Web Agent GuidesWeb Agent Configuration GuideSingle Sign-On (SSO) › How to Configure Single Sign-On

Previous Topic: Single Sign-on and Agent Key Management

Next Topic: Require Cookies for Basic Authentication

How to Configure Single Sign-On

To set up your single sign-on environment, use the following process:

  1. Decide which cookie domains comprise the single sign-on environment.
  2. Decide which cookie domain within the single sign-on environment will be the cookie provider domain.
  3. Access the Agent Configuration Object (using the Administrative UI) or open the Web Agent configuration file (on your web server), and modify the parameters in the following steps:
    1. Set the RequireCookies parameter to yes.

      If you set the timeout parameters without requiring cookies, the Web Agent functions normally; however, it cannot enforce the timeouts. If the Web Agent requires cookies but the user's browser does not accept them, the user will be denied access to all protected resources.

      Note: For more information, see the Policy Server documentation.

    2. If you want the cookies to last until the configured session timeout, set the PersistentCookies parameter to yes.

      If you set this parameter to no, the cookies last for only one browser session.

    3. For the CookieDomain parameter, verify that this is the local cookie domain of the system on which the Web Agent is installed, such as .mycompany.com. Modify the domain, if necessary. This value is case-sensitive.
    4. Set the CookieProvider parameter to the cookie provider domain using the appropriate syntax as follows:

      http://server.domain:port/siteminderagent/SmMakeCookie.ccc

      where server.domain:port is the fully qualified domain name of the Web Server where the Web Agent acting as the cookie provider resides, such as myserver.mysite.com. The cookie provider name must have a .ccc extension.

    5. Make sure the cookie provider is configured with the proper associated MIME type (.ccc).
    6. Enable the proper type IP checking (to compare IP addresses) if you enabled persistent or transient cookies.
  4. (Optional) Modify any other single sign-on settings.
  5. If you edited parameters by modifying the Web Agent configuration file, restart the web server, so that the changes take effect.

More Information

Configure MIME Types for Each Credential Collector

Compare IP Addresses to Prevent Security Breaches

Copyright © 2010 CA. All rights reserved. Email CA about this topic