Distributing Single Sign-on Related Files in an Unwired Server Cluster

Place required files in the appropriate primary Unwired Server subdirectory so they are distributed to all Unwired Servers within the cluster during cluster synchronization.

Any changes to a named security configuration affect the cluster and trigger a cluster synchronization, which automatically zips the files in the primary Unwired Server CSI subdirectory and distributes them to the other servers in the cluster. Copy all certificate and other security-related files to the CSI subdirectory.

The provider configuration information, which includes the server certificate file name and location, must be the same on all cluster nodes. The same is true for the cryptographic DLLs and certificate files for SSO using X509.

  1. On the primary server in the cluster, put any SAP certificate files or truststores into the SUP_HOME\Servers\UnwiredServer\Repository\CSI\conf directory.

    Use system properties to specify the full path and location of the file in the configuration so they can be accessed from different servers within the cluster if installation directories are different from that of the primary server. For example:

    ${djc.home}/Repository/CSI/conf/
    SNCTEST.pse
    
    For X.509 CertificateAuthenticationLoginModule, if the ValidateCertificatePath is set to true, the default, the CA certificate (or one of its parents) must be installed in the truststore for each server.
    Note: Unwired Server truststore and keystore files:
    • SUP_HOME\Servers\UnwiredServer\Repository\Security\truststore.jks – is the Unwired Server trust store that contains CA (or parent) certificates. Unwired Server trusts all CA or parent certificates in truststore.jks.
    • SUP_HOME\Servers\UnwiredServer\Repository\Security\keystore.jks – contains client certificates only.

    The CertificateAuthenticationLoginModule also has Trusted Certificate Store* and Store Password properties which you can to keep the module out of the default Unwired Server trust store. You must first:

    1. Use keytool to put the CA certificate into a new keystore.
    2. Put the keystore into the Repository\CSI\conf subdirectory.
    3. Include the path in the Trusted Certificate Store property.
  2. From Sybase Control Center, add the login module.
  3. Restart all Unwired Server within the cluster.