I know, this isn't the iChain forum, but I figured I'd start here first.

Two items:

1) What is the proper method for configuring iChain for SSO into
UserApp 3.5.0 It seems that you don't even need a formfill policy?
(like it recognizes the iChain cookie)? The only issue I can see with
that is that if you click "logout" of the UserApp, and then click the
"login here" again link, that you will not be SSO'd back into it.

2) What resources in iChain have to be setup properly if you want to
allow the public search for unauthenticated user.

Here's what I mean for #2:

http://server/IDM/resource/themes/* (set to public) or is that too
wide-open?

http://server/IDM/portal/cn/GuestContainerPage/* (public)
http://server/IDM/portal/portlet/SearchListPortlet* (public)

???