Single Sign-on : ATG and Endeca

Single sign-on (SSO) is a session and user authentication service that permits a user to use one set of login credentials (e.g., name and password) to access multiple applications. 

In Oracle 11.x, SSO is provided as an alternative to third-party SSO solutions. It integrates authentication for Endeca Workbench and the ATG Business Control Center, allowing a user to switch between tools without encountering additional login screens.

There will be dedicated ATG server instance where SSO and DPS.InternalUsersmodules included.

SSO module includes a web application that manages the single-sign on process. The Commerce SSO makes use of ticket granting tickets and service tickets algorithm.

In ATG pipeline, /atg/sso/servlet/SSODispatcherServlet component is added to dispatch requests to other servlets that provide the five SSO server functions

Here are five Functions:
1) login  - Manages the process of authenticating the user and issuing a service ticket


2) validate - Manages the process of validating requests based on the status of service tickets

3) keepAlive - Ensures that an SSO session remains active as long as there is activity in either the Business Control Center or the Workbench


4) control  - Handles configuration of the client logout URL (Only accessed by Endeca plug-in)

5) logout - Manages the process of deleting any tickets associated with the session and then redirecting to the login page


How to Integrate Workbench with Commerce SSO?
1) Go to webstudio.properties  

/opt/app/endeca/ToolsAndFrameworks//server/workspace/conf

2) Set com.endeca.webstudio.useSSO to true  

 com.endeca.webstudio.useSSO=true
 

3) Uncomment following properties and update SSO box host and port details

#com.endeca.webstudio.sso.loginURL=http://<host:port>/login
#com.endeca.webstudio.sso.controlURL=http://
<host:port>/control
#com.endeca.webstudio.sso.logoutURL=http://
<host:port>/logout
#com.endeca.webstudio.sso.validationURL=http://
<host:port>/validate
#com.endeca.webstudio.sso.keepAliveURL=http://
<host:port>/keepAlive
#com.endeca.webstudio.sso.keepAliveFrequency=1800

The Commerce SSO server uses ATG internal profile repository and does not automatically publish changes to the Endeca Workbench. Make sure each ATG user profile must have a corresponding workbench user with the same name.

3 comments:

  1. Hello,
    could you please assist me how to integrate SAML(Security Assertion Markup Language) with ATG for SSO(Single Sign On).

    Thanks In Advance.

    ReplyDelete
    Replies
    1. Hi Shiv Gupta,

      Have you implemented the above specified requirement(SAML with Endeca)?

      Thanks,
      Dilroz

      Delete
  2. Wow!!You have written this post On single sign on solutions so brilliantly.The step by step procedure you have written truly class.Thanks for sharing this lovely post with us.

    ReplyDelete