SiteMinder Use Case: Single Sign-On to Openspace and Workspace

If the user has signed on to TIBCO Openspace, they can also use TIBCO Workspace without having to sign on again. The opposite applies too: if the user has signed on to Workspace, they can also use Openspace without having to sign on again.

Prerequisites

  • The user is in an LDAP directory that is accessible by SiteMinder and ActiveMatrix BPM via Shared Resources.
  • Openspace's config.properties file contains the following setting:

    authenticate=0, which means that the Openspace sign-on screen is not displayed if the user is already authenticated

  • Workspace's config.xml file contains the following setting:

    <record jsxid="authenticationMode" mode="useSessionByDefault">, which means that the Workspace sign-on screen is not displayed if the user is already authenticated

Procedure

  1. The user accesses Openspace.
  2. Openspace looks for a SiteMinder session cookie, SMSESSION, for the user's browser session.
  3. Openspace cannot find an SMSESSION cookie, so it displays the Openspace sign-on screen.
  4. The user provides their credentials.
  5. Openspace passes the credentials to SiteMinder.
  6. SiteMinder authenticates the user and creates an SMSESSION cookie for the user's browser session.
  7. Openspace grants access to the user.
  8. From the same browser session, the user accesses Workspace.
  9. Workspace looks for an SMSESSION cookie for the user's browser session.
  10. Workspace finds an SMSESSION cookie, so it grants access to the user, without displaying the Workspace sign-on screen.

Result

The user can use Openspace and Workspace without having to sign on more than once.