Customizing Authentication in CA Performance Center › Update Single Sign-On Website Settings

Update Single Sign-On Website Settings

The Single Sign-On Configuration Tool lets you change default settings for the Single Sign-On website. For example, you can change the virtual directory for the Single Sign-On website. The virtual directory is required to use an encryption scheme for communications among CA servers.

You can change other settings that affect Single Sign-On behavior when users attempt to log in. Some parameters also affect user interface behavior, such as the timeout period that logs the user out automatically in response to inactivity.

Important! Updates to the Single Sign-On website only affect CA data source products that are running on the same server because of the distributed architecture of the software.

Follow these steps:

1. Log in to the server where CA Performance Center or a CA data source product is installed.

   Log in as root or with the 'sudo' command.

2. Launch the Single Sign-On Configuration Tool by running the './SsoConfig' command in the following directory:

   [InstallationDirectory]/CA/PerformanceCenter
   

   You are prompted to select an option. The available options correspond to CA applications running on the local server.

3. Use the following commands as needed while you are selecting settings:
   • q (quit)
   • b (go back to the previous menu)
   • u (update)
   • r (reset)
4. Enter 1 to configure CA Performance Center.

   You are prompted to select an option.

   

5. Enter 4 for Single Sign-On.

   You are prompted to specify the priority.

   The Priority parameter only applies to CA Performance Center.

6. Enter one of the following options:

   1. Remote Value

   Refers to settings that only administrators can change. Such settings are propagated to all other CA products registered to this instance of CA Performance Center. Remote Value settings are only used if a corresponding Local Override value is not present.

   2. Local Override

   Refers to settings that can be changed for all products. If a Local Override value is present, it takes precedence over both the Remote Value and default settings.

   You are prompted to select a property to configure.

7. Enter one or more of the following properties. When prompted, enter u to update the value and supply a new value:

   1. Anonymous User Enabled

   Specifies whether the Sign-In page appears when users attempt to log in to a data source interface. A value for the Anonymous User ID parameter is required if this parameter is enabled. Users do not see the Sign-In page when they attempt to log in. They are logged in as the user associated with the Anonymous User ID parameter.

   The Localhost User Enabled parameter takes precedence when the following conditions are met:

   • The user is logging in from the Single Sign-On server.
   • The 'Localhost User Enabled' parameter and the 'Anonymous User Enabled' parameter are both enabled.

   Default: Disabled.

   Note: The Anonymous User login takes precedence over Windows Authentication.

   2. Anonymous User ID

   Specifies the username that is used to authenticate the user automatically, bypassing the Sign-In page. This parameter is only used if the Anonymous User Enabled parameter is enabled. Select one of the following values:

   • 1 - The username for the default administrator account (admin).
   • 2 - The username for the default user account (user).
   • Another username that exists in the CA Performance Center database.

   3. Localhost User Sign-In Page Enabled

   Specifies whether the Sign-In page appears when the user is logging in from the server where Single Sign-On is installed.

   If this parameter is enabled, the Sign-In page appears, even if the user is logging in from the Single Sign-On server.

   If this parameter is disabled, the following rules apply:

   • The Localhost User Enabled parameter must be enabled.
   • The value for the Localhost User ID parameter must contain a valid product username. This value is used to log the user in to the software interface, bypassing the Sign-In page.

   Default: Disabled.

   4. Localhost User Enabled

   Specifies whether users are automatically signed in—bypassing the Sign-In page—when they are logging in from the Single Sign-On server. A value for the 'Localhost User ID' parameter is required if this parameter is enabled.

   • If the 'Localhost User Sign-In Page Enabled' parameter is enabled, this parameter is used in cases where the user clicks Sign In without entering a username or password. The user is then logged in to the software as the user associated with the 'Localhost User ID' parameter.
   • If the user does supply a username and password, those credentials are used for authentication.
   • If this parameter is enabled but the 'Localhost User Sign-In Page Enabled' parameter is disabled, the user bypasses the Sign-In page. The user is instead logged in to the interface using the value of the 'Localhost User ID' parameter.
   • If the user is logging in from the Single Sign-On server and both the 'Localhost User Enabled' and 'Anonymous User Enabled' parameters are enabled, the 'Localhost User Enabled' parameter takes precedence.

   Default: Disabled.

   5. Localhost User ID

   Specifies the user ID that is used to authenticate users automatically—bypassing the Sign-In page—when they log in to the Single Sign-On server. This parameter is used only if the 'Localhost User Enabled' parameter is enabled. Enter one of the following values:

   1 - The username for the default administrator account (admin).

   2 - The username for the default user account (user).

   6. Cookie Timeout Minutes

   Specifies the number of minutes that pass before a Single Sign-On cookie expires. Each time a user performs an action in a data source interface, the cookie timeout resets. If the timeout expires, the user is logged out and must reauthenticate.

   Default: 20 minutes

   7. Encryption Decryption Key

   Specifies the key that is used to encrypt and decrypt the Single Sign-On cookie.

   8. Encryption Algorithm

   Specifies the encryption algorithm that is used to encrypt and decrypt the Single Sign-On cookie. Supply either DES or AES for the value.

   9. Failed Sleep Seconds

   Specifies the number of seconds the Single Sign-On application waits after a failed sign-in attempt.

   10. Remember Me Enabled

   Specifies whether the Remember Me check box is displayed on the Sign-In page. The Remember Me setting determines whether a user is automatically logged out when the Cookie Timeout expires.

   Default: Enabled.

   11. Remember Me Timeout Days

   Specifies the number of days that pass before a user who selected 'Remember Me' on the Sign-In page must reauthenticate. This parameter is only used if the 'Remember Me Enabled' parameter is enabled. A value of 0 indicates that the Remember Me setting does not expire; the user must click the Sign Out link in a data source product interface.

   12. Scheme

   Specifies the URL scheme that data source products can use to access the Single Sign-On application. If you are using SSL, supply 'https:' for the value.

   13. Port

   Specifies the URL port that data source products can use to access the Single Sign-On application.

   14. Virtual Directory

   Specifies the name of the virtual directory for Single Sign-On.

   Default: SingleSignOn.

   Note: If you change the value for any of the previous parameters, the default value is not replaced, but the new value now takes precedence. The new value is actually a Local Override.

8. Enter b when you have finished changing the default settings.
9. You return to the previous set of options.
10. Enter b again to go back to the first set of options.
11. Enter q to close the Single Sign-On Configuration Tool.

    The Single Sign-On Configuration Tool closes.

    CA Performance Center directs all unauthenticated users to the Single Sign-On website using the new values that you supplied.