0

How to configure DS-auth SSO?

1reply Oldest first
  • Oldest first
  • Newest first
  • Active threads
  • Popular
  • #DSAuth SSO Configuration.
    
    ### Configrations:
    1. Enable SSO login using the tmt command: ```./tmt.sh -u <tenant_name> sso-login-enable true```.
    2. Add the following tag to ```<INCORTA_INSTALLATION_PATH>/server/conf/server.xml``` and the begining of ```<Host>``` tag:
    
    ```
    <Valve
    className="com.incorta.sso.valves.DSAuth"
    appAdminPassword="xxxappAdminPassword"
    appId="xxxId"
    appIdKey="xxxKey"
    logoutURL="http://xxx/dsauth/logout.jsp"
    myacinfo="myacinfo"
    redirectUrl="http://xxx/signin"
    userLoginKey="userName"
    validateUrl="http://xxx/validate"
    LoggingEnabled = "true"
    />
    ```
    ####Set values for the following keys as:
     1. ```appId```: To be used with the “validate” function.
     2. ```appIdKey```: To be used with the “login” function.
     3. ```appAdminPassword```: produced as a result of creating application at DS authentication.
     4. ```redirectUrl```: SSO Url at which user will go through the login scenario.
       1. Absolute Url
       2. Not ended with /
     5. ```validateUrl```: Url of Validating the cookie with DS Authentication Web’s validate function .
     6. ```userLoginKey```: User parameter which will be used as the loginName at incorta.
     7. ```myacinfo```: The kocki key at with DS AUth injects user credentials after user signs in.
     8. ```logoutURL```: absolute url to which user will be resirected after signing out to sign in again.
     9.```LoggingEnabled```:This flag turn on the the valve logging messages. By default it's false which mean the logging is turned off.
     10. ```rv```:
      - For single tenant  add: ```rv = "50"```
      - For multiple tenants, you need to provide rv value for each tenant ```rv = "tenant1=40,tenant2=50"``` and accordingly apple connect team needs to add rv value at apple connect for each tenant.
      - Note that incorta is compatible with both development and production environments you can just remove the rv parameter for server.xml and incorta will send ```baseURL```.
     11. ```skippingAttribute```: If you have another SSO valve befor DSAUth and you had set your remote user and wants the DSAuth to skip and do nothing. User this key to set a request attribute with any value. Accordingly DSAUth will skip and just call nextValve().
    
    ###Coping libraries:
    1. cd ```<INCORTA_INSTALLATION_PATH>/server/lib```
    2. Remove ```incorta-sso.jar``` file.
    3. Copy ```apple-dsauth.jar``` file from inside the ```apple-code.zip``` which is packged with incorta build into the same path.
    
    ###Restart
    Restart incorta by running ```./stop.sh``` then ```./start.sh``` at the root of incorta instllation path.
    
    #Notes:
    1. Make sure that incorta url which user requests from the brwoser includes the tenant name and ends with a slash: ```/!tenant_name/```, like: ```http://www.server.com/incorta/!tenant/```.
    2. For coping ```apple-dsauth.jar``` into ```server/lib```, you need to do this munually every time you update incorta and there are changes related to SSO.
    Like
Like Follow
  • Status Answered
  • 6 mths agoLast active
  • 1Replies
  • 178Views
  • 2 Following

Product Announcement


We are happy to
announce Incorta 4.8 !!!