tacacs for authentication, not authorization.
Maybe I misunderstood this. Otherwise the slave will ask the master to handle authentication.
Looking at the shots he is indeed trying the ACS integration indeed.
I have not tried that yet.
Cheers,
Michel
03-24-2009 03:14 AM
03-24-2009 03:15 AM
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: