SiteMinder Use Case: Single Sign-On to Openspace (or Workspace) and ActiveMatrix BPM REST Services

If the user has signed on to TIBCO Openspace or TIBCO Workspace, they can also run a custom application that makes calls to ActiveMatrix BPM REST services without having to sign on again.

Prerequisites

  • The user is in an LDAP directory that is accessible by SiteMinder and ActiveMatrix BPM via Shared Resources.
  • Openspace's config.properties file contains the following setting:

    authenticate=0, which means that the Openspace sign-on screen is not displayed if the user is already authenticated

  • Workspace's config.xml file contains the following setting:

    <record jsxid="authenticationMode" mode="useSessionByDefault">, which means that the Workspace sign-on screen is not displayed if the user is already authenticated

Procedure

  1. The user accesses Openspace (or Workspace).
  2. Openspace (or Workspace) looks for a SiteMinder session cookie, SMSESSION, for the user's browser session.
  3. Openspace (or Workspace) cannot find an SMSESSION cookie, so it displays the Openspace (or Workspace) sign-on screen.
  4. The user provides their credentials.
  5. Openspace (or Workspace) passes the credentials to SiteMinder.
  6. SiteMinder authenticates the user and creates an SMSESSION cookie for the user's browser session.
  7. Openspace (or Workspace) grants access to the user.
  8. From the same browser session, the user runs a custom application that makes calls to ActiveMatrix BPM REST services.
  9. When a REST service is called, it looks for an SMSESSION cookie for the user's browser session.
  10. The REST service finds an SMSESSION cookie, so it grants access to the custom application, without displaying the application's sign-on screen to the user.

Result

The user can use Openspace (or Workspace) and the custom application without having to sign on more than once.