You can enable Web Single Sign-On (SSO) by running SQL
commands in the SQL interface. You must be a global administrator
to enable Web SSO.
Before you begin
- You must have a Web SSO server for authentication.
- Configure your network so that Rational® Focal Point™ can
be accessed only by using the Web SSO server (HTTP proxy).
- For all Web SSO-enabled users, the Web SSO user names must be
identical to the login names in Rational Focal Point.
- Make sure that you know how Web SSO affects Rational Focal Point.
For more information, see “Effects of enabling Web Single Sign-On.”
Note: When a user is authenticated, Web SSO adds HTTP headers
to each user request and ensures that headers are not in requests
that are made by users who are not authenticated.
Procedure
- Configure your Web SSO solution. The default HTTP headers
are: HTTP_SM_AUTHENTIC, HTTP_SM_AUTHORIZED, HTTP_SM_USER.
- Make sure that the headers are added to each HTTP request
that is passed by the Web SSO solution.
- To use other parameters, insert the parameters in the
configuration parameters by running the following SQL commands in Rational Focal Point.
Replace authentic_header_name, authorized_header_name,
and user_header_name with the parameter name that you want
to use.
- insert into configurationproperties (name,value) values
('HTTP_SM_AUTHENTIC','authentic_header_name')
- insert into configurationproperties (name,value) values
('HTTP_SM_AUTHORIZED','authorized_header_name')
- insert into configurationproperties (name,value) values
('HTTP_SM_USER','user_header_name')
- You can configure Rational Focal Point to
view one or two HTTP headers when a user logs in. Only the header
that contains the user name for the authenticated user is required.
For example, if SSO_USER is the user name header in an SSO solution, Rational Focal Point is
configured as follows:
- HTTP_SM_AUTHENTIC="SSO_USER"
- HTTP_SSM_AUTHORIZED="SSO_USER"
- HTTP_SM_USER="SSO_USER"
- Click .
- At a command prompt, type update
configurationproperties set value='true' where name='websso.enable'
- Restart the server.
- Click . For the users who you want to authenticate
by using Web SSO, set the Authentication attribute to Web
Single Sign-On.