SSO properties in IBM® TRIRIGA®
Several properties control an IBM TRIRIGA SSO configuration.
Property | Options | Default | Description |
---|---|---|---|
SSO | N, Y | N | If set to Y, the environment runs in single sign-on (SSO) mode. |
SSO_BACKING_SERVER_PORT | number | -1 | The port number that is used by the back-end server. If the SSO server port does not match the back-end server port, this property must be set. If -1 or any other negative value is set for this property, then the port number that is set for the front-end server is also set for the back-end server port. |
SSO_DISABLE_UNAUTHORIZED_STATUS | N, Y | N |
The unauthorized.jsp page sends an HTTP Error 401 response in the HTTP Header. If set to Y, the header response is disabled. If you want the HTTP Error 401 response sent, set this property to N. |
SSO_REMOTE_USER | N, Y | Y | If set to Y, the When the value of SSO_USER_PRINCIPAL is Y, set SSO_REMOTE_USER to N. |
SSO_REMOVE_DOMAIN_NAME | N, Y | Y | If set to Y, the prefixed or appended domain name is removed from the directory server user name that is passed by using the SSO_REMOTE_USER property.
|
SSO_REQUEST_ATTRIBUTE_NAME | [headername], sm_user, [username], [$WSRU] | headername | The name of the property that is inserted into the HTTP header whose value is the IBM TRIRIGA user name. The value can be blank.
Tip: This property will take priority over SSO_REMOTE_USER and
SSO_USER_PRINCIPAL. Make sure the value of
SSO_REQUEST_ATTRIBUTE_NAME is blank if you use
SSO_REMOTE_USER=Y or SSO_USER_PRINCIPAL=Y.
This property is case sensitive. Use the requestTest.jsp page to check the correct parameter name. When not in use, it must be set to a non-blank value. If the user name is stored in a distinct HTTP attribute variable, set SSO_REMOTE_USER to N, and set this property to the HTTP attribute name. In some systems, you can define the variable name in which the user name is located. In this case, set this property to the variable name in your system. |
SSO_USER_PRINCIPAL | N, Y | N | If the system is configured to append the User Principal Name (UPN) to the HTTP header, set this property to Y. If set to Y,
the HTTP header parameter UserPrincipal is used,
and the user name is retrieved by calling the When the value is Y, set the value of the SSO_REMOTE_USER property to N. |
USERNAME_CASE_SENSITIVE | N, Y | Y | If set to Y, sign-in user names are case-sensitive. If you want to authenticate without case sensitivity, set this property to N. |
Some Java Applets prompt for the Windows user name and password, which is a known security issue with the Java plug-in and SSO. Affected applets might include: Brava! Document Viewer, Gantt, Association Viewer, and Workflow Expression Editor. Enter the SSO user name and password again to gain access to these applets.