You can enable Web Single Sign-On (SSO) by running SQL
commands in the SQL interface. You must be a global administrator
to enable Web SSO.
Before you begin
- You must have a Web SSO server for authentication.
- Configure your network so that Rational® Focal Point™ can
be accessed only by using the Web SSO server (HTTP proxy).
- For all Web SSO-enabled users in Rational Focal Point whose
authentication is set to Web Single Sign-On, the Web SSO user names
that are sent in the HTTP headers by the Web SSO server, must be identical
to the login names in Rational Focal Point.
- Make sure that you know how Web SSO affects Rational Focal Point.
For more information, see “Effects of enabling Web Single Sign-On.”
Note: When a user is authenticated, Web SSO adds HTTP headers
to each user request and ensures that headers are not in requests
that are made by users who are not authenticated.
Procedure
- Configure your Web SSO solution.
- Configure at least one HTTP header to contain the user
name of the authenticated user. This user name will be used to match
with the login name of a Web SSO user in Rational Focal Point.
Note: In addition, two more HTTP headers can be configured with
values. The values of these additional headers are only used to check
for the existence of the headers in Rational Focal Point.
A header of any type can be configured in the Web SSO server as Rational Focal Point can
check for these headers.
- Include the headers in each HTTP request that is sent
to Rational Focal Point.
- Configure Rational Focal Point.
Rational Focal Point can
check a maximum of three HTTP headers that are sent by the Web SSO
server. Rational Focal Point checks
the following three headers by default: HTTP_SM_AUTHENTIC, HTTP_SM_AUTHORIZED, HTTP_SM_USER. Rational Focal Point checks
the HTTP_SM_USER header for the user name and matches
with the login names of Web SSO users. The headers HTTP_SM_AUTHENTIC, HTTP_SM_AUTHORIZED are
only checked for existence. These headers must contain a valid value
but the value is not checked.
- Click .
- At a command prompt, type update
configurationproperties set value='true' where name='websso.enable'
- Restart the server.
- Click . For the users who you want to authenticate
by using Web SSO, set the Authentication attribute to Web
Single Sign-On.