In today’s world most of the products, be it a financial product like credit card, media or electronics item, do not come from just one vendor but from collaboration between different partner companies. All partners play a unique role in marketing of such product and need access to related data.
Practically, it is not possible to provide access to all the partners to the Active Directory or LDAP and here comes SSO for the rescue which enables all the partners to use a common policy server to authenticate themselves.
SDL Tridion can be easily integrated with SSO servers like CA Siteminder and IBM Tivoli.
Following figures describes SSO flow till authentication.
Authorization can be done at Tridion CMS security level where based on business requirement different access and permissions can be given to users on CMS items like publication etc.
- Execute ca-wa-12.5-cr02-win64.exe.
- Follow the instructions according to installation wizard
- In the Host Registration dialog box, select ‘Yes’ to register a host and click Next.
- Complete the following fields in the Admin Registration dialog box, then click Next- Provide the required admin credentials
- Admin User Name
- Admin Password
- Confirm Admin Password
- Enabled Shared Secret Rollover – Unchecked
- In the Trusted Host Name and Configuration Object dialog box, enter webserver name as trusted host name.
- In the Policy Server IP Address dialog box enter the IP or policy server VIP:
- Choose FIPS Compatibility Mode (Default) and click Next.
- Accept the default location of the host configuration file, SmHost.conf or click Choose to select a different location. Click Next.
- In the Select Web server(s) dialog box, select the option for the Microsoft IIS 7.5 and click Next.
- Select the virtual sites(SDL Tridion 2011) that need to be configured with this web agent and click Next.
- Enter the ACO name <webserver>_agent_config and click Next:
- In the WebAgent Enable Option, check the YES box and click Next.
- In the Web Server Configuration Summary dialog box. Confirm that the configuration settings are correct, then click Install.
- Click done when the installation is complete. The system restarts
- Open command prompt and go to where PSTools is located
- Run: psexec -i -s cmd.exe
- This should open another new command prompt window
- In the new command prompt window, navigate to where aspnet_regiis is (should be in c:\Windows\Microsoft.Net\Framework64\v4.0.30319
- Run: aspnet_regiis -pa "TridionRsaKeyContainer" "Domain\UserName"
- Note: Here domain and username are of the user who is executing the CMR
- Follow the same steps for user NT AUTHORITY\IUSR
|Fig: SSO Configuration in CMS|