Single sign-on (SSO) is a session and user authentication service that permits a user to use one set of login credentials (e.g., name and password) to access multiple applications.
In Oracle 11.x, SSO is provided as an alternative to third-party SSO solutions. It integrates authentication for Endeca Workbench and the ATG Business Control Center, allowing a user to switch between tools without encountering additional login screens.
There will be dedicated ATG server instance where SSO and DPS.InternalUsersmodules included.
SSO module includes a web application that manages the single-sign on process. The Commerce SSO makes use of ticket granting tickets and service tickets algorithm.
In ATG pipeline, /atg/sso/servlet/SSODispatcherServlet component is added to dispatch requests to other servlets that provide the five SSO server functions
Here are five Functions:
1) login - Manages the process of authenticating the user and issuing a service ticket
2) validate - Manages the process of validating requests based on the status of service tickets
3) keepAlive - Ensures that an SSO session remains active as long as there is activity in either the Business Control Center or the Workbench
4) control - Handles configuration of the client logout URL (Only accessed by Endeca plug-in)
5) logout - Manages the process of deleting any tickets associated with the session and then redirecting to the login page
How to Integrate Workbench with Commerce SSO?
1) Go to webstudio.properties
/opt/app/endeca/ToolsAndFrameworks//server/workspace/conf
2) Set com.endeca.webstudio.useSSO to true
com.endeca.webstudio.useSSO=true
3) Uncomment following properties and update SSO box host and port details
#com.endeca.webstudio.sso.loginURL=http://<host:port>/login
#com.endeca.webstudio.sso.controlURL=http:// <host:port>/control
#com.endeca.webstudio.sso.logoutURL=http:// <host:port>/logout
#com.endeca.webstudio.sso.validationURL=http:// <host:port>/validate
#com.endeca.webstudio.sso.keepAliveURL=http:// <host:port>/keepAlive
#com.endeca.webstudio.sso.keepAliveFrequency=1800
The Commerce SSO server uses ATG internal profile repository and does not automatically publish changes to the Endeca Workbench. Make sure each ATG user profile must have a corresponding workbench user with the same name.
In Oracle 11.x, SSO is provided as an alternative to third-party SSO solutions. It integrates authentication for Endeca Workbench and the ATG Business Control Center, allowing a user to switch between tools without encountering additional login screens.
There will be dedicated ATG server instance where SSO and DPS.InternalUsersmodules included.
SSO module includes a web application that manages the single-sign on process. The Commerce SSO makes use of ticket granting tickets and service tickets algorithm.
In ATG pipeline, /atg/sso/servlet/SSODispatcherServlet component is added to dispatch requests to other servlets that provide the five SSO server functions
Here are five Functions:
1) login - Manages the process of authenticating the user and issuing a service ticket
2) validate - Manages the process of validating requests based on the status of service tickets
3) keepAlive - Ensures that an SSO session remains active as long as there is activity in either the Business Control Center or the Workbench
4) control - Handles configuration of the client logout URL (Only accessed by Endeca plug-in)
5) logout - Manages the process of deleting any tickets associated with the session and then redirecting to the login page
How to Integrate Workbench with Commerce SSO?
1) Go to webstudio.properties
/opt/app/endeca/ToolsAndFrameworks/
2) Set com.endeca.webstudio.useSSO to true
com.endeca.webstudio.useSSO=true
3) Uncomment following properties and update SSO box host and port details
#com.endeca.webstudio.sso.loginURL=http://
#com.endeca.webstudio.sso.controlURL=http://
#com.endeca.webstudio.sso.logoutURL=http://
#com.endeca.webstudio.sso.validationURL=http://
#com.endeca.webstudio.sso.keepAliveURL=http://
#com.endeca.webstudio.sso.keepAliveFrequency=1800
The Commerce SSO server uses ATG internal profile repository and does not automatically publish changes to the Endeca Workbench. Make sure each ATG user profile must have a corresponding workbench user with the same name.
