Chat now with support

Get Live Help
Complete Registration

Sign In

Request Pricing

Contact Sales

Enterprise Single Sign-On 8.0.6 - Installation Guide

Table of Contents

1.1 The Quest ESSO Software Suite

1.1.1 The Quest ESSO Security Services 1.1.2 Quest ESSO Components

1.2 Quest ESSO Architecture 1.3 Quest ESSO and Your Corporate LDAP Directory Infrastructure

1.3.1 Separation of the Quest ESSO Data 1.3.2 Inter Domain and Multi Domain 1.3.3 Examples of Supported Active Directory Infrastructures

1.3.3.1 Multi-Domain Infrastructure 1.3.3.2 Active Directory + ADAM/AD LDS Infrastructure

2. Preparing the Storage of Security Data in the LDAP Directory

2.1 Active Directory

2.1.1 Global Installation Process within an Active Directory Infrastructure 2.1.2 Extending the Schema and Setting ACLs 2.1.3 Setting Indexes on Active Directory Attributes (Optional)

2.1.3.1 Indexes on Standard Attributes 2.1.3.2 Indexes on Quest ESSO Specific Attributes

2.1.4 Configuring Secure Authentication and Data Securization

2.2 Active Directory + ADAM or AD LDS

2.2.1 Extending the Schema of ADAM/AD LDS 2.2.2 Preparing the ADAM/AD LDS Instance Administrator Account 2.2.3 Setting ACLs on ADAM/AD LDS 2.2.4 Setting Indexes on ADAM/AD LDS Attributes

2.2.4.1 Setting Indexes on Standard Attributes 2.2.4.2 Setting Indexes on Quest ESSO Specific Attributes

2.2.5 Configuring Secure Authentication and Data Securization

2.3.1 Extending the Schema of an OpenLDAP Directory 2.3.2 Setting ACLs on an OpenLDAP Directory 2.3.3 Setting Indexes on OpenLDAP Attributes

2.3.3.1 Setting Indexes on Standard Attributes 2.3.3.2 Setting Indexes on Quest ESSO Specific Attributes

2.3.4 Integrating SAMBA 2.3.5 Configuring Secure Authentication 2.3.6 Configuring Data Securization

2.4 Netscape iPlanet / Sun Java System / Red Hat / Fedora Directory Server

2.4.1. Extending the Schema of a Netscape iPlanet /Sun Java System /Red Hat / Fedora Directory Server 2.4.2 Setting ACLs on a Netscape iPlanet / Sun Java System / Red Hat / Fedora Directory Server

2.4.2.1 Standard Storage Mode 2.4.2.2 Cooperative Storage Mode

2.4.3 Setting Indexes on Netscape iPlanet / Sun Java System / Red Hat / Fedora Directory Server Attributes

2.4.3.1 Setting Indexes on Standard Attributes 2.4.3.2 Setting Indexes on Quest ESSO Specific Attributes

2.4.4 Configuring Secure Authentication 2.4.5 Configuring Data Securization

2.5 Novell eDirectory

2.5.1 Extending the Schema of a Novell eDirectory 2.5.2 Setting ACLs for Delegation (Optional) 2.5.3 Setting Indexes on Novell eDirectory Attributes

2.5.3.1 Setting Indexes on Standard Attributes 2.5.3.2 Setting Indexes on Quest ESSO Specific Attributes

2.5.4 Configuring Secure Authentication (Optional) 2.5.5 Configuring Data Securization

2.6 IBM Tivoli Directory Server

2.6.1 Extending the Schema of an IBM Tivoli Directory Server 2.6.2 Setting ACLs on an IBM Tivoli Directory Server 2.6.3 Setting Indexes on IBM Tivoli Directory Server Attributes 2.6.4 Configuring Secure Authentication 2.6.5 Configuring Data Securization

2.7 Deploying a Workstation LDAP User Account

3 Installing Quest ESSO Controllers and Audit Databases

3.1 Starting the Administration Tools window 3.2 Running the Default Objects Creation Tool 3.3 Initializing the Primary Controller 3.4 Initializing an Associated Controller 3.5 Publishing a New Token Data File 3.6 Defining Administrative Tokens for Self Service Password Request 3.7 Importing an External Key 3.8 Importing/Exporting the Controller Key 3.9 Installing and Configuring the Local Audit Database

3.9.1 Installing the Provided Audit V2 MySQL Database Server 3.9.2 Creating Audit V2 Tables in an Existing Database 3.9.3 Setting up the Connection to the Local Audit Database 3.9.4 Updating the Audit Translation Data

3.10 Declaring the Technical Accounts Used by the Quest ESSO Controllers 3.11 Defining a Master Audit Database 3.12 Installing a Quest ESSO Controller

4 Installing and Configuring the Software Modules on the Workstations

4.1 Configuring Workstations

4.1.1 Quest ESSO Configuration with Active Directory 4.1.2 Quest ESSO Configuration with a User Database or Directory other than Microsoft Active Directory

4.2 Installing Microsoft Redistributables 4.3 Installing a Quest ESSO Client 4.4 Installing French Healthcare Smart Cards (CPS) 4.5 Installing Finger Vein Biometric Drivers 4.6 Modifying the Possible Domains List

5 Enabling the Self Service Password Request (SSPR) Capability 6. Enabling OTP Authentication

6.1 Installing a Radius Plugin 6.2 Installing an RSA Authentication Server and Agent

6.2.1 Installing RSA Authentication Server 6.2.2 Installing RSA Authentication Agent

7 Enabling the Group Membership Modification Feature 8 Centralizing Parameters Using Group Policy Objects (GPO)

8.1 Creating and Configuring Group Policy Objects Using an ADM File 8.2 Creating and Configuring Group Policy Objects Using ADMX Files (optional) 8.3 Description of the User Access Administrative Template (optional)

9 Installing Quest ESSO MSI Packages in Silent Mode

9.1 Installing Microsoft Redistributables in Silent Mode 9.2 Installing Quest ESSO Controller in Silent Mode 9.3 Installing Quest ESSO Client in Silent Mode 9.4 Installing Quest ESSO Web Server in Silent Mode

Appendix A: Advanced Configuration: Audit

A1 Audit Extension DLL Development Guide

A.1.1 Structure of Audit Event: _WG_AUDITEVENT A.1.2 Structure of Audit Configuration: _WG_AUDITCONFIG A.1.3 Prototypes of Functions to Export

A.2 Audited Events

Appendix B: Activating Traces Appendix C: Retrieving the Serial Number on a MiFARE RFID Badge

C.1 Parameters C.2 Configuring the MiFARE RFID Parameters C 3 Resetting the MiFARE RFID Parameters

2.2.1 Extending the Schema of ADAM/AD LDS

In a command line console, change to the %WINDIR%\ADAM directory and type the following command for each of the provided .ldif files:

ldifde -i -v -k -s <host:port> -f <file.ldif> -c "CN=Schema,CN=Configuration,DC=X" #schemaNamingContext -b <user> <domain> <password>

Do not replace the following string: "CN=Schema,CN=Configuration,DC=X".

String	Description
<host:port>	The ADAM/AD LDS server hostname and TCP port. For example: adam.domain.local:389.
<file.ldif>	The provided .ldif file, which is located in the TOOLS\ESSODirectory\WGADAM directory.
<user>	The user name of the ADAM/AD LDS administrator chosen during the instance installation.
<domain>	The NetBios domain of the user.
<password>	The user password.

ldifde is located in the %WINDIR%\ADAM directory.

Once you have run the command for each of the .ldif files, the ADAM/AD LDS schema is extended.

2.2.2 Preparing the ADAM/AD LDS Instance Administrator Account

The Windows account you chose when setting the AD LDS instance to be the administrator of this instance (see the Before Starting of Section 2. Preparing the Storage of Security Data in the LDAP Directory) must have the SE_RESTORE_NAME privilege in the local computer policy. To do so, set this account in the Backup Operators local group of the local computer.

2.2.3 Setting ACLs on ADAM/AD LDS

You must set some access control rules on the partition, for the domain users to store and retrieve data in ADAM/AD LDS. For that, the ACL-ADAM-EXTMGR.cmd file is provided in the Quest ESSO installation package.

1.	Edit the ACL-ADAM-EXTMGR.cmd file located in the TOOLS\ESSODirectory\WGADAM directory.

2.	In the ACL-ADAM-EXTMGR.cmd file, uncomment the following lines:

a)	set DSACLS=dsacls.exe or set DSACLS=%WINDIR%\ADAM\dsacls.exe, depending on your system:

•	If the Quest ESSO Controller is installed on Windows Server 2008, uncomment the following line: set DSACLS=dsacls.exe

•	If the Quest ESSO Controller is not installed on Windows Server 2008, uncomment the following line: set DSACLS=%WINDIR%\ADAM\dsacls.exe

b)	set HOSTNAME=myadamserver.domain.com:port Replace myadamserver.domain.com with the fully qualified ADAM/AD LDS host name and TCP port.

c)	set LDAPROOT=o=my,c=root Replace o=my,c=root with the partition root chosen during the ADAM/AD LDS instance installation.

3.	Copy the ACL-ADAM-EXTMGR.cmd file in the %WINDIR%\ADAM directory.

4.	In a command line console, change to the %WINDIR%\ADAM and run the ACL-ADAM-EXTMGR.cmd script.

2.2.4 Setting Indexes on ADAM/AD LDS Attributes

•	2.2.4.1 Setting Indexes on Standard Attributes

•	2.2.4.2 Setting Indexes on Quest ESSO Specific Attributes

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating

© 2021 One Identity LLC. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy