Enterprise Edition - Single Sign-On (SSO)


Overview

Applications Manager's Enterprise Edition supports Single sign-on (SSO) - a mechanism which offers a user unified access i.e users do not have to actively enter their credentials more than once in order to access multiple independent installations (your Admin Server and Managed Servers). Users gain access to all their Managed Servers with a single user authentication into the Admin Server eliminating further prompts when they switch applications during a particular session.

Benefits:

  • Security - Capability to implement consistent authentication and authorization guidelines across your enterprise.
  • Resource savings - Reducing time spent re-entering passwords for the same identity or profile and central access management.
  • User Experience - Ability to move between services and portals securely and seamlessly without password prompts.

Enabling Single Sign-On

You can enable Single Sign-On in your Applications Manager Enterprise setup as follows:

  • For Applications Manager versions below 14270, download the cas.war file from this link. For versions 14270 and above, download the cas_8.war file from Admin server (under <Applications Manager Home>\working\resources directory).
  • Place the downloaded .war file in the webapps folder in the following path: <Applications Manager Home>\working\apache\tomcat\webapps in your Admin Server.
  • Start Applications Manager and navigate to the Admin tab.
  • Open User Administration under Applications Manager Server Settings.
  • Navigate to the SSO tab.
  • Check the Enable SSO checkbox.
  • Restart Applications Manager. SSO is enabled.
Note:
  • Single Sign-on in Managed Servers will be enabled only after Applications Manager is restarted. Please take care to perform the restart after a few minutes to ensure that the SSO key from the Admin server is synched with the Managed Servers.
  • The Admin server should be running when the Managed Server starts for SSO to work.
  • Users created in the Admin server will be synced to the Managed Server.
  • No user creation or modification can be performed in your managed servers
  • In case of HTTP 400 (Bad Request) error faced while accessing the Managed server monitor from Admin server, try implementing the below steps:
    • Make sure that the Managed server hostname shown in Admin server and the hostname specified for am.appmanager.hostname key in AMServer.properties file (under <Applications Manager Home>/conf/ directory) of that Managed server should be the same. If not, update the correct hostname in Admin server's Edit Managed Server page and save it. Then stop the Managed server and update the same hostname for am.appmanager.hostname key in AMServer.properties file (under <Applications Manager Home>/conf/ directory) of that Managed server. Finally, save the changes and restart the Managed server.
    • Update the Managed server hostname to lowercase in Admin server's Edit Managed Server page and save it. Then stop the Managed server and update the same hostname to lowercase for am.appmanager.hostname key in AMServer.properties file (under <Applications Manager Home>/conf/ directory) of that Managed server. Finally, save the changes and restart the Managed server.