Configuring Single Sign-on

When the following conditions are met, you can use SSO to access a DivePort Area from DiveTab:

  • The target DivePort instances are setup for SSO.
  • The DiveTab server is configured to use the SSO key for the target DivePorts.

When thus configured, a DivePort link in a DiveTab script directs DiveTab to run a URL that contains a one-time username and password to accomplish the single sign-on. Similarly, a DiveTab link in a DivePort instance runs a URL that can accomplish single sign-on.

NOTE: The following procedures require direct access to the servers. SSO requires that you have the same username on each site.

With SSO for DivePort, users do not need to re-enter credentials when accessed from another application. The DivePort SSO key is stored in the XML context file that describes the installation of DivePort to the Java WAS, typically Apache Tomcat. The XML context file is the same file that is used to indicate the DiveLine server and other paths for DI software.

The following examples show the content of the DivePort XML context file for Windows and UNIX.

For example, on Windows:

<Context docBase="C:\DI\Solution\webapps\diveport70\diveport.war" unpackWAR="false" sessionCookiePathUsesTrailingSlash="false">

<Parameter name="dataroot" value="C:\DI\Solution\webdata\diveport7011" />

<Parameter name="approot" value="C:\DI\Solution\webapps\diveport7011" />

<Parameter name="diveline.server" value="Ginny-T440p:7000" />

<Parameter name="diveline.admin-username" value="admin" />

</Context>

On UNIX:

<Context sessionCookiePathUsesTrailingSlash="false" docBase="/di/solution/webapps/DivePort/diveport-64.war" unpackWAR="false">

<Parameter name="diveport.approot" value="/di/solution/webapps/DivePort"/>

<Parameter name="diveline.server" value="my-server.example.com"/>

<Parameter name="diveport.dataroot" value="/di/solution/webdata/DivePort/>

<Parameter name="diveline.admin-username" value="_Admin"/>

<Parameter name="sso.key" value="abc123defghijk456lmnop7890qrstuvwxyz"/>

</Context>

The sso.key Parameter is not present by default.

To add an SSO key:

  1. On the DivePort server, locate the XML context file, usually at (on Windows):

    C:\Program Files\Apache Software Foundation\Tomcat 7.0\conf\Catalina\<hostname>\<diveport>.xml

  2. Edit the XML context file, inserting a line for the SSO key parameter. For example:

    <Parameter name="sso.key" value="XXX"/>

  3. Create a random string for the key value (replacing XXX in the line above) using at least 32 letters and numbers.

    This string value is what you need to place in the SSO key file on the DiveTab server.

  4. Save the XML file, and restart the DivePort.

Links to a DivePort instance from a DiveTab application automatically attempt to negotiate SSO with the target DivePort instance. If both the DivePort instance and the DiveTab are configured for SSO, the user is not prompted again for a username and password.

To configure a DiveTab for SSO:

  1. Make sure that the target DivePort instance is configured as described in Configuring DivePort for Single Sign-on .

  2. On the DiveTab server, create a directory named sso-keys in the DivePort webdata directory.

    For example, C:\DI\Solution\webdata\mydivetab\sso-keys.

  3. In the sso-keys directory, create a file with a name that suggests where the key came from.

    For example, HC_demo.key.

  4. Paste into this new file a copy of the sso.key value string from the target DivePort XML context file.

    See also Step 3 of Configuring DivePort for Single Sign-on.

  5. Save the key file.
  6. Repeat Steps 3 to 4 for each DivePort that the DiveTab application links to.

NOTE: You can visit different DivePort instances from a DiveTab application, and each DivePort instance can be configured for SSO. If SSO is not configured for the DivePort instance, DivePort displays a Logon dialog box.