How we can configure Single Sign-On between a Portal server and a Webtop is what i am trying to bring in today. This Post does not recommend any specific solution, however it provides insight into implementing the Single Sign-on by customizing the Documentum components.
Before we discuss about the Configuration Steps involved ,lets first see What is Single Sign-On :
Single Sign-on is a concept that enables users to be authenticated once and gain access to the resources of multiple software systems. The requirement is to provide the portal user access to Webtop without being asked to submit the credentials.
Approaches to achieve Single Sign-on
- Using third party vendor softwares like Tivoli Access Manager(TAM) & WebSEAL, Netegrity SiteMinder or RSA ClearTrust (from RSA Security)
- Customize Documentum components
Approach A was evaluated, however with requirements conflicting with the version support, approach B was preferred.
In order to achieve the Single Sign-On, user credentials are passed as URL parameters by encrypting the userid & password. The same is decrypted before establishing documentum session. The following steps provide the details in accomplishing the same.
Note: A standard algorithm is used for the encryption/decryption purposes, which however is out of scope.
Steps
A. Documentum Configurations
- Create a property file named DocbaseInfo.properties and add properties “Docbase” & “TargetDomain”. Docbase refers to the docbase to which the user will access through Webtop & TargetDomain is the authentication domain. Add this file to the appropriate folder. (We have used the path as com\
\DocbaseInfo.properties) - Extend the basic behavior of documentum login component.
- Create SSOLogin.java by extending com\documentum\web\formext\session\Login.java
- Override the onInit() method to retrieve the user credentials from the URL and establish documentum session for the user
- call setStartPoint() method after a session is established
Compile the java class and update the classpath.
Figure 1: Pictorial representation of the directory structure used.
- Create custom\login & custom\config folders under webtop\webtop folder. Copy the login_component.xml to custom\config folder. Edit the login_component.xml to include the path for SSOLogin.class & add the following tags:
Copy the login.jsp page available wdk\system\login to webtop\webtop\custom\login folder and customize as per the requirement. Add the path information in the login_component.xml.
The code snippet of login_component.xml after the changes is as follows:
B. Portal Configurations
1. Append the encryption/decryption class to the classpath
2. Create a portlet, retrieve the user-id/password from the form and add the same to session or a cookie
3. Use the encryption algorithm to encrypt the user-id and password and append the same to the URL link calling Webtop. The URL format to be used is as follows:
More Here
Courtesy:http://hkishan.wordpress.com/2010/10/24/single-sign-on-between-portal-and-webtop/