Before you enable Web Single Sign-On (SSO), make sure that
you know how Rational® Focal Point™ is
affected.
The following features change when Web SSO is enabled. To
access these features, users must be authenticated in Web SSO.
- If the Web SSO HTTP headers are present and you have a Rational Focal Point account,
you are logged in to Rational Focal Point while
the login URL is requested.
- If you do not have a Rational Focal Point account,
an error occurs.
- If the Web Single Sign-On HTTP headers are not present, the Login page
is displayed.
- If you have a Rational Focal Point account
but your Authentication attribute is not set to Web Single
Sign-On, the Login page is displayed.
This situation occurs only if the Web SSO solution allows access without
setting the Web SSO HTTP headers.
- When Web SSO is enabled, the following changes occur to login
and password settings:
- The Rational Focal Point password
is not used for Web SSO users.
- You cannot change passwords from the Preferences page.
- The following security settings are not applicable for Web SSO
users:
- Force Password Change
- Password Minimum Length
- Login Name Minimum Length
- Password Maximum Age
- Password Quality
- Password Reuse
- The login settings are not applicable for Web SSO users.
- When a Web SSO user clicks Logout, the
user is logged out and the license is released, but the user is not
directed to the Login page.
- The cookie handling settings on the Login Action page
are ignored.
- When a Web SSO user clicks Send Account Information,
the user receives the login URL only.
- Almost all requests to Rational Focal Point check
for specific HTTP headers before processing occurs. HTTP headers are
ignored only when IBM® Rational Directory Server is
enabled and a Rational Directory
Server Single Sign-On token is present in the URL or is available
as a cookie. The Ping servlet is used for monitoring the application.
The Synchronization servlet and Web Services API are used for integrating Rational Focal Point with
other tools. The Ping and Synchronization servlets and Web Services
API are excluded from this check. Web SSO does not affect their functions.
- You cannot set the RSS and Public Homepage options to Require
Authentication. If you set those options to Enabled,
the RSS feed and public home page do not require authentication. If
the RSS and Public Homepage options are set to Require
Authentication, that setting is disabled automatically
when Web SSO is enabled.