IBM Support

IV88274: REQUEST TRITRIGA SUPPORT FOR SAML FOR NON-BROWSER BASED CLIENTS SUCH AS CAD INTEGRATOR, BIM, AND THE OUTLOOK ADD

Subscribe

You can track all active APARs for this component.

APAR status

  • Closed as documentation error.

Error description

  • SSO solutions need to provide a mechanism for basic
    authentication as per the documentation in the "Requirements
    for single sign-on requests in the TRIRIGA Application
    Platform" for both the TRIRIGA CAD Integrator, BIM, and the
    Outlook Add-in.  SAML does not support this for non-browser
    based applications.
    

Local fix

  • The alternative best practice if using SAML, is to authenticate
    directly to a process server or integration server as opposed
    to the SSO enabled app server, or set up SSO unique for those
    users which can support basic or NTLM authentication.
    

Problem summary

  • SAML is a technology that was designed for Browsers, not
    Integration applications such as Cad Integrator, Outlook
    Plugin, or other integration technologies.
    

Problem conclusion

  • IBM TRIRIGA does not support SAML (Security Assertion Markup
    Language) or credential-less login mechanisms such as SmartCard
    or CAC (Common Access Card) as a method of authentication for
    its non-browser clients such as CAD Integrator, BIM, and the
    Microsoft Outlook add-in.
    SSO solutions need to provide a mechanism for basic
    authentication as per the documentation in the "Requirements
    for single sign-on requests in the TRIRIGA Application
    Platform" for non-browser clients. SAML and SmartCard or CAC do
    not support basic authentication for non-browser based clients.
    The best practice if using SAML or SmartCard/CAC, is to
    authenticate directly to Tririga on a separate process server
    or integration server as opposed to the SSO enabled application
    server. (NOTE: These users will need to know thier Tririga user
    name and password to sign in using this solution.)
    An alternative best practice would be to set up a separate
    non-SAML SSO solution for non-browser client users which can
    support basic or NTLM authentication. (NOTE: SmartCard/CAC
    users would need to know their SmartCard/CAC user name and
    password to sign in using this solution.)
    

Temporary fix

Comments

APAR Information

  • APAR number

    IV88274

  • Reported component name

    TRI APPLCATION

  • Reported component ID

    5725F26AB

  • Reported release

    350

  • Status

    CLOSED DOC

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt / Xsystem

  • Submitted date

    2016-08-16

  • Closed date

    2016-08-18

  • Last modified date

    2016-08-18

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

Applicable component levels



Document information

More support for: IBM TRIRIGA Application Builder
IBM TRIRIGA Application builder

Software version: 350

Reference #: IV88274

Modified date: 18 August 2016