SiteMinder Use Case: Single Sign-On to Custom Web Application and Openspace (or Workspace)

If the user has signed on to a custom web application, they can also use TIBCO Openspace or TIBCO Workspace without having to sign on again.

Prerequisites

  • The user is in an LDAP directory that is accessible by SiteMinder and ActiveMatrix BPM via Shared Resources.
  • Openspace's config.properties file contains the following setting:

    authenticate=0, which means that the Openspace sign-on screen is not displayed if the user is already authenticated

  • Workspace's config.xml file contains the following setting:

    <record jsxid="authenticationMode" mode="useSessionByDefault">, which means that the Workspace sign-on screen is not displayed if the user is already authenticated

Procedure

  1. The user accesses a custom web application.
  2. The custom application looks for a SiteMinder session cookie, SMSESSION, for the user's browser session.
  3. The custom application cannot find an SMSESSION cookie, so it displays either a challenge dialog box or the custom application's sign-on screen.
  4. The user provides their credentials.
  5. The custom application passes the credentials to SiteMinder.
  6. SiteMinder authenticates the user and creates an SMSESSION cookie for the user's browser session.
  7. The custom application grants access to the user.
  8. From the same browser session, the user clicks a link in the custom application to open Openspace (or Workspace).
  9. Openspace (or Workspace) looks for an SMSESSION cookie for the user's browser session.
  10. Openspace (or Workspace) finds an SMSESSION cookie, so it grants access to the user, without displaying the Openspace (or Workspace) sign-on screen.

Result

The user can use the custom application and Openspace (or Workspace) without having to sign on more than once.