Setting up Single Sign-On

To set up the single sign-on, you need to configure the SiteMinder Pluggable Login Module and SiteMinder headers using the Configurator.

Procedure

  1. Select Authentication > Authentication Type > Site Minder.
  2. Specify sm as authentication manager, and the module used for SiteMinder Authentication.
    1. Set the following two properties using the Configurator as:
    • Configurator > Authentication > Authentication Type > Site Minder = sm
(com.tibco.cim.init.AuthenticationManager.authentication=sm)
  3. Set the property for the logout URL as:

    Configurator > Site Minder > SiteMinder Logout URL

    (authentication.sm.logout.url=http://www.YourOrg.com)

    www.YourOrg.com specifies the URL where a valid SiteMinder user is redirected to logout. Also, if TIBCO MDM authentication fails for a user authenticated by SiteMinder, the user is redirected to logout URL.

  4. Set the default enterprise name as:
    Configurator  >  Authentication  >  Authentication Type  >  Site Minder> SiteMinder Default Enterprise Name (com.tibco.cim.authentication.entperprise.name=YourOrg)

    The enterprise name specified in the login headers identify the user's enterprise. However, if the header does not contain an enterprise name, you can specify the default enterprise name using this property. If an enterprise name is not found in the HTTP header, the default enterprise name is used.

  5. Configure HTTP Headers for UserName, Role, and Enterprise for authentication. See Single Sign-On Properties.
  6. Also, configure the pattern if the header is to be parsed to get the required value. The pattern can be applied to all headers as needed.

    For example, to parse a user from a user header with pattern “Admin-joe” (Role-user):

    authentication.sm.user.parsepattern=.*-(.*)

Result

In the expression “.*-(.*)“ parses string “Admin-joe”, the part of string after “-“ is picked up as the user, in this case “joe.”