Discussions
Categories
Groups
Community Home
Categories
INTERNAL ENABLEMENT
POPULAR
THRUST SERVICES & TOOLS
CLOUD EDITIONS
Quick Links
MY LINKS
HELPFUL TIPS
Back to website
Home
Web CMS (TeamSite)
Single Sign on
bturns
Hello,
Single sign on has come up in our requirements for our new Employee portal. Part of this requirement is that the user authenticates to a central sign on device through the portal and then be allowed to go directly to TeamSite (w/o logging in). I've looked at the OOTB integration with SiteMinder. However, we might possibly develop a solution with Oblix. Has anyone done this type of integration? Are there any pitfalls or caveats? Is it a complex integration?
Thanks,
Brian
Find more posts tagged with
Comments
Phil
Brian,
I was involved with an Oblix integration a few years back and it was a fairly hefty task. The trick is to be able to set the IWAUTH cookie as part of the single sign on process. Managing this cookie is what caused most of the headaches. I believe Content Services has methods that makes generating the IWAUTH cookie easier.
Another thing to consider is the two use case scenarios: one when the user authenticates in the portal and another when the user accesses TeamSite directly and needs to be authenticated. The first scenario was the biggest challenge because one server cannot create a cookie for another server. Therefore, you have to do a lot of redirecting to get the IWAUTH cookie set.
Hope that helps.
Phil
bturns
awesome thanks!
Yes, the Siteminder integration uses Content Services to generate and IWAUTH cookie to pass back to the browser. I am assuming this type of integration can be done regardless of the SSO software. Any thoughts?
CrosstabConditionalHighlight2.rptdesign
HighlightCrosstab.JPG
skip11
Hi,
Our implementation is not really SSO (logging into the client PC gets you TS access). It uses entrust certificates on
the client PC for both test and productive access, and engineering on the UNIX teamsite server (PKI certificates
created with openssl by a CA, and a special password file, some jsp, and perl scripts to allow users with shell
access to the system (shudder) to change thier password to something they know. Otherwise users do not know
their passwords and as long as they are logged into entrust, access to teamsite is granted. We produced a "portal"
approach - the browser presents 5 options for access to 5.5.2: webdesk, webdesk pro, webdeskpro as a
"super ts user", tsadmin gui, and opendeploy admin gui. It was bit work to control the various access, but it works
well and has been ported to 6.1, and 6.5.
Regards,
R.Barger
Credit Suisse Group
Zurich, Switzerland
