You can enable Web Single Sign-On (Web SSO) by running
SQL commands in the SQL interface. You must be a global administrator
to enable Web SSO.
Before you begin
- Identify a Web SSO server for authentication.
- Configure the network so that Rational® Focal Point™ can
be accessed only by using the Web SSO server (HTTP proxy).
- Ensure that for all users in Rational Focal Point whose
authentication is set to Web Single Sign-On, the Web SSO user names
that are sent in the HTTP headers by the Web SSO server, is identical
to the login names in Rational Focal Point.
- Make sure that you know how Web SSO affects Rational Focal Point.
For more information, see “Effects of enabling Web Single Sign-On.”
Note: HTTP headers are added to each user request for all authenticated
users who use Web SSO. These headers are not added in the requests
that are made by users who are not authenticated.
About this task
Rational Focal Point can
check a maximum of three HTTP headers that are sent by the Web SSO
server. Rational Focal Point checks
the following three headers by default:
- HTTP_SM_AUTHENTIC: Checked for existence. The
headers must contain a valid value but the value is not checked.
- HTTP_SM_AUTHORIZED: Checked for existence. The
headers must contain a valid value but the value is not checked.
- HTTP_SM_USER: Checked for the user name and matched
with the login names of Web SSO users.
If the headers that are sent by the Web SSO server is
different than the default headers, or is less than three headers,
the Rational Focal Point administrator
must execute the required SQL queries.
Procedure
- Configure the Web SSO solution.
- Configure at least one HTTP header to contain the user
name of the authenticated user. This user name will be used to match
with the login name of a Web SSO user in Rational Focal Point.
Note: A maximum of three HTTP headers can be configured to contain
the user name of the authenticated user. Default HTTP header names
can be replaced by the names provided by the user.
- Include the headers in each HTTP request that is sent
to Rational Focal Point.
- Configure Rational Focal Point.
- Click .
- At a command prompt, type update
configurationproperties set value='true' where name='websso.enable'
- Restart the server.
- In Rational Focal Point,
click . For the users who you want to authenticate
by using Web SSO, set the Authentication attribute to Web
Single Sign-On.