IBM Support

IBM TRIRIGA support scope for SSO and Seamless Sign-on implementation

Question & Answer


Question

What is the IBM TRIRIGA support scope for SSO and Seamless Sign-on implementation?

Cause

I need to implement SSO and not sure if IBM TRIRIGA Support can assist me on 3rd party configuration and setup.

Answer

See the scenarios described in the IBM document "SSO configurations" -> "Example configurations based on application server"

SSO - are samples and examples only. There are lots of possible configurations and concerns about security policies and setups for business/companies when setting up SSO properly. We are not intending to cover all possible scenarios with that document, and they are only "as-is", reference information only. Customers need to adapt them to the scenario and requirements they are running under.

IBM TRIRIGA support will not be able to assist you on:

  1. Configuring your AD server for interfacing with your Web Server - 3rd party
  2. Configuring your Web Server for interfacing with your Application Server (JBOSS, WebLogic, WebSphere, WAS Liberty Profile) - 3rd party
  3. Configuring your Web Server or Application Server to fill in the HTTP request header area the required User ID that will be read further by IBM TRIRIGA code (WAR / JVM) so that the IBM TRIRIGA user session can be opened from the MyProfile loaded record on the database - 3rd party
  4. Configuring your Web Server or Application Server for Seamless Sign-on (without challenging Internet Browser session for credential) - 3rd party

When you have finally set your Web Server & Application Server for filling in the HTTP request header area the User ID IBM TRIRIGA code needs for reading, you are ready to go for confirming if the User ID value is really there and what it is the User ID field name you are using. For that you use this page:

Troubleshooting SSO

Once you can see clearly the User ID value on a HTTP request header field, you get its corresponding field name and update the SSO properties on TRIRIGAWEB.properties file accordingly (it makes sense only on the application UI servers/JVMs), based on the instructions from the IBM document above.

We need a perfect match between the User ID you read from HTTP request header corresponding field, and the one that is located into the database (MyProfile User ID). This is case sensitive checkup by default.

At this point, if you have a valid User ID value on the HTTP request, if you configured your SSO properties properly, if there is a perfect match when comparing with MyProfile User ID, and things do not work, IBM TRIRIGA support can assist you on this troubleshooting and configuration.

See more relevant information here:

  1. What is necessary to implement Single Sign-On (SSO) over IBM TRIRIGA product?
  2. Does IBM TRIRIGA support Seamless Sign On without challenging Internet Browser for credential information?
  3. What are the methods of inserting the user name into an HTTP header supported by IBM TRIRIGA SSO-enabled environments?
  4. What are the available SSO properties for IBM TRIRIGA?
  5. How to prevent users from using the IBM TRIRIGA default login page on SSO-enabled environments?

[{"Product":{"code":"SSHEB3","label":"IBM TRIRIGA Application Platform"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"IBM TRIRIGA Application builder","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"Version Independent","Edition":"","Line of Business":{"code":"LOB59","label":"Sustainability Software"}}]

Document Information

Modified date:
30 March 2022

UID

swg22000500

Page Feedback