Single Sign-On (SSO) in Sterling File Gateway requires
authentication using a vendor external Access Management System (AMS).
- Configure an external Access Management System (AMS) to
access a repository for user information.
- For each AMS user who requires access to Sterling File Gateway, create
an account in your AMS.
- For each AMS user who requires access to Sterling File Gateway, create
an external user account in Sterling B2B Integrator that matches
the AMS account created in step 2. For users created using Sterling File Gateway partner
onboarding, edit the user account in the B2B Console (Accounts > User
Accounts) to specify the user as an external user.
Note: Users
who are set up as external users cannot view the Change Password page
in Sterling File Gateway (Profile > Password).
- For vendor software integration, you must provide a custom
plug-in that enables Sterling File Gateway to interface
with the vendor software. Specify the name of this Java™ class plug-in:
SSO_AUTHENTICATION_CLASS.1=
com.sterlingcommerce.fg.security.SSOProviderFilegatewayDefault
replacing com.ibm.fg.security.SSOProviderFilegatewayDefault
with
the name of your repository.
- Create or modify the security.properties file
to modify the security.properties. Enable SSO by setting the property:
security.SSO_AUTHENTICATION_ENABLED=true
- In the customer_overrides.properties file,
configure a custom log out page to specify where the user is taken
when Log Out is selected. For example:
security.SSO_FORWARD_URL.FILEGATEWAY.LOGOUT=
http://www.google.com/search?q=logout
security.SSO_FORWARD_URL.MYFILEGATEWAY.LOGOUT=
http://www.google.com/search?q=logout
- In the customer_overrides.properties file,
configure a custom time out page to specify where the user is taken
when the session times out. For example:
security.SSO_FORWARD_URL.FILEGATEWAY.TIMEOUT=
http://www.google.com/search?q=timeout
security.SSO_FORWARD_URL.MYFILEGATEWAY.TIMEOUT=
http://www.google.com?q=timeout
- In the security.properties file, specify
the HTTP Header name that will contain the user name being passed
into Sterling File Gateway by
editing the value:
## http header variable that contains externally authenticated
userid
security.SSO_USER_HEADER=SM_USER
- Configure the AMS to pass in the user name of the external
user created in Sterling B2B Integrator using
an HTTP Header. Refer to the vendor software documentation for how
to do this.
When a user that has previously been authenticated by the
AMS requests access to Sterling File Gateway or myFileGateway,
the user bypasses the login page, and is taken to the home page respective
of that user's role. For example, a user belonging to the fg_architect
group is taken directly the Routing Channel Template page, and a fg_operator
user is taken to the Route Activity Page.