Difference between revisions of "Single Sign-on"

From SDU
Jump to: navigation, search
m
m (Reverted edits by Agegeleruvy (Talk); changed back to last version by FrankTR)
 
(14 intermediate revisions by 4 users not shown)
Line 1: Line 1:
 
__NOTOC__
 
__NOTOC__
 +
[[Category:Authentication]]
 +
[[Category:Integration]]
 +
[[Category:r11]]
 +
{{Global Header}}
 +
{{Global Announcement}}
 +
 +
== Overview ==
 
This article details the procedures for permitting users to bypass entering their login credentials.  
 
This article details the procedures for permitting users to bypass entering their login credentials.  
  
Line 24: Line 31:
  
  
The changes should work immediately. But is they do not, recycle the IIS.
+
The changes should work immediately. But if they do not, recycle the IIS.
  
  
Line 56: Line 63:
  
 
    5.  Stop and restart the Tomcat web server by running the '''pdm_tomcat_nxd -c stop''' then '''pdm_tomcat_nxd -c start'''
 
    5.  Stop and restart the Tomcat web server by running the '''pdm_tomcat_nxd -c stop''' then '''pdm_tomcat_nxd -c start'''
 
  
 
Additional information for configuring Tomcat using jcifs can be found at http://jcifs.samba.org/src/docs/faq.html#ukhost and http://jcifs.samba.org/src/docs/api/overview-summary.html#scp
 
Additional information for configuring Tomcat using jcifs can be found at http://jcifs.samba.org/src/docs/faq.html#ukhost and http://jcifs.samba.org/src/docs/api/overview-summary.html#scp
 
  
 
== Notice ==
 
== Notice ==
 
When running the Service Desk Configuration Utility ([[pdm_configure]]), the above changes will need to be reimplemented as the configuration process will reset them.
 
When running the Service Desk Configuration Utility ([[pdm_configure]]), the above changes will need to be reimplemented as the configuration process will reset them.
  
 
+
[[eIAM]], which [[CA Workflow]] uses for authentication, does not have single sign-on capabilities. As a result, CA Workflow is not capable of single sign-on. However, the the rumor is that CA Workflow version 1.1 which will be packaged with Service Desk r12 will have this capability.
  
 
== See Also ==
 
== See Also ==
 +
[[Single Sign-on with Cookies]]
  
 
[[LDAP Integration]]
 
[[LDAP Integration]]
 
 
 
 
 
 
----
 
<div align='center'><font color="red">To make corrections or additions to this article, select the ''edit'' tab above.<br>
 
To discuss or ask questions about this article, select the ''discussion'' tab above.</font></div>
 

Latest revision as of 05:23, 30 November 2010

To make corrections or additions to this article, select the edit tab above.
To discuss or ask questions about this article, select the discussion tab above.

Overview

This article details the procedures for permitting users to bypass entering their login credentials.

Configure Service Desk

r11.x Screenshot - Access Type
Configure the Access Type to Allow External Authentication and set the Validation Type to OS-Use Operating System Authentication.







Option 1: Configure IIS

r11.x Screenshot - IIS
  1. Launch the IIS Manager and expand web sites and locate the CAisd virtual directory.
  2. Right-click on CAisd and select Properties
  3. Select the Directory Security tab and select the edit button under Authentication and access control.
  4. Uncheck Enable Anonymous Access and check Integrated Windows Authentication


The changes should work immediately. But if they do not, recycle the IIS.






Option 2: Configure Tomcat

  1. Download the latest jcifs.jar file from http://jcifs.samba.org/.
  2. Place the file in the $NX_ROOT\bopcfg\www\CATALINA_BASE\webapps\CAisd\WEB-INF\lib directory.
  3. Edit the web.xml located at $NX_ROOT\bopcfg\www\CATALINA_BASE\webapps\CAisd\WEB-INF\ by locating the <!-- Add filter here --> line and place the following code directly below it:

<source lang="xml"><filter> <filter-name>NtlmHttpFilter</filter-name> <filter-class>jcifs.http.NtlmHttpFilter</filter-class> <init-param> <param-name>jcifs.http.domainController</param-name> <param-value>YOUR DOMAIN</param-value> </init-param> </filter> </source>     Note: Replace YOUR DOMAIN with your domain name (servicedeskusers.com) or domain controller (dcl).

    4. Then locate <!-- Add filter-mapping here -->, and place the following code directly below it: <source lang="xml"><filter-mapping> <filter-name>NtlmHttpFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping></source>

    5. Stop and restart the Tomcat web server by running the pdm_tomcat_nxd -c stop then pdm_tomcat_nxd -c start

Additional information for configuring Tomcat using jcifs can be found at http://jcifs.samba.org/src/docs/faq.html#ukhost and http://jcifs.samba.org/src/docs/api/overview-summary.html#scp

Notice

When running the Service Desk Configuration Utility (pdm_configure), the above changes will need to be reimplemented as the configuration process will reset them.

eIAM, which CA Workflow uses for authentication, does not have single sign-on capabilities. As a result, CA Workflow is not capable of single sign-on. However, the the rumor is that CA Workflow version 1.1 which will be packaged with Service Desk r12 will have this capability.

See Also

Single Sign-on with Cookies

LDAP Integration

Retrieved from "http://greggsmith.net/wiki/index.php?title=Single_Sign-on&oldid=4228"