CentraSite SSO with Trusted Reverse Proxy
|
|
- Ira Patrick
- 8 years ago
- Views:
Transcription
1 CentraSite SSO with Trusted Reverse Proxy Introduction Single-sign-on (SSO) via reverse proxy is the preferred SSO method for CentraSite. Due to its flexibility the reverse proxy approach allows to apply various authentication frameworks and methods. To block any un-authenticated access the reverse proxy must not be by-passed. A proper means towards that is to establish a trusted relationship between the reverse proxy and CentraSite. This tutorial describes how the trusted relationship can be established. It applies to CentraSite 9.5.and 9.6. For newer CentraSite versions the configuration procedure is similar but has some differences which are not covered here. Overview The following diagram shows the reverse proxy set-up for the CentraSite SSO. The setup consists of a reverse proxy, a custom authenticator, CentraSite and a user repository. The reverse proxy applies a custom authenticator on the incoming requests. Usually the custom authenticator is a servlet or a servlet filter interacting with a SSO framework. On a successful authentication the servlet adds the authenticated principal to incoming request and forwards it to CentraSite. The forwarded authenticated principal references a user in the user repository. CentraSite applies a simple authentication procedure on the incoming request that just locates the referenced user in the LDAP directory. On a successful authentication CentraSite retrieves user and group information. The LDAP directory accessed by CentraSite can also be used by the custom authenticator, but does not need to. The configuration of the custom authenticator is not addressed within this tutorial, since it depends on the applied SSO solution. Instead the focus here is on the configuration of the reverse proxy to talk to CentraSite and on the CentraSite configuration for validating the forwarded authenticated principals. The reverse proxy configuration also includes the necessary configuration of SSL communication between the reverse proxy and CentraSite. For establishing a trusted relationship between the reverse proxy and CentraSite 2-way SSL authentication is configured. The tutorial also covers the configuration of SSL communication between Web Clients and the reverse proxy. Configuration Procedure The configuration procedure consists of the following steps Reverse proxy configuration CentraSite SSO configuration CentraSite SSL configuration Reverse proxy SSL configuration
2 The procedure establishes the SSO configuration with the trusted reverse proxy in an iterative way. The first 2 steps establish the reverse proxy based configuration. Once the this is working the next 2 steps perform the necessary actions for establishing a trusted relationship between the reverse proxy and CentraSite. Reverse Proxy Configuration The described approach is not restricted to any specific reverse proxy. In this tutorial we show how the Apache Web server can be configured to act as a reverse proxy talking to CentraSite. For supporting SSL (HTTPS) communication an Apache version 2.2 or 2.4 with OpenSSL support is required. In this tutorial we use an Apache 2.2. The Apache configuration needs to be adapted with proper proxy rules to load the proxy modules and to provide the necessary reverse proxy settings. The necessary entries in the Apache httpd.conf look as follows: LoadModule proxy_module modules/mod_proxy.soo LoadModule proxy_http_module modules/mod_proxy_http.so # add proxy ProxyRequests Off <Proxy *> Order deny,allow Allow from all </Proxy> ProxyPreserveHost On ProxyPass /PluggableUI ProxyPassReverse /PluggableUI ProxyPass /CentraSiteReportEngine ProxyPassReverse /CentraSiteReportEngine ProxyPass /CentraSite ProxyPassReverse /CentraSite ProxyPass /BusinessUI ProxyPassReverse /BusinessUI The proxy rules ensure that CentraSite Control and BUI are accessible through the reverse proxy. Therefore the proxy rules re-route the corresponding requests to the CentraSite endpoints. In the routing rules cast-host needs to be replaced with the machine name CentraSite is running on. The reverse proxy configuration can be validated by accessing the CentraSite BusinessUI and CentraSite Control through the reverserse proxy URL. CentraSite SSO Configuration The first step of the CentraSite SSO configuration is to create a configuration for accssing the LDAP directory. Usually the LDAP directory does not allow any anonymous access. Therefore the LDAP configuration must contain a technical user. Instructions for doing this are provided in the tutoral LDAP Configuration Tutorial for CentraSite 9.0. Once the LDAP configuration has been established and verified successfully the CentraSite authentication procedure needs to be configured. CentraSite performs the authentication via jaas. The jaas configuration file can be found in the Software AG installation directory in the folder /prof iles/ctp/configuration/jaas.config. The CentraSite authentication procedure is given by the CentraSite jaas login context. For the validating incoming authenticated principles the configuration looks as follows:
3 CentraSite { /** Try a normal login first before doing SSO */ com.softwareag.security.jaas.login.ssx.ssxloginmodule sufficient uselog="true" options_url=" on=" CreateGroups="false" internalrepository="c:/softwareag/common/conf/users.txt" UseDomainForOptionsURL="true"; /** Stop authentication if the first login module was successful */ com.softwareag.security.jaas.login.ssx.ssxstoploginmodule sufficient; /** Extract user id from HTTP header */ com.softwareag.security.jaas.login.modules.servletheaderloginmodule required httpheaderuser_prop_name="sag_auth" use_as_user_name=true; /** Create principal from user id and fetch information from LDAP */ com.softwareag.security.jaas.login.ssx.ssxloginmodule required useldaptechuser="true" techldapusercredfile="c:/softwareag/credentials/admin.txt" techldapuserkeyfile="c:/softwareag/common/security/ssx_32/etc/alt_keyfile.txt" ignoreldapuserpassword="true" options_url=" on=" UseDomainForOptionsURL="true" CreateGroups="false"; }; The first login module in the CentraSite login context performs a normal login. If this is successful the SSXStopLoginModule stops the authentication. This is necessary to support a login via user name and password. The ServletHeaderLoginModule initiates the SSO by extracting the user information from the HTTP header field SAG_auth. The extracted user id is passed on to the last login module that checks if the user id exists in the LDAP user repository. If it finds the user the authentication is successful and the user related information is extracted from LDAP. Otherwise the authentication fails and the user will prompted for providing user name and password. Once the jaas configuration has beend adapted the SSO can be validated by trying to access CentraSite BusinessUI or CentraSite Control. The CentraSite SSO configuration can be validated by accessing CentraSite directly with a browser that sends an HTTP header holding the id of an LDAP login user defined in CentraSite. When accessing CentraSite Control or BusinessUI with the additional header field the configured user should be automatically logged in. If there is a problem with the jaas configuration the login screen will show up. There are several browser plugins or extensions that allow to add a dedicated header field to the HTTP requests issued by a browser. An example is the ModifyHeaders Chrome extension. For the above example jaas configuration the user id needs to be provided in the HTTP header field SAG_Auth. CentraSite SSL Configuration The CentraSite SSL configuration is established by adapting the HTTPS port configuration. The CentraSite ports are configured via properties files stored in the directory profiles/ctp/configuration/com.softwareag.platform.config.propsloader of the Software AG installation folder. The configuration of the HTTPS port is stored in the properties file com.softwareag.catalina.connector.https.pid-centrasite.properties.the SSL configuration requires a keystore for the server certificate and a truststore that holds the necessary entries for trusting the certificates sent by the reverse proxy. A sample properties file looks as follows
4 enabled=true description=centrasite 9.0 HTTPS maxhttpheadersize=8192 maxthreads=150 minsparethreads=25 maxsparethreads=75 enablelookups=false disableuploadtimeout=true acceptcount=100 SSLEnabled=true scheme=https keystorefile=c:/certs/keystore.jks keystoretype=jks keystorepass= truststorefile=c:/certs/truststore.jks truststoretype=jks truststorepass= clientauth=true algorithm=sunx509 sslprotocol=tls port=53308 secure=true SSLVerifyClient=true The sample configuration references the keystore.jks and the trustore.jks. For activating the client SSL authentication the parameter SSLVerifyCli ent is set to true. It makes sense to verify the CentraSite SSL configuration by accessing CentraSite directly with a browser. If your browser is not aware of any certificates configured in CentraSite it should raise SSL errors when accessing CentraSite directly. When the client certificate is missing the browser shows a client authentication related error (e.g. ERR_BAD_SSL_CLIENT_AUTH_CERT). The browser will not be able to access CentraSite without the correct client certificate. When the server certificate is missing the browser does not trust CentraSite. To fix the SSL problems the client certificate and the server certificate need to be imported into the browser. There are several tutorials on the Web explaining how to do that (e.g. When the certificates are in place the CentraSite Control and BusinessUI can be accessed without any SSL problems. Reverse Proxy SSL Configuration The next steps is to enhance the SSL proxy configuration rules to use SSL for communicating to CentraSite.
5 LoadModule proxy_module modules/mod_proxy.soo LoadModule proxy_http_module modules/mod_proxy_http.so LoadModule ssl_module modules/mod_ssl.so # add proxy ProxyRequests Off <Proxy *> Order deny,allow Allow from all </Proxy> SSLProxyEngine On SSLProxyMachineCertificateFile c:/certs/all.pem ProxyPreserveHost On ProxyPass /PluggableUI ProxyPassReverse /PluggableUI ProxyPass /CentraSiteReportEngine ProxyPassReverse /CentraSiteReportEngine ProxyPass /CentraSite ProxyPassReverse /CentraSite ProxyPass /BusinessUI ProxyPassReverse /BusinessUI As shown by the above sample the SSL module is required. Moreover the SSLProxyEngine is activated and the SSLProxyMachineCertificateF ile configuration parameter points to a pem file. The pem file holds the key pair for the client certificate of the reverse proxy and the certificated sent by CentraSite. The proxy rules references the https protocol and the CentraSite HTTPS port. The final configuration step can be verified by accessing CentraSite Control and BusinessUI through the reverse proxy. Further Configurations If the HTTPS protocol is used between the reverse proxy and CentraSite, the same should be used for the communication between the Web Clients and the reverse proxy. It makes sense to add a SSL VirtualHost to the Apache configuration for the client communication. The proxy settings described in the previous sections can be moved to the VirtualHost configuration. Sample descriptions of an Apache SSL configurations can be found on the Web After the SSL communication is configured on the reverse proxy the Web clients have to trust the certificate provided by the reverse proxy. This can be achieved to add the necessary entries into the truststore of the Web clients. Assuming the reverse proxy provide a self signed certificate, this certificate can be added. Unfortunately the Apache is not forwarding the HTTPS protocol correctly. Therefore the protocol needs to be sent in a separate HTTP header field to be correctly picked up by CentraSite. The Apache configuration needs to be changed for adding the header field X-Forwarded-Proto to any incoming HTTPS request. For adding HTTP header fields the headers_module is required, which can be activated by un-commenting the following line in the Apache httpd.conf. LoadModule headers_module modules/mod_headers.so With the activated headers_module the X-Forwarded-Proto can be added to incoming requests with the following line in the the SSL VirtualHost.
6 RequestHeader set X-Forwarded-Proto "https" For eanbling the SSL communication the CentraSite report engine configuration has to be changed. Here the base_url parameter in the file "/CentraSite/cast/cswebapps/CentraSiteReportEngine/WEB-INF/viewer.properties" needs to be set to an empty value. This means the configuration file must hold the following line: # configurable variable for JSP base href. Please uncomment the below line. base_url= The trusted relationship between CentraSite and the reverse proxy can be established without using HTTPS between Web Clients and the reverse proxy. Not using HTTPS communication here, results in session handling problems in the CentraSite BUI. These problems are caused by secure HTTP session cookies sent by CentraSite BUI. Secure cookies can't be used when communicating over HTTP. The easiest way to solve the problem is to configure Apache to remove the secure flag from the session cookies. The according entry in the Apache httpd.conf looks as follows. Header edit "Set-Cookie: JSESSIONID=" Secure " "
How to setup HTTP & HTTPS Load balancer for Mediator
How to setup HTTP & HTTPS Load balancer for Mediator Setting up the Apache HTTP Load Balancer for Mediator This guide would help you to setup mediator product to run via the Apache Load Balancer in HTTP
More informationHP ALM. Software Version: 12.50. External Authentication Configuration Guide
HP ALM Software Version: 12.50 External Authentication Configuration Guide Document Release Date: December 2015 Software Release Date: December 2015 Legal Notices Warranty The only warranties for HP products
More informationHow-to-Guide: Apache as Reverse Proxy for Fiori Applications
How-to-Guide: Apache as Reverse Proxy for Fiori Applications Active Global Support North America Document History: Document Version Authored By Description 1.0 Kiran Kola Architect Engineer 2 www.sap.com
More informationSITEMINDER SSO FOR EMC DOCUMENTUM REST
SITEMINDER SSO FOR EMC DOCUMENTUM REST ABSTRACT This white paper provides a detailed review of SiteMinder SSO integration with EMC Documentum REST Services by exploring the architecture,consumption workflow,
More informationInstalling Apache as an HTTP Proxy to the local port of the Secure Agent s Process Server
Installing Apache as an HTTP Proxy to the local port of the Secure Agent s Process Server Technical Note Dated: 23 June 2015 Page 1 of 8 Overview This document describes how by installing an Apache HTTP
More informationPROXY SETUP WITH IIS USING URL REWRITE, APPLICATION REQUEST ROUTING AND WEB FARM FRAMEWORK OR APACHE HTTP SERVER FOR EMC DOCUMENTUM EROOM
White Paper PROXY SETUP WITH IIS USING URL REWRITE, APPLICATION REQUEST ROUTING AND WEB FARM FRAMEWORK OR APACHE HTTP SERVER FOR EMC DOCUMENTUM EROOM Abstract This white paper explains how to setup Proxy
More informationConfiguring Remote HANA System Connection for SAP Cloud for Analytics via Apache HTTP Server as Reverse Proxy
Configuring Remote HANA System Connection for SAP Cloud for Analytics via Apache HTTP Server as Reverse Proxy Author: Gopal Baddela, Senior BI Architect Archius Copyright Archius 2016 1 Table of Contents
More informationCERTIFICATE-BASED SINGLE SIGN-ON FOR EMC MY DOCUMENTUM FOR MICROSOFT OUTLOOK USING CA SITEMINDER
White Paper CERTIFICATE-BASED SINGLE SIGN-ON FOR EMC MY DOCUMENTUM FOR MICROSOFT OUTLOOK USING CA SITEMINDER Abstract This white paper explains the process of integrating CA SiteMinder with My Documentum
More informationConfiguring Single Sign-On for Documentum Applications with RSA Access Manager Product Suite. Abstract
Configuring Single Sign-On for Documentum Applications with RSA Access Manager Product Suite Abstract This white paper outlines the deployment and configuration of a Single Sign-On solution for EMC Documentum
More informationHow-to-Guide: Reverse Proxy and Load Balancing for SAP Mobile Platform 3.X
How-to-Guide: Reverse Proxy and Load Balancing for SAP Mobile Platform 3.X Active Global Support North America Document History: Document Version Authored By Description 1.0 Kiran Kola Architect Engineer
More information1. Introduction 2. Getting Started 3. Scenario 1 - Non-Replicated Cluster 4. Scenario 2 - Replicated Cluster 5. Conclusion
1. Introduction... 1 1.1. Non-Replicated Cluster... 1 1.2. Replicated Cluster... 2 1.3. Mixing Both Options... 3 2. Getting Started... 5 3. Scenario 1 - Non-Replicated Cluster... 6 3.1. JOSSO Agent Configuration...
More informationxcp Application Deployment On Tomcat Cluster
xcp Application Deployment On Tomcat Cluster Abstract This white paper explains how to install and configure tomcat cluster to support High Availability and Load Balancing and enable one way SSL with xcp.
More informationWhite Paper DEPLOYING WDK APPLICATIONS ON WEBLOGIC AND APACHE WEBSERVER CLUSTER CONFIGURED FOR HIGH AVAILABILITY AND LOAD BALANCE
White Paper DEPLOYING WDK APPLICATIONS ON WEBLOGIC AND APACHE WEBSERVER CLUSTER CONFIGURED FOR HIGH AVAILABILITY AND LOAD BALANCE Abstract This White Paper provides information to deploy WDK based applications
More informationConfigure Security for SAP Mobile Platform (MP5)
Building Block Guide SAP Mobile Platform 3.0 June 2015 English Typographic Conventions Type Style Example Example EXAMPLE Example Example EXAMPLE Description Words or characters quoted from the
More information2013 IBM SINGLE SIGN-ON WITH CA SITEMINDER FOR SAMPLE WEB APPLICATION
2013 IBM SINGLE SIGN-ON WITH CA SITEMINDER FOR SAMPLE WEB APPLICATION Santosh Manakdass & Syed Moinudeen This article describes how to configure any Web Application for Single Sign-On with SiteMinder.
More informationExample Apache Server Installation for Centricity Electronic Medical Record browser & mobile access
GE Healthcare Introduction Example Apache Server Installation for Centricity Electronic Medical Record rowser & moile access These instructions descrie how to install and configure an Apache server to
More informationDEPLOYMENT GUIDE Version 1.0. Deploying the BIG-IP LTM with Apache Tomcat and Apache HTTP Server
DEPLOYMENT GUIDE Version 1.0 Deploying the BIG-IP LTM with Apache Tomcat and Apache HTTP Server Table of Contents Table of Contents Deploying the BIG-IP LTM with Tomcat application servers and Apache web
More informationSetting Up B2B Data Exchange for High Availability in an Active/Active Configuration
Setting Up B2B Data Exchange for High Availability in an Active/Active Configuration 2010 Informatica Abstract This document explains how to install multiple copies of B2B Data Exchange on a single computer.
More informationTIBCO Spotfire Platform IT Brief
Platform IT Brief This IT brief outlines features of the system: Communication security, load balancing and failover, authentication options, and recommended practices for licenses and access. It primarily
More informationHP Business Service Management
HP Business Service Management for the Windows and Linux operating systems Software Version: 9.13 Hardening Guide Document Release Date: May 2012 Software Release Date: May 2012 Legal Notices Warranty
More informationHP Business Service Management
HP Business Service Management for the Windows and Linux operating systems Software Version: 9.10 Hardening Guide Document Release Date: August 2011 Software Release Date: August 2011 Legal Notices Warranty
More informationAgenda. How to configure
dlaw@esri.com Agenda Strongly Recommend: Knowledge of ArcGIS Server and Portal for ArcGIS Security in the context of ArcGIS Server/Portal for ArcGIS Access Authentication Authorization: securing web services
More informationHP Cloud Service Automation Deployment Architectures
Technical white paper HP Cloud Service Automation Deployment Architectures Details of the content Table of contents Purpose... 2 Enterprise Deployment... 2 All-in-One CSA... 3 All-in-One CSA with remote
More informationEQUELLA. Clustering Configuration Guide. Version 6.2
EQUELLA Clustering Configuration Guide Version 6.2 Document History Document No. Reviewed Finalised Published 1 18/03/2014 18/03/2014 18/03/2014 March 2014 edition. Information in this document may change
More informationIUCLID 5 Guidance and Support
IUCLID 5 Guidance and Support Web Service Installation Guide July 2012 v 2.4 July 2012 1/11 Table of Contents 1. Introduction 3 1.1. Important notes 3 1.2. Prerequisites 3 1.3. Installation files 4 2.
More informationSchoolBooking SSO Integration Guide
SchoolBooking SSO Integration Guide Before you start This guide has been written to help you configure SchoolBooking to operate with SSO (Single Sign on) Please treat this document as a reference guide,
More informationSetting up an Apache Server in Conjunction with the SAP Sybase OData Server
Setting up an Apache Server in Conjunction with the SAP Sybase OData Server PRINCIPAL AUTHOR Adam Hurst Philippe Bertrand adam.hurst@sap.com philippe.bertrand@sap.com REVISION HISTORY Version 1.0 - June
More informationesync - Receiving data over HTTPS
esync - Receiving data over HTTPS 1 Introduction Natively, the data transfer between ewon and esync is done over an HTTP link. However when esync is hosted on Internet, security must be taken in account
More informationDISTRIBUTED CONTENT SSL CONFIGURATION AND TROUBLESHOOTING GUIDE
White Paper Abstract This white paper explains the configuration of Distributed Content (ACS, BOCS and DMS) in SSL mode and monitors the logs for content transfer operations. This guide describes the end-to-end
More informationConfiguring ActiveVOS Identity Service Using LDAP
Configuring ActiveVOS Identity Service Using LDAP Overview The ActiveVOS Identity Service can be set up to use LDAP based authentication and authorization. With this type of identity service, users and
More informationNetIQ Access Manager 4.1
White Paper NetIQ Access Manager 4.1 Performance and Sizing Guidelines Performance, Reliability, and Scalability Testing Revisions This table outlines all the changes that have been made to this document
More informationUse Enterprise SSO as the Credential Server for Protected Sites
Webthority HOW TO Use Enterprise SSO as the Credential Server for Protected Sites This document describes how to integrate Webthority with Enterprise SSO version 8.0.2 or 8.0.3. Webthority can be configured
More informationSetting Up SSL From Client to Web Server and Plugin to WAS
IBM Software Group Setting Up SSL From Client to Web Server and Plugin to WAS Harold Fanning (hfanning@us.ibm.com) WebSphere L2 Support 12 December 2012 Agenda Secure Socket Layer (SSL) from a Client to
More informationDeploying RSA ClearTrust with the FirePass controller
Deployment Guide Deploying RSA ClearTrust with the FirePass Controller Deploying RSA ClearTrust with the FirePass controller Welcome to the FirePass RSA ClearTrust Deployment Guide. This guide shows you
More informationInstalling Rails 2.3 Under Windows XP and Apache 2.2
Installing Rails 2.3 Under Windows XP and Apache 2.2 Scott Taylor Tailor Made Software August 9, 2011 Version 1.0 1.0 Introduction Ruby On Rails (aka just Rails ) is a modern scripting system that allows
More informationOracle9i Application Server: Options for Running Active Server Pages. An Oracle White Paper July 2001
Oracle9i Application Server: Options for Running Active Server Pages An Oracle White Paper July 2001 Oracle9i Application Server: Options for Running Active Server Pages PROBLEM SUMMARY...3 INTRODUCTION...3
More informationAuthentication Methods
Authentication Methods Overview In addition to the OU Campus-managed authentication system, OU Campus supports LDAP, CAS, and Shibboleth authentication methods. LDAP users can be configured through the
More informationSpectrum Technology Platform Version 8.0.0. Tutorial: Load Balancing Spectrum Spatial Services. Contents:
Spectrum Technology Platform Version 8.0.0 Tutorial: Load Balancing Spectrum Spatial Services UNITED STATES www.pb.com/software Technical Support: www.pbinsight.com/support CANADA www.pb.com/software Technical
More informationIntegration Guide. SafeNet Authentication Service. Oracle Secure Desktop Using SAS RADIUS OTP Authentication
SafeNet Authentication Service Integration Guide Oracle Secure Desktop Using SAS RADIUS OTP Authentication Technical Manual Template Release 1.0, PN: 000-000000-000, Rev. A, March 2013, Copyright 2013
More informationLotus Sametime. FIPS Support for IBM Lotus Sametime 8.0. Version 8.0 SC23-8760-00
Lotus Sametime Version 8.0 FIPS Support for IBM Lotus Sametime 8.0 SC23-8760-00 Disclaimer THE INFORMATION CONTAINED IN THIS DOCUMENTATION IS PROVIDED FOR INFORMATIONAL PURPOSES ONLY. WHILE EFFORTS WERE
More informationPerceptive Experience Single Sign-On Solutions
Perceptive Experience Single Sign-On Solutions Technical Guide Version: 2.x Written by: Product Knowledge, R&D Date: January 2016 2016 Lexmark International Technology, S.A. All rights reserved. Lexmark
More informationVersion 1.0 January 2011. Xerox Phaser 3635MFP Extensible Interface Platform
Version 1.0 January 2011 Xerox Phaser 3635MFP 2011 Xerox Corporation. XEROX and XEROX and Design are trademarks of Xerox Corporation in the United States and/or other countries. Changes are periodically
More informationTROUBLESHOOTING RSA ACCESS MANAGER SINGLE SIGN-ON FOR WEB-BASED APPLICATIONS
White Paper TROUBLESHOOTING RSA ACCESS MANAGER SINGLE SIGN-ON FOR WEB-BASED APPLICATIONS Abstract This white paper explains how to diagnose and troubleshoot issues in the RSA Access Manager single sign-on
More informationEnabling Single-Sign-On between IBM Cognos 8 BI and IBM WebSphere Portal
Guideline Enabling Single-Sign-On between IBM Cognos 8 BI and IBM WebSphere Portal Product(s): IBM Cognos 8 BI Area of Interest: Security Copyright Copyright 2008 Cognos ULC (formerly Cognos Incorporated).
More informationConfiguring Apache HTTP Server as a Reverse Proxy Server for SAS 9.2 Web Applications Deployed on BEA WebLogic Server 9.2
Configuration Guide Configuring Apache HTTP Server as a Reverse Proxy Server for SAS 9.2 Web Applications Deployed on BEA WebLogic Server 9.2 This document describes how to configure Apache HTTP Server
More informationFederated Access to an HTTP Web Service Using Apache (WSTIERIA Project Technical Note 1)
(WSTIERIA Project Technical Note 1) 1 Background 12/04/2010, Version 0 One of the outputs of the SEE-GEO project was façade code to sit in front of an HTTP web service, intercept client requests, and check
More informationU S E R D O C U M E N TA T I O N ( A L E P H I N O
U S E R D O C U M E N TA T I O N ( A L E P H I N O 5. 0 ) Single-Sign-On Alephino Version 5.0 1/9 last updated: 17/09/2014 Table of contents 1 Mode of operation...3 2 Configuration examples with the Apache
More informationUsing Kerberos tickets for true Single Sign On
Using Kerberos tickets for true Single Sign On Table of Contents Introduction This document details the reasoning for, configuration of and experiences from the initial setup of Kerberos tickets for SSO
More informationSSL CONFIGURATION GUIDE
HYPERION RELEASE 9.3.1 SSL CONFIGURATION GUIDE CONTENTS IN BRIEF About This Document... 2 Assumptions... 2 Information Sources... 2 Identifying SSL Points for Hyperion Products... 4 Common Activities...
More informationAA enabling a closed source legacy application
AA enabling a closed source legacy application Jan Du Caju ICT security officer K.U.Leuven Belgium AA enabling a closed source legacy application Introduction: context association K.U.Leuven Case: AA enabling
More informationEnterprise SSL Support
01 Enterprise SSL Support This document describes the setup of SSL (Secure Sockets Layer) over HTTP for Enterprise clients, servers and integrations. 1. Overview Since the release of Enterprise version
More informationConfiguration Worksheets for Oracle WebCenter Ensemble 10.3
Configuration Worksheets for Oracle WebCenter Ensemble 10.3 This document contains worksheets for installing and configuring Oracle WebCenter Ensemble 10.3. Print this document and use it to gather the
More informationReverse Proxy Scenarios for Single Sign-On
Sterling Secure Proxy Reerse Proxy Scenarios for Single Sign-On Version 3.4 Sterling Secure Proxy Reerse Proxy Scenarios for Single Sign-On Version 3.4 Note Before using this information and the product
More informationRelease Notes Date: September 2013
Release Notes Date: September 2013 All rights reserved. No part of this document may be reproduced or transmitted in any form or by any means, or stored in any retrieval system of any nature without the
More informationProject (Group) Management Installation Guide (Linux) Version 1.3. Copyright 2007 MGH
Project (Group) Management Installation Guide (Linux) Version 1.3 Copyright 2007 MGH Table of Contents About this Guide iii Document Version History iii Prerequisites 1 Required Software 1 Install 4 Installing
More informationTechnical specification
Technical specification Load balancing configuration Koaly EXP Page : 1 / 8 Table of contents Introduction... 3 I.Overview... 3 II.The Apache load balancer... 3 III.Limitations... 3 Prerequisites... 4
More informationDeploying the BIG-IP System v10 with Oracle Application Server 10g R2
DEPLOYMENT GUIDE Deploying the BIG-IP System v10 with Oracle Application Server 10g R2 Version 1.1 Table of Contents Table of Contents Deploying the BIG-IP system v10 with Oracle s Application Server 10g
More informationSecuritySpy Setting Up SecuritySpy Over SSL
SecuritySpy Setting Up SecuritySpy Over SSL Secure Sockets Layer (SSL) is a cryptographic protocol that provides secure communications on the internet. It uses two keys to encrypt data: a public key and
More informationEnabling Single-Sign-On on WebSphere Portal in IBM Cognos ReportNet
Guideline Enabling Single-Sign-On on WebSphere Portal in IBM Cognos ReportNet Product(s): IBM Cognos ReportNet Area of Interest: Security 2 Copyright Copyright 2008 Cognos ULC (formerly Cognos Incorporated).
More informationDEPLOYMENT GUIDE Version 1.1. Deploying F5 with Oracle Application Server 10g
DEPLOYMENT GUIDE Version 1.1 Deploying F5 with Oracle Application Server 10g Table of Contents Table of Contents Introducing the F5 and Oracle 10g configuration Prerequisites and configuration notes...1-1
More informationThe JBoss 4 Application Server Web Developer Reference
The JBoss 4 Application Server Web Developer Reference JBoss AS 4.0.5 Release 2 Copyright 2006 JBoss, Inc. Table of Contents 1. The Tomcat Service...1 2. The server.xml file...3 2.1. The Connector element...3
More informationEnabling SSO between Cognos 8 and WebSphere Portal
Guideline Enabling SSO between Cognos 8 and WebSphere Portal Product(s): Cognos 8 Area of Interest: Security Enabling SSO between Cognos 8 and WebSphere Portal 2 Copyright Your use of this document is
More informationConfiguring Apache HTTP Server as a Reverse Proxy Server for SAS 9.3 Web Applications Deployed on Oracle WebLogic Server
Configuration Guide Configuring Apache HTTP Server as a Reverse Proxy Server for SAS 9.3 Web Applications Deployed on Oracle WebLogic Server This document describes how to configure Apache HTTP Server
More informationThis document uses the following conventions for items that may need to be modified:
Contents Overview... 3 Purpose of this Document... 3 Conventions Used in this Document... 3 Before You Begin... 3 Setting Up HTTPS... 5 Creating a Certificate... 5 Configuring Contract Management to Use
More informationInterstage Application Server V7.0 Single Sign-on Operator's Guide
Interstage Application Server V7.0 Single Sign-on Operator's Guide Single Sign-on Operator's Guide - Preface Trademarks Trademarks of other companies are used in this user guide only to identify particular
More informationRunning Multiple Shibboleth IdP Instances on a Single Host
CESNET Technical Report 6/2013 Running Multiple Shibboleth IdP Instances on a Single Host IVAN NOVAKOV Received 10.12.2013 Abstract The article describes a way how multiple Shibboleth IdP instances may
More information1 of 24 7/26/2011 2:48 PM
1 of 24 7/26/2011 2:48 PM Home Community Articles Product Documentation Learning Center Community Articles Advanced Search Home > Deployments > Scenario 3: Setting up SiteMinder Single Sign-On (SSO) with
More informationINTEGRATE SALESFORCE.COM SINGLE SIGN-ON WITH THIRD-PARTY SINGLE SIGN-ON USING SENTRY A GUIDE TO SUCCESSFUL USE CASE
INTEGRATE SALESFORCE.COM SINGLE SIGN-ON WITH THIRD-PARTY SINGLE SIGN-ON USING SENTRY A GUIDE TO SUCCESSFUL USE CASE Legal Marks No portion of this document may be reproduced or copied in any form, or by
More informationUsing LDAP Authentication in a PowerCenter Domain
Using LDAP Authentication in a PowerCenter Domain 2008 Informatica Corporation Overview LDAP user accounts can access PowerCenter applications. To provide LDAP user accounts access to the PowerCenter applications,
More informationTo install and configure SSL support on Tomcat 6, you need to follow these simple steps. For more information, read the rest of this HOW-TO.
pagina 1 van 6 Apache Tomcat 6.0 Apache Tomcat 6.0 SSL Configuration HOW-TO Table of Contents Quick Start Introduction to SSL SSL and Tomcat Certificates General Tips on Running SSL Configuration 1. Prepare
More informationIntegrating IBM Cognos 8 BI with 3rd Party Auhtentication Proxies
Guideline Integrating IBM Cognos 8 BI with 3rd Party Auhtentication Proxies Product(s): IBM Cognos 8 BI Area of Interest: Security Integrating IBM Cognos 8 BI with 3rd Party Auhtentication Proxies 2 Copyright
More informationApache SSL Certificate Deployment Guide
Apache SSL Certificate Deployment Guide 沃 通 电 子 认 证 服 务 有 限 公 司 WoSignCA Limited All Rights Reserved Content 1.The environment for installing the SSL certificate... 3 1.1 Brief introduction of SSL certificate
More informationADFS Integration Guidelines
ADFS Integration Guidelines Version 1.6 updated March 13 th 2014 Table of contents About This Guide 3 Requirements 3 Part 1 Configure Marcombox in the ADFS Environment 4 Part 2 Add Relying Party in ADFS
More informationFileCloud Security FAQ
is currently used by many large organizations including banks, health care organizations, educational institutions and government agencies. Thousands of organizations rely on File- Cloud for their file
More informationTechnical specification
Technical specification SSL certificate installation Koaly EXP Page : 1 / 20 Copyright 2005-2015 - Title Client Project Type Language SSL certificate installation Koaly EXP Technical specification EN Information
More informationSSO Plugin. Release notes. J System Solutions. http://www.javasystemsolutions.com Version 3.6
SSO Plugin Release notes J System Solutions Version 3.6 JSS SSO Plugin v3.6 Release notes What's new... 3 Improved Integrated Windows Authentication... 3 BMC ITSM self service... 3 Improved BMC ITSM Incident
More informationTenrox. Single Sign-On (SSO) Setup Guide. January, 2012. 2012 Tenrox. All rights reserved.
Tenrox Single Sign-On (SSO) Setup Guide January, 2012 2012 Tenrox. All rights reserved. About this Guide This guide provides a high-level technical overview of the Tenrox Single Sign-On (SSO) architecture,
More informationContent. Global Delivery Network: Folders
An alternative to using translated domains, is to host your translations in folders. I.e. www.mycompanysite.com/ language When hosting your translation in a sub-folder, the traffic will need to be split
More informationConfiguring IBM HTTP Server as a Reverse Proxy Server for SAS 9.3 Web Applications Deployed on IBM WebSphere Application Server
Configuration Guide Configuring IBM HTTP Server as a Reverse Proxy Server for SAS 9.3 Web Applications Deployed on IBM WebSphere Application Server This document is revised for SAS 9.3. In previous versions
More informationShoreTel Advanced Applications Web Utilities
INSTALLATION & USER GUIDE ShoreTel Advanced Applications Web Utilities ShoreTel Advanced Applications Introduction The ShoreTel Advanced Application Web Utilities provides ShoreTel User authentication
More informationWhat is the Barracuda SSL VPN Server Agent?
The standard communication model for outgoing calls is for the appliance to simply make a direct connection to the destination host. This paradigm does not suit all business needs. The Barracuda SSL VPN
More informationConfiguring the JBoss Application Server for Secure Sockets Layer and Client-Certificate Authentication on SAS 9.3 Enterprise BI Server Web
Configuring the JBoss Application Server for Secure Sockets Layer and Client-Certificate Authentication on SAS 9.3 Enterprise BI Server Web Applications Configuring SSL and Client-Certificate Authentication
More informationConfiguration Guide. BES12 Cloud
Configuration Guide BES12 Cloud Published: 2016-04-08 SWD-20160408113328879 Contents About this guide... 6 Getting started... 7 Configuring BES12 for the first time...7 Administrator permissions you need
More informationSecuring Splunk with Single Sign On & SAML
Copyright 2015 Splunk Inc. Securing Splunk with Single Sign On & SAML Nachiket Mistry Sr. So=ware Engineer, Splunk Rama Gopalan Sr. So=ware Engineer, Splunk Disclaimer During the course of this presentajon,
More informationSAP Certified Technology Professional - Security with SAP NetWeaver 7.0. Title : Version : Demo. The safer, easier way to help you pass any IT exams.
Exam : P_ADM_SEC_70 Title : SAP Certified Technology Professional - Security with SAP NetWeaver 7.0 Version : Demo 1 / 5 1.Which of the following statements regarding SSO and SAP Logon Tickets are true?
More informationCA Performance Center
CA Performance Center Single Sign-On User Guide 2.4 This Documentation, which includes embedded help systems and electronically distributed materials, (hereinafter referred to as the Documentation ) is
More informationesoc SSA DC-I Part 1 - Single Sign-On and Access Management ICD
esoc European Space Operations Centre Robert-Bosch-Strasse 5 64293 Darmstadt Germany Tel: (49)615190-0 Fax: (49)615190485 www.esa.int SSA DC-I Part 1 - Single Sign-On and Access Management ICD Prepared
More informationChapter 1: How to Configure Certificate-Based Authentication
Chapter 1: How to Configure Certificate-Based Authentication Introduction Product: CA ControlMinder Release: All OS: All This scenario describes how a system or a CA ControlMinder administrator configures
More informationForward proxy server vs reverse proxy server
Using a reverse proxy server for TAD4D/LMT Intended audience The intended recipient of this document is a TAD4D/LMT administrator and the staff responsible for the configuration of TAD4D/LMT agents. Purpose
More informationUser s guide. APACHE 2.0 + SSL Linux. Using non-qualified certificates with APACHE 2.0 + SSL Linux. version 1.3 UNIZETO TECHNOLOGIES S.A.
User s guide APACHE 2.0 + SSL Linux Using non-qualified certificates with APACHE 2.0 + SSL Linux version 1.3 Table of contents 1. PREFACE... 3 2. GENERATING CERTIFICATE... 3 2.1. GENERATING REQUEST FOR
More informationLoad Balancing. Outlook Web Access. Web Mail Using Equalizer
Load Balancing Outlook Web Access Web Mail Using Equalizer Copyright 2009 Coyote Point Systems, Inc. Printed in the USA. Publication Date: January 2009 Equalizer is a trademark of Coyote Point Systems
More informationCopyright 2013 Consona Corporation. All rights reserved www.compiere.com
COMPIERE 3.8.1 SOAP FRAMEWORK Copyright 2013 Consona Corporation. All rights reserved www.compiere.com Table of Contents Compiere SOAP API... 3 Accessing Compiere SOAP... 3 Generate Java Compiere SOAP
More informationApache and Apache-ssl Proxy setup to Paradox Web Server OCX for Internet Enabled Databases by Dennis Santoro Getting Started:
Apache and Apache-ssl Proxy setup to Paradox Web Server OCX for Internet Enabled Databases by Dennis Santoro Copyright 2000, by Dennis Santoro. All rights reserved. Please see use restrictions at the end
More informationSetup Guide Access Manager 3.2 SP3
Setup Guide Access Manager 3.2 SP3 August 2014 www.netiq.com/documentation Legal Notice THIS DOCUMENT AND THE SOFTWARE DESCRIBED IN THIS DOCUMENT ARE FURNISHED UNDER AND ARE SUBJECT TO THE TERMS OF A LICENSE
More informationEMC Clinical Archiving
EMC Clinical Archiving Version 1.7 Installation Guide EMC Corporation Corporate Headquarters Hopkinton, MA 01748-9103 1-508-435-1000 www.emc.com Legal Notice Copyright 2014-2015 EMC Corporation. All Rights
More informationSecuring the OpenAdmin Tool for Informix web server with HTTPS
Securing the OpenAdmin Tool for Informix web server with HTTPS Introduction You can use HTTPS to protect the IBM OpenAdmin Tool (OAT) for Informix web server from eavesdropping, tampering, and message
More informationSingle Sign-on (SSO) technologies for the Domino Web Server
Single Sign-on (SSO) technologies for the Domino Web Server Jane Marcus December 7, 2011 2011 IBM Corporation Welcome Participant Passcode: 4297643 2011 IBM Corporation 2 Agenda USA Toll Free (866) 803-2145
More information