Difference between revisions of "Single Sign-on"
Agegeleruvy (Talk | contribs) |
(reverting vandalism) |
||
| Line 1: | Line 1: | ||
| − | + | __NOTOC__ | |
[[Category:Authentication]] | [[Category:Authentication]] | ||
[[Category:Integration]] | [[Category:Integration]] | ||
| Line 45: | Line 45: | ||
#Download the latest jcifs.jar file from http://jcifs.samba.org/. | #Download the latest jcifs.jar file from http://jcifs.samba.org/. | ||
#Place the file in the [[$NX_ROOT]]\bopcfg\www\CATALINA_BASE\webapps\CAisd\WEB-INF\lib directory. | #Place the file in the [[$NX_ROOT]]\bopcfg\www\CATALINA_BASE\webapps\CAisd\WEB-INF\lib directory. | ||
| − | #Edit the web.xml located at [[$NX_ROOT]]\bopcfg\www\CATALINA_BASE\webapps\CAisd\WEB-INF\ by locating the '' | + | #Edit the web.xml located at [[$NX_ROOT]]\bopcfg\www\CATALINA_BASE\webapps\CAisd\WEB-INF\ by locating the ''<nowiki><!-- Add filter here --></nowiki>'' line and place the following code directly below it: |
| − | + | <source lang="xml"><filter> | |
| − | + | <filter-name>NtlmHttpFilter</filter-name> | |
| − | + | <filter-class>jcifs.http.NtlmHttpFilter</filter-class> | |
| − | + | <init-param> | |
| − | + | <param-name>jcifs.http.domainController</param-name> | |
| − | + | <param-value>YOUR DOMAIN</param-value> | |
| − | + | </init-param> | |
| − | + | </filter> </source> | |
| − | & | + | ''Note: Replace YOUR DOMAIN with your domain name (servicedeskusers.com) or domain controller (dcl).'' |
| − | + | <br><br> | |
| − | & | + | 4. Then locate ''<nowiki><!-- Add filter-mapping here --></nowiki>'', and place the following code directly below it: |
| − | + | <source lang="xml"><filter-mapping> | |
| − | + | <filter-name>NtlmHttpFilter</filter-name> | |
| − | + | <url-pattern>/*</url-pattern> | |
| − | + | </filter-mapping></source> | |
| − | & | + | 5. Stop and restart the Tomcat web server by running the '''pdm_tomcat_nxd -c stop''' then '''pdm_tomcat_nxd -c start''' |
Additional information for configuring Tomcat using jcifs can be found at http://jcifs.samba.org/src/docs/faq.html#ukhost and http://jcifs.samba.org/src/docs/api/overview-summary.html#scp | Additional information for configuring Tomcat using jcifs can be found at http://jcifs.samba.org/src/docs/faq.html#ukhost and http://jcifs.samba.org/src/docs/api/overview-summary.html#scp | ||
| Line 75: | Line 75: | ||
[[LDAP Integration]] | [[LDAP Integration]] | ||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
Revision as of 12:49, 18 November 2010
To discuss or ask questions about this article, select the discussion tab above.
Overview
This article details the procedures for permitting users to bypass entering their login credentials.
Configure Service Desk
Configure the Access Type to Allow External Authentication and set the Validation Type to OS-Use Operating System Authentication.
Option 1: Configure IIS
- Launch the IIS Manager and expand web sites and locate the CAisd virtual directory.
- Right-click on CAisd and select Properties
- Select the Directory Security tab and select the edit button under Authentication and access control.
- Uncheck Enable Anonymous Access and check Integrated Windows Authentication
The changes should work immediately. But if they do not, recycle the IIS.
Option 2: Configure Tomcat
- Download the latest jcifs.jar file from http://jcifs.samba.org/.
- Place the file in the $NX_ROOT\bopcfg\www\CATALINA_BASE\webapps\CAisd\WEB-INF\lib directory.
- Edit the web.xml located at $NX_ROOT\bopcfg\www\CATALINA_BASE\webapps\CAisd\WEB-INF\ by locating the <!-- Add filter here --> line and place the following code directly below it:
<source lang="xml"><filter>
<filter-name>NtlmHttpFilter</filter-name>
<filter-class>jcifs.http.NtlmHttpFilter</filter-class>
<init-param>
<param-name>jcifs.http.domainController</param-name>
<param-value>YOUR DOMAIN</param-value>
</init-param>
</filter> </source>
Note: Replace YOUR DOMAIN with your domain name (servicedeskusers.com) or domain controller (dcl).
4. Then locate <!-- Add filter-mapping here -->, and place the following code directly below it:
<source lang="xml"><filter-mapping>
<filter-name>NtlmHttpFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping></source>
5. Stop and restart the Tomcat web server by running the pdm_tomcat_nxd -c stop then pdm_tomcat_nxd -c start
Additional information for configuring Tomcat using jcifs can be found at http://jcifs.samba.org/src/docs/faq.html#ukhost and http://jcifs.samba.org/src/docs/api/overview-summary.html#scp
Notice
When running the Service Desk Configuration Utility (pdm_configure), the above changes will need to be reimplemented as the configuration process will reset them.
eIAM, which CA Workflow uses for authentication, does not have single sign-on capabilities. As a result, CA Workflow is not capable of single sign-on. However, the the rumor is that CA Workflow version 1.1 which will be packaged with Service Desk r12 will have this capability.
