Single Sign-On Properties
The following SiteMinder specific properties should be configured to enable authentication with SiteMinder.
These properties can be set using the Configurator.
Property in the Configurator | Description |
---|---|
Authentication > Site Minder > SiteMinder User Name HTTP Header (authentication.sm.user=SM_USERNAME) |
Login-ID/Username. |
Authentication > Site Minder > SiteMinder Last Name HTTP Header(authentication.sm.lastName=SM_LASTNAME) Authentication > Site Minder > SiteMinder First Name HTTP Header(authentication.sm.firstName=SM_FIRSTNAME) |
Last name and first name. |
Authentication > Site Minder > SiteMinder Role HTTP Header(authentication.sm.role=GROUP) | Role List. |
Authentication > Site Minder > Role List separator(authentication.sm.role.separator=SM_SEPARATOR) | Separator between role names. This property extracts each role from the role list. |
Authentication > Site Minder > SiteMinder Enterprise HTTP Header(authentication.sm.enterprise=SM_ENTERPRISE) | Enterprise. |
Authentication > Site Minder > SiteMinder Vendor Identifier (authentication.sm.VendorID=VENDORID) | Vendor ID. |
Authentication > Site Minder > SiteMinder HTTP Session Vars (authentication.sm.sessionVariables=VendorID) | SiteMinder HTTP Headers added to user sessions and in business rules. |
Authentication > Site Minder > SiteMinder User Parser Pattern (authentication.sm.user.parsepattern) |
Pattern to apply on header to obtain user name. If no pattern is specified, no parsing is done. |
Authentication > Site Minder > SiteMinder Role Parser Pattern (authentication.sm.role.parsepattern) |
Pattern to apply on header to obtain role name. If no pattern is specified, no parsing is done. |
Authentication > Site Minder > SiteMinder First Name Parser Pattern (authentication.sm.firstName.parsemethod.awk) |
Pattern to apply on header to obtain the first name. If no pattern is specified, no parsing is done. |
Authentication > Site Minder > SiteMinder Last Name Parser (authentication.sm.lastName.parsepattern) |
Parser to use for parsing the last name. If none specified, no parsing will be done. |
Authentication > Site Minder > Web service header extractor | Refers to the Java class that is used to extract headers from web service. For details about the header extractor, see the section Header Extractors. The default value is com.tibco.mdm.integration.webservice.HeaderExtractor. |
Following table lists the map of single sign-on properties to user attributes.
Property | User Attribute | Description | Optional? |
---|---|---|---|
authentication.sm.firstName | First Name | First name of the user | Yes, if not provided during creation, defaults to login name. |
authentication.sm.middleName | Middle Name | Middle name of the user | Yes, if not provided during creation, defaults to null. |
authentication.sm.lastName | Last Name | Last name of the user | Yes, if not provided during creation, defaults to login name. |
authentication.sm.role | List of roles | Roles assigned to user, these roles are mapped to the internal TIBCO MDM roles | Mandatory for create, optional for update. |
authentication.sm.dateFormat | Date format | User preferred date format - no validation is done | Yes, if not provided, null |
authentication.sm.timeFormat | Time format | User preferred time format - no validation is done | Yes, if not provided, null |
authentication.sm.locale | Locale | User preferred locale - no validation is done | Yes, if not provided, null. |
authentication.sm.language | Language | User preferred language - no validation is done | Yes, if not provided, null. |
authentication.sm.partitioningKey | Partitioning Key | User preferred Partitioning Key - no validation is done | Yes, if not provided, null. |
Other properties which control the login process similar to LDAP are described in the table "Other Login Properties" of the topic Default LDAP Properties.