No announcement yet.

[SOLVED] Single Signon with OTM

This topic is closed.
  • Filter
  • Time
  • Show
Clear All
new posts

  • [SOLVED] Single Signon with OTM

    We are looking to add OTM as an accessible link from our Portal. We can use the generic OTM link and get to it, but we have a need to make OTM use single signon as part of the portal login. Does anybody out there have done this with OTM 5.5 CU3 (or CU2)? Or know how to do it?


  • #2
    Re: Single Signon with OTM


    OTM has supported SSO since v3.0 (or earlier) and was one of the requirements of one of our early LARGE clients. While I don't believe there is any documentation for this, the configuration is simple.

    First - it was developed around Netegrity, but works with any Reverse Proxy-based SSO solution. When it's configured, OTM delegates all authorization responsibilities to the SSO framework. If an OTM username is passed to OTM via the http header or URL, then that use is automatically logged-in, without verifying the password. This allows you to keep a single password repository, but requires that you protect OTM from malicious users and filter the http-headers and URLs.

    To configure, just enable the following properties in the OTM file, where "appuid" is the variable you'll use to send in the OTM username:
    You may also need to enable the reverse-proxy in OTM in order to work within your SSO framework. This is accomplished via the following properties in the file, where "/urlprefix" is the URL Prefix that your reverse-proxy server utilizes in order to identify the OTM web server:
    You will also need to edit the <otm_home>/apache/htdocs/index.html file and update the URL listed below to include this URL Prefix.

    Finally, keep in mind that once you setup OTM to be accessible via a reverse-proxy, you won't be able to connect to it directly, since the URL Prefixes won't get stripped out and will thus be invalid for your browser.

    I've set this up in the lab and for a few clients while I was at G-Log, and it works well.

    Hope this helps!