Implementing Web Remote Single Sign-On with PPM Center This section provides information on how to implement Web remote single sign-on with PPM Center. This implementation is based on NTLM authentication and requires that the PPM Server(s) be integrated with an external Web server running Microsoft IIS. Web remote single sign-on works with PPM Center as follows: 1. A user logs in to a Windows desktop. 2. The user accesses PPM Center through the external (IIS) Web server. 3. The user is authenticated through the Windows user account to IIS and the user name is passed to the PPM Server by way of the REMOTE_USER HTTP header field. 4. If the user is a valid PPM Center user, the standard interface and PPM Dashboard open.
Requirements for Implementing Web Remote Single Sign-On
To implement Web remote single sign-on, your system must meet the following requirements: PPM Center must be set up with an external Microsoft IIS Web server. Clients must use Microsoft Internet Explorer to log on to PPM Center. Logon credentials are not automatically passed from Web browsers other than Internet Explorer (for example, Firefox) when connecting to IIS.
Setting Up Web Remote Single Sign-On with PPM Center To configure Web remote single sign-on with PPM Center: 1. Integrate the external IIS Web server with the PPM Server(s). 2. On the PPM Server, do the following: a. Stop the PPM Server. b. Open the server.conf file in a text editor, and then add to it the following:
c. Save and then close the server.conf file. d. Run the kUpdateHtml.sh script.
3. On the IIS external Web server, do the following: a. From IIS Microsoft Management Console, select the default Web site. b. Right-click the default Web site, and then click Properties on the shortcut menu. c. Click the Directory Securities tab. d. Under Anonymous access, click Edit. e. Deselect the Anonymous Access checkbox. f. Leave the Integrated Windows authentication checkbox selected.
g. Click OK. h. Click OK. i. Stop, and then restart the IIS Windows service.
Implementing Generic Single Sign-On with PPM Center This section provides information on how to configure PPM Center to use the generic single sign-on module to integrate with third-party authentication servers. Single sign-on works as follows: 1. A user logs on to a portal that has been configured to use a third-party authentication application. 2. The user accesses the PPM Center standard interface through an external Web Server integration that is part of the logged-in domain. 3. The PPM Server receives the user information through the HTTP header specified in the sso.conf file.
4. If the user is a valid PPM Center user, he is granted access to the PPM Center standard interface and PPM Dashboard. Requirements for Implementing Generic Single Sign-On To implement generic single sign-on with PPM Center, your PPM Center system be integrated with an external Web server (Sun Java System Web Server, an Apache-based server, or IIS).
Setting Up Generic Single Sign-On with PPM Center To implement generic single sign-on: 1. Regarding the third-party authentication application you plan to use: a. To configure the third-party application, follow the instructions provided with the application. b. Verify that the PPM Center user is also a valid single sign-on user and can be authenticated. 2. External Web server: a. Integrate PPM Center with the external Web server.
b. Configure the external Web server to integrate with the third-party authentication application. For information on how to do this, see the documentation provided with the with third-party authentication application. c. Make sure that the authenticated user’s HTTP request is forwarded to the PPM Server with the user ID inserted into the HTTP header specified in the sso.conf file
3. PPM Server configuration a. Verify that the sso.conf file has the following setting. USERNAME=<Authenticated_User_Header> where <Authenticated_User_Header> is the header your single sign-on system uses to store the user ID of the authenticated user. For example, CA SiteMinder uses HTTP_SM_USER.
b. Add the following line to the server.conf file. com.kintana.core.server.SINGLE_SIGN_ON_PLUGIN=com.kintana.sc.security.auth.GenericSingleSignOn c. Run the kUpdateHtml.sh script, which is located in the <PPM_Home>/bin directory. 4. Stop, and then restart the PPM Server.
-- Remember to give Kudos to answers! (click the KUDOS star)