SUPPORT NOTIFICATION for non-browser TRIRIGA clients such as CAD Integrator, BIM, and Microsoft Outlook add-in
JeffLong 270005B0Q4 Visits (10863)
IBM TRIRIGA does not support SAML (Security Assertion Markup Language) or credential-less login mechanisms such as SmartCard or CAC (Common Access Card) as a method of authentication for its non-browser clients such as CAD Integrator, BIM, and the Microsoft Outlook add-in.
SSO solutions need to provide a mechanism for basic authentication as per the documentation in the "Requirements for single sign-on requests in the TRIRIGA Application Platform" for non-browser clients. SAML and SmartCard or CAC do not support basic authentication for non-browser based clients.
The best practice if using SAML or SmartCard/CAC, is to authenticate directly to Tririga on a separate process server or integration server as opposed to the SSO enabled application server. (NOTE: These users will need to know thier Tririga user name and password to sign in using this solution.)
An alternative best practice would be to set up a separate non-SAML SSO solution for non-browser client users which can support basic or NTLM authentication. (NOTE: SmartCard/CAC users would need to know their SmartCard/CAC user name and password to sign in using this solution.)
Chris K 270004Y3TR Visits (10859)
Configuring secured SAML with WebSphere requires web pages to be protected. The design of the TRIRIGA application does not currently allow you to set up the EAR or WAR (depending on TRIRIGA platform release) to include web page protection. The ability to protect the web pages in this manner would require a major change in the TRIRIGA platform, so this would not be viewed as a defect but as an enhancement.
So, what can I do to get this level of security? Your best option is to check the Request For Enhancement (RFE) site to see if someone has already requested that this be required in a future release. If an RFE exists, vote for it. The more votes an RFE has, the more likely it is to be included in a future release. If an RFE does NOT exist, create one and be sure to go to the Service Management Connect (SMC) forum and solicit votes for your enhancement request. Below is information about the RFE process that I provide to customers when a PMR leads to this sort of issue.
You might consider submitting an enhancement request via the Tivo
On the RFE page, there are 2 pick lists under the title Filter the page content by brand and product that will help you start the search process for existing RFEs regarding the TRIRIGA application. Set the left hand pick list to Internet of Things and set the right hand pick list to IBM TRIRIGA Platform. Next to this right hand pick list is an arrow pointing right. Click on it and the list will automatically filter based on the selections in the pick lists. Underneath these pick lists is a search text field. You can enter text there to further refine your search. For this issue, I typed SAML in that field and clicked the Enter key. There are 2 RFE entries listed as a result. If, after reviewing the entries, you determine they do not fit your requirements, create a new RFE. If the existing entries DO fit your requirements, vote for them.
Inside each RFE record is an ID field. This field is immediately below the title of the RFE. In order to solicit votes for your RFE, navigate to the SMC forum for IBM TRIRIGA Platform and create a new forum entry with the title of your RFE. In that forum post, be sure to include the merits of your RFE and provide the ID. This will make it easier for people who want to vote for your RFE to find it via the RFE home page. Remember, the more votes for a particular RFE, the more likely it is to be considered for a future release of the IBM TRIRIGA Platform.