Configuring single sign-on for the topology search capability

Edit online
Configure single sign-on (SSO) between the Dashboard Application Services Hub that hosts the Network Manager IP Edition GUI components and Operations Analytics - Log Analysis so that users can switch between the two products without having to log in each time. First, create dedicated users in your LDAP directory, which must be used by both products for user authentication, and then configure the SSO connection.

Procedure

  1. Create the dedicated users and groups in your LDAP directory.
    For example:
    1. Create a new Organization Unit (OU) named NetworkManagement.
    2. Under the NetworkManagement OU, create a new group named itnmldap.
    3. Under the NetworkManagement OU, create the following new users: itnm1, itnm2, itnm3, and itnm4.
    4. Add the new users to the itnmldap group.
  2. In Dashboard Application Services Hub, assign the itnmldap group that you created in step 1 to a Network Manager IP Edition user group that can access the Network Views.
    Network Manager IP Edition user roles are controlled by assignments to user groups. Possible user groups that can access the Network Views are Network_Manager_IP_Admin and Network_Manager_User.
  3. Configure the SSO connection from the Operations Analytics - Log Analysis product to the Dashboard Application Services Hub instance in which Network Manager IP Edition is hosted.
    For more information about configuring SSO for Operations Analytics - Log Analysis, see the Operations Analytics - Log Analysis documentation.
    The following steps of the Operations Analytics - Log Analysis SSO configuration are important:
    • Assign Operations Analytics - Log Analysis roles to the users and groups that you created in step 1.
    • In the $SCALAHOME/wlp/usr/servers/Unity/server.xml/server.xml file, ensure that the <webAppSecurity> element has a httpOnlyCookies="false" attribute. Add this line before the closing </server> element. For example:
      	<webAppSecurity ssoDomainNames="hostname" httpOnlyCookies="false"/>
</server>
      The httpOnlyCookies="false" attribute disables the httponly flag on the cookie that is generated by Operations Analytics - Log Analysis and is required to enable SSO with Network Manager IP Edition GUI.