Enabling Web Single Sign-On

You can enable Web Single Sign-On (SSO) by running SQL commands in the SQL interface. You must be a global administrator to enable Web SSO.

Before you begin

Note: When a user is authenticated, Web SSO adds HTTP headers to each user request and ensures that headers are not in requests that are made by users who are not authenticated.

Procedure

  1. Configure your Web SSO solution. The default HTTP headers are: HTTP_SM_AUTHENTIC, HTTP_SM_AUTHORIZED, HTTP_SM_USER.
    1. Make sure that the headers are added to each HTTP request that is passed by the Web SSO solution.
    2. To use other parameters, insert the parameters in the configuration parameters by running the following SQL commands in Rational Focal Point. Replace authentic_header_name, authorized_header_name, and user_header_name with the parameter name that you want to use.
      • insert into configurationproperties (name,value) values ('HTTP_SM_AUTHENTIC','authentic_header_name')
      • insert into configurationproperties (name,value) values ('HTTP_SM_AUTHORIZED','authorized_header_name')
      • insert into configurationproperties (name,value) values ('HTTP_SM_USER','user_header_name')
    3. You can configure Rational Focal Point to view one or two HTTP headers when a user logs in. Only the header that contains the user name for the authenticated user is required. For example, if SSO_USER is the user name header in an SSO solution, Rational Focal Point is configured as follows:
      • HTTP_SM_AUTHENTIC="SSO_USER"
      • HTTP_SSM_AUTHORIZED="SSO_USER"
      • HTTP_SM_USER="SSO_USER"
  2. Click Advanced > SQL.
  3. At a command prompt, type update configurationproperties set value='true' where name='websso.enable'
  4. Restart the server.
  5. Click Users > Manage Users. For the users who you want to authenticate by using Web SSO, set the Authentication attribute to Web Single Sign-On.

Feedback