Configuring IBM TRIRIGA with SSO

If you have a web server that is set up with single sign-on authentication, you can determine whether those credentials can be used to sign on to IBM TRIRIGA.

Procedure

  1. Configure your web server for reverse proxy access to the application server. For configuration details, see the documentation that is provided by your application server provider.
  2. After the web server and application server are communicating by using reverse proxy, enter the following URL in your web browser: http://web_server/context_path/html/en/default/admin/requestTest.jsp.
    The web page shows the HTTP headers that are passed from the web server to the application server.
  3. On the application server, set the properties in the TRIRIGAWEB.properties file based on the SSO variables that are returned at the URL. By default, the TRIRIGAWEB.properties file is in the Tririga/config folder.
    If... Then, set the following properties.
    The results show Remote User set with the login.

    SSO=Y

    SSO_REMOTE_USER=Y

    Set all other SSO properties to N.

    The results show UserPrincipal set with the login.

    SSO=Y

    SSO_USER_PRINCIPAL=Y

    Set all other SSO properties to N.

    If the results show user name on a header, make note of the header name, for example, OTHER_SSO_USER_NAME.

    SSO=Y

    SSO_REQUEST_ATTRIBUTE_NAME= OTHER_SSO_USER_NAME

    Set all other SSO properties to N.

  4. Restart the application server so that the changes take effect.