Macromedia breeze 5 ユーザーガイド
Configuring SSL support for Breeze
77
User authentication
Organizations need to authenticate users of applications such as email. The following strategies
use the Breeze authentication mechanism to validate users:
use the Breeze authentication mechanism to validate users:
•
No external authentication integration
Breeze users keep separate passwords. Application users keep their passwords to log in with
their organization’s network username. Not integrating the internal and external logins means
that users keep their existing network logins and Breeze passwords. IT administrators have to
retain separate Breeze passwords for all users. Macromedia does not recommend this option
because it is laborious for a directory service of any appreciable size.
their organization’s network username. Not integrating the internal and external logins means
that users keep their existing network logins and Breeze passwords. IT administrators have to
retain separate Breeze passwords for all users. Macromedia does not recommend this option
because it is laborious for a directory service of any appreciable size.
•
Breeze login screen integration
Users log in to the Breeze login screen with their network username and password. The IT
administrator uses a solution accelerator to authenticate Breeze users against the organization’s
directory service.
administrator uses a solution accelerator to authenticate Breeze users against the organization’s
directory service.
•
Automatic single sign-on integration
Users who are already logged in to their desktop under their network login bypass the Breeze
login screen and automatically log in to Breeze. This strategy allows the organization to employ
an authentication method that allows users to use the same login and password to access all
applications on its internal network, including Breeze.
login screen and automatically log in to Breeze. This strategy allows the organization to employ
an authentication method that allows users to use the same login and password to access all
applications on its internal network, including Breeze.
For more information, see “Implementing single sign-on” on page 61.
Configuring the FCS ports
FCS needs to be configured to listen on ports 80 and 443 in addition to the default port of 1935.
To accomplish this, you must modify the value of the DEFAULT_FCS_HOSTPORT variable in
the custom.ini file. Once again, if this is not in the custom.ini file you must add and define it as
follows:
To accomplish this, you must modify the value of the DEFAULT_FCS_HOSTPORT variable in
the custom.ini file. Once again, if this is not in the custom.ini file you must add and define it as
follows:
DEFAULT_FCS_HOSTPORT=:1935,80,-443
This tag now specifies that FCS will listen on ports 1935, 80, and 443. Port 443 is designated as a
secure port that will only receive RTMPS connections. Attempting an RTMPS connection
request to ports 1935 or 80 will result in a failure to connect. Similarly, an unsecured RTMP
connection request to port 443 will fail to connect.
secure port that will only receive RTMPS connections. Attempting an RTMPS connection
request to ports 1935 or 80 will result in a failure to connect. Similarly, an unsecured RTMP
connection request to port 443 will fail to connect.
Configuring SSL support for Breeze
Breeze Server generates specific URLs to allow users to go directly to meetings and courses. If the
Breeze server is running with an SSL hardware accelerator, these URLs must begin with https
instead of http (the “s” in HTTPS indicates encrypted Internet traffic). Breeze uses the port
number of incoming traffic to determine whether the URL should begin with HTTP or HTTPS.
When you set up your SSL solution with Breeze, you must send the decrypted traffic to Breeze on
port 443, even though the traffic is already decrypted and could, in theory, go to an unencrypted
port.
Breeze server is running with an SSL hardware accelerator, these URLs must begin with https
instead of http (the “s” in HTTPS indicates encrypted Internet traffic). Breeze uses the port
number of incoming traffic to determine whether the URL should begin with HTTP or HTTPS.
When you set up your SSL solution with Breeze, you must send the decrypted traffic to Breeze on
port 443, even though the traffic is already decrypted and could, in theory, go to an unencrypted
port.