Question & Answer
Question
What are the IBM TRIRIGA support scope for SSO SAML with External Assertions, SHA 2 encryption and Multiple Principal name simultaneously?
Cause
Need to implement SSO with SAML and want to know if there is any restriction when running that with IBM TRIRIGA product.
Answer
For SSO using SAML and IBM TRIRIGA compatibility for the 3 configurations below:
a) External Assertions
b) SHA 2 encryption
c) Multiple Principal name simultaneously. For example, email and userid
... see that the three configuration scenarios above are something out of IBM TRIRIGA realm and scope, and this needed to be tested and researched into your SSO solution, since we do not go into detail of what capabilities 3rd party SSO solutions provide.
IBM TRIRIGA itself does not do anything with the SAML assertions. It is up to the 3rd party SSO configuration to support this.
As per our Knowledge Center ( http://www.ibm.com/support/knowledgecenter/SSHEB3_3.5.1/com.ibm.tap.doc/sso_topics/c_sso_reqs.html ) , the IBM TRIRIGA Platform only cares about three things:
- Remote User - The web server or application server authenticates the user and puts the user name in the REMOTE_USER HTTP header. The Java™ call is request.getRemoteUser().
- User Principal - The web server or application server authenticates the user and puts the user name in the special UserPrincipal HTTP header. The Java call is request.getUserPrincipal().getName().
- HTTP Header - The web server or application server authenticates the user and puts the user name in a specific named HTTP header attribute.
All other configurations, and questions about external assertions, encryption, and principal name should be answered by the provider of the SSO solution. The TRIRIGA Platform is not aware of anything other than the way the username is placed into the HTTP Header.
Was this topic helpful?
Document Information
Modified date:
30 March 2022
UID
swg21988851