Modify Sterling File Gateway to Support Single Sign-On on UNIX or Linux
About this task
Before Sterling File Gateway supports single sign-on from an Sterling Secure Proxy environment, you must modify properties. Do not make changes directly to the properties files. Instead, make changes to customer_overrides.properties to prevent custom settings from being overwritten when you apply patches. The customer_overrides.properties file is not changed during upgrades or patches. If the customer_overrides.properties file is not present, you must create it. Refer to the Sterling B2B Integrator customer_overrides.properties topic for more information.
To modify Sterling File Gateway to enable single-sign on:
Procedure
- In the install_dir/properties directory, locate or create the customer_overrides.properties file.
- Open the file in a text editor and add the properties that
you want to override.
- Add the following values to configure single sign-on:
- security.SSO_FORWARD_URL.MYFILEGATEWAY.LOGOUT= /Signon/logout
- security.SSO_FORWARD_URL.MYFILEGATEWAY.TIMEOUT= /Signon/timeout
- security.SSO_FORWARD_URL.MYFILEGATEWAY. VALIDATION_FAILED=/Signon/validationerror
- security.SSO_FORWARD_URL.FILEGATEWAY.LOGOUT= /Signon/logout
- security.SSO_FORWARD_URL.FILEGATEWAY.TIMEOUT= /Signon/timeout
- security.SSO_FORWARD_URL.FILEGATEWAY. VALIDATION_FAILED=/Signon/validationerror
- security.SSO_FORWARD_URL.AFT.LOGOUT=/Signon/logout
- security.SSO_FORWARD_URL.AFT.TIMEOUT=/Signon/timeout
- security.SSO_FORWARD_URL.AFT.VALIDATION_FAILED=/Signon/validationerror
- Add the following values to configure single sign-on
for the Sterling B2B Integrator Dashboard:
- security.SSO_FORWARD_URL.WS.LOGOUT=/Signon/logout
- security.SSO_FORWARD_URL.DASHBOARD.LOGOUT=/Signon/logout
- security.SSO_FORWARD_URL.WS.TIMEOUT=/Signon/timeout
- security.SSO_FORWARD_URL.DASHBOARD.TIMEOUT=/Signon/timeout
- security.SSO_FORWARD_URL.WS.TIMEOUT=/Signon/timeout
- security.SSO_FORWARD_URL.DASHBOARD.TIMEOUT=/Signon/timeout
Note: To access dashboard using SSO, browser must request this URI:
Default Landing Page should also be set to/dashoard/sso.jsp
For Dashboard/B2BConsole:/dashoard/sso.jspneo-struts-ui.url.ws.sso=http://SSPhost:port/ws/ neo-struts-ui.url.dash.sso=http://SSPhost:port/dashboard/ - Add the following values to access Mailbox (MBI) using
single sign-on:
- security.SSO_FORWARD_URL.MAILBOX.LOGOUT=/Signon/logout
- security.SSO_FORWARD_URL.MAILBOX.TIMEOUT=/Signon/timeout
- security.SSO_FORWARD_URL.MAILBOX.VALIDATION_FAILED=/Signon/validationerror
- Add the following values to access AFT or MyAFT using
single sign-on:
- security.SSO_FORWARD_URL.AFT.LOGOUT=/Signon/logout
- security.SSO_FORWARD_URL.AFT.TIMEOUT=/Signon/timeout
- security.SSO_FORWARD_URL.AFT.VALIDATION_FAILED=/Signon/validationerror
- security.SSO_FORWARD_URL.MYAFT.LOGOUT=/Signon/logout
- security.SSO_FORWARD_URL.MYAFT.TIMEOUT=/Signon/timeout
- security.SSO_FORWARD_URL.MYAFT.VALIDATION_FAILED=/Signon/validationerror
- Add the following values to access an unknown source
using single sign-on:
- security.SSO_FORWARD_URL.LOGOUT=/Signon/logout
- security.SSO_FORWARD_URL.TIMEOUT=/Signon/timeout
- security.SSO_FORWARD_URL.VALIDATION_FAILED=/Signon/validationerror
- Add the following connection parameters to configure
the Sterling File Gateway connection
to Sterling External Authentication
Server:
- seas-sso.EA_HOST=IP address or host name of Sterling External Authentication Server
- seas-sso.EA_PORT=listen port of Sterling External Authentication
Server
Specify the appropriate secure or clear listen port from the Sterling External Authentication Server configuration.
- seas-sso.EA_PS_NAME=perimeter server used to connect to Sterling External Authentication
Server
Specify local if you do not use a perimeter server to connect to Sterling External Authentication Server.
- seas-sso.EA_SECURE_CONNECTION=trueorfalse
true sets connections to Sterling External Authentication Server as secure and false sets the connection as clear. If this parameter is true, you must also define the EA_SYSTEM_CERT and EA_TRUSTED_CERT[1].
- seas-sso.EA_SYSTEM_CERT=name of the system certificate in the system certificate store, if the connection is secure. Look up the system certificate names in Sterling B2B Integrator by navigating to Trading Partner > Digital Certificates > System.
- seas-sso.EA_TRUSTED_CERT[1]=name of the trusted certificate used
for secure connections to Sterling External Authentication
Server.
Look up the trusted certificate names in Sterling B2B Integrator by navigating
to Trading Partner > Digital
Certificates > Trusted.
If you use chained certificates and each certificate of the chain is checked in individually, you must define each of the certificates in the chain in Sterling External Authentication Server. For each certificate, define a separate value, using the seas-sso.EA_TRUSTED_CERT(#) parameter. For example, for the first certificate, configure the parameter, seas-sso.EA_TRUSTED_CERT[1]; for the second certificate, define seas-sso.EA_TRUSTED_CERT[2], until all certificates in the chain are defined in Sterling External Authentication Server. The order you configure the certificates in Sterling External Authentication Server does not have to match the definitions in Sterling B2B Integrator .
Note: Additional fields can be added if you wish to override the defaults shown below:## SEAS-SSO Configuration ## HTTP cookie containing the SSO token seas-sso.SSO_TOKEN_COOKIE=SSOTOKEN ## Maximum time to wait for making EA connections and receiving responses seas-sso.SSO_TIMEOUT=30 seas-sso.SSO_TIMEOUT_UNITS=seconds ## Whether to keep persistent connections to EA seas-sso.PERSISTENT_EA_CONNECTIONS=true ## Maximum number of EA connections seas-sso.MAX_EA_CONNECTIONS=1
- Add the following values to configure single sign-on:
- Save and close the file.
- Stop and restart Sterling File Gateway to use the new values.