Implementing Single Sign-On in Sterling File Gateway

Single Sign-On (SSO) in Sterling File Gateway requires authentication using a vendor external Access Management System (AMS).

To enable SSO:

  1. Configure an external Access Management System (AMS) to access a repository for user information.
  2. For each AMS user who requires access to Sterling File Gateway, create an account in your AMS.
  3. For each AMS user who requires access to Sterling File Gateway, create an external user account in Sterling B2B Integrator that matches the AMS account created in step 2. For users created using Sterling File Gateway partner onboarding, edit the user account in the B2B Console (Accounts > User Accounts) to specify the user as an external user.
    Note: Users who are set up as external users cannot view the Change Password page in Sterling File Gateway (Profile > Password).
  4. For vendor software integration, you must provide a custom plug-in that enables Sterling File Gateway to interface with the vendor software. Specify the name of this Java™ class plug-in: 
    SSO_AUTHENTICATION_CLASS.1=
com.sterlingcommerce.fg.security.SSOProviderFilegatewayDefault

    replacing com.ibm.fg.security.SSOProviderFilegatewayDefault with the name of your repository.

    See Using Single Sign-On in the IBM Sterling B2B 5.2 Information Center.
  5. Create or modify the security.properties file to modify the security.properties. Enable SSO by setting the property: 
    security.SSO_AUTHENTICATION_ENABLED=true
  6. In the customer_overrides.properties file, configure a custom log out page to specify where the user is taken when Log Out is selected. For example: 
    security.SSO_FORWARD_URL.FILEGATEWAY.LOGOUT=
http://www.google.com/search?q=logout
security.SSO_FORWARD_URL.MYFILEGATEWAY.LOGOUT=
http://www.google.com/search?q=logout
  7. In the customer_overrides.properties file, configure a custom time out page to specify where the user is taken when the session times out. For example: 
    security.SSO_FORWARD_URL.FILEGATEWAY.TIMEOUT=
http://www.google.com/search?q=timeout
security.SSO_FORWARD_URL.MYFILEGATEWAY.TIMEOUT=
http://www.google.com?q=timeout
  8. In the security.properties file, specify the HTTP Header name that will contain the user name being passed into Sterling File Gateway by editing the value: 
    ## http header variable that contains externally authenticated 
userid 
security.SSO_USER_HEADER=SM_USER
  9. Configure the AMS to pass in the user name of the external user created in Sterling B2B Integrator using an HTTP Header. Refer to the vendor software documentation for how to do this.

When a user that has previously been authenticated by the AMS requests access to Sterling File Gateway or myFileGateway, the user bypasses the login page, and is taken to the home page respective of that user's role. For example, a user belonging to the fg_architect group is taken directly the Routing Channel Template page, and a fg_operator user is taken to the Route Activity Page.