Single Sign-on

From SDU
Revision as of 00:39, 18 November 2010 by Agegeleruvy (Talk | contribs)

Jump to: navigation, search

>

To make corrections or additions to this article, select the edit tab above.
To discuss or ask questions about this article, select the discussion tab above.

Overview

This article details the procedures for permitting users to bypass entering their login credentials.

Configure Service Desk

r11.x Screenshot - Access Type
Configure the Access Type to Allow External Authentication and set the Validation Type to OS-Use Operating System Authentication.







Option 1: Configure IIS

r11.x Screenshot - IIS
  1. Launch the IIS Manager and expand web sites and locate the CAisd virtual directory.
  2. Right-click on CAisd and select Properties
  3. Select the Directory Security tab and select the edit button under Authentication and access control.
  4. Uncheck Enable Anonymous Access and check Integrated Windows Authentication


The changes should work immediately. But if they do not, recycle the IIS.






Option 2: Configure Tomcat

  1. Download the latest jcifs.jar file from http://jcifs.samba.org/.
  2. Place the file in the $NX_ROOT\bopcfg\www\CATALINA_BASE\webapps\CAisd\WEB-INF\lib directory.
  3. Edit the web.xml located at $NX_ROOT\bopcfg\www\CATALINA_BASE\webapps\CAisd\WEB-INF\ by locating the <nowiki><!-- Add filter here --></nowiki> line and place the following code directly below it:

<source lang="xml"><filter> <filter-name>NtlmHttpFilter</filter-name> <filter-class>jcifs.http.NtlmHttpFilter</filter-class> <init-param> <param-name>jcifs.http.domainController</param-name> <param-value>YOUR DOMAIN</param-value> </init-param> </filter> </source> &nbsp;&nbsp;&nbsp;&nbsp;Note: Replace YOUR DOMAIN with your domain name (servicedeskusers.com) or domain controller (dcl). <br><br> &nbsp;&nbsp;&nbsp;&nbsp;4. Then locate <nowiki><!-- Add filter-mapping here --></nowiki>, and place the following code directly below it: <source lang="xml"><filter-mapping> <filter-name>NtlmHttpFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping></source>

&nbsp;&nbsp;&nbsp;&nbsp;5. Stop and restart the Tomcat web server by running the pdm_tomcat_nxd -c stop then pdm_tomcat_nxd -c start

Additional information for configuring Tomcat using jcifs can be found at http://jcifs.samba.org/src/docs/faq.html#ukhost and http://jcifs.samba.org/src/docs/api/overview-summary.html#scp

Notice

When running the Service Desk Configuration Utility (pdm_configure), the above changes will need to be reimplemented as the configuration process will reset them.

eIAM, which CA Workflow uses for authentication, does not have single sign-on capabilities. As a result, CA Workflow is not capable of single sign-on. However, the the rumor is that CA Workflow version 1.1 which will be packaged with Service Desk r12 will have this capability.

See Also

Single Sign-on with Cookies

LDAP Integration

UNDER COSTRUCTION, PLEASE SEE THIS POST IN RESERVE COPY

CLICK HERE

Retrieved from "http://greggsmith.net/wiki/index.php?title=Single_Sign-on&oldid=4102"