Re: OTM Single Sign on

Sandeep,

OTM supports SSO out of the box, and I recommend reading the "Enabling Single Sign On (SSO) Support" section of the OTM Admin Guide. Basically, after enabling OTM's SSO, it will look for a user ID within the HTTP header or URL, provided by a variable that you define. When this is present and populated, that user is automatically logged into OTM without password verification, effectively bypassing the login screen. This does require a custom element for each OTM user in your SSO solution's LDAP repository, though, which maps their SSO user ID to an OTM-specific user ID.

Here's a post which provides some relevant data: http://www.otmfaq.com/forums/f25/otm-ldap-oid-952/
I've head that OTM will natively support the Oracle Identity Manager in a later version, don't know when it will be available.

I hope this helps!

--Chris

Re: OTM Single Sign on

HI Chris,

I'm now working on implementing OTM SSO for one of our client.
I found your solution in the thread, which was very much helpful.
But the user needs to login to OTM directly from browser and also needs SSO feature.
Is there any possible solution for that?

Thanks,
Sarath.

Re: OTM Single Sign on

Sarath,

If the user ID isn't passed into OTM via SSO, then the user will be prompted to login manually. So, they just need to setup SSO to not pass an OTM userID for the users that should login via the browser.

--Chris

Re: OTM Single Sign on

Hello Chris,

Need your help regarding SSO functionality enabling in OTM6.2.8, I have configured the following LDAP parameters in glog.properities file located in OTM Web Server.

# web URL prefix - should be blank unless web server is behind a reverse-proxy server
glog.webserver.urlprefix=
# web server URL (may differ from server name)
glog.webserver.URL=http://servername:80$glog.webserver.urlprefix$

glog.security.sso=true
glog.security.sso.appUidName=appuid
glog.security.sso.logoutButton=true
glog.security.sso.appUidLocation=1
glog.webserver.initial_page=$glog.webserver.urlpre fix$$glog.webserver.context$glog.webserver.util.Fr ameGC3Servlet

# LDAP settings for namespace: localAuth

ldap.searchOrder=GC3,localAuth

ldap.namespace.name=localAuth
ldap.namespace.localAuth.authProtocol=simple
ldap.namespace.localAuth.ldapUrl=ladp://12345.xyz.com:389
ldap.namespace.localAuth.ctxFactory=com.sun.jndi.l dap.LdapCtxFactory
ldap.namespace.localAuth.version=3
ldap.namespace.localAuth.principal=cn=GLog User, o=Glog, c=US
ldap.namespace.localAuth.credential=secret
ldap.namespace.localAuth.userDN=ou=OU,dc=xyz,dc=co m
ldap.namespace.localAuth.userNameAttribute=uid
ldap.namespace.localAuth.glUserAttribute=gluser
ldap.namespace.localAuth.userAuthentication=local
ldap.namespace.localAuth.credentialAttribute=passw ord

With the above settings I am able to login thru by passing appuid in the OTM URL, however when I am trying to login thru OTM Login Screen, it is throwing an error "Invalid redirect Parameter".

1) Does this require reverse-proxy settings?
2) To enable reverse-proxy, the client needs to do any setting at their network end?

Your hep is highly appreciated. Many thanks in advance.

Regards
Chari