OpenCloud Access service pack 5 brings lots of features and capabilities over previous service pack. One of the key features is targeted towards simplified SSO setup for quick POCs and demos.
Boot up OCA 1.1 VM, provide username/password (nsroot:nsroot).
After logon you see message to run “configoca” on shell which lets you configure the IP address, netmask and default gateway.
Per the message connect over https to the configured OCA IP address and you see the setup wizard popup which takes you through following wizard.
• Introduction message
• License Agreement
• NetScaler Presence – requires a NetScaler running with 9.2/9.2.e release and having platinum license. Provide IP address, username and password
• Administrator – provide password for admin user and confirm password
• DNS Configuration – provide OCA hostname, primary DNS IP, secondary DNS IP
• NTP Server – provide timezone preference and NTP server IP/Hostname
• Authentication Service – Active Directory details
- IP Address
- AD domain name
- Enable Kerberos authentication
- Provide keytab file path
- To generate keytab file do required OCA user account setup on AD and run the command (given on wizard) on AD command prompt
Once the keytab file is generated, provide it on wizard for successful Kerberos setup. After AD setup is done you get to the Summary screen, review the information and finish the setup process. You will get a prompted message on successful initial setup.
Connect to OCA hostname over https and login using Administrator credentials.
You can see OCA system overview console and browse to “Advanced Configuration” -> “Troubleshoot” -> “click here for debug window” and you get “Troubleshoot Login” screen where you need to login using same Administrator credentials.
Click on “Patch Management” -> “Upload Patch” -> “Browse to Service Pack 5 file” -> “Upload”. With this you have uploaded the Service Pack 5 on top of OCA 1.1 VM. You should see following screen once the patch is successfully uploaded.
As you choose to install the patch OCA will go for reboot and you need to wait for a few minutes before you connect back. Login back to OCA Admin UI. Navigate to “Users & Applications” -> “Applications” -> click on Add.
Shows up the list of SSO Application connectors available to be added to OCA. For example select “LinkedIn” application and click on “Add”. This takes you to “Add Application” wizard where you need to just provide application label and say “OK”. Now “LinkedIn” application has been added and similarly you can choose other applications like XenApp or any other to be added from connector list.
Connect to the OCA domain over https and it takes you to the employee portal page which shows you the currently added SSO application connectors. Here if you are inside the enterprise then OCA performs domain authentication through Kerberos otherwise user is asked for domain authentication.
As you click on launch on App icon, OCA gives you first time credentials capture page where you need to enter your username and password for OCA to do login on your behalf. This is only first time activity as next time OCA remembers your saved credentials for respective Apps and does SSO as soon as you launch the App.
Here is your user session to LinkedIn through OCA. With this you are done with pure SSO setup for the Apps you need.