How we can configure Single Sign-On between a Portal server and a Webtop is what i am trying to bring in today. This Post does not recommend any specific solution, however it provides insight into implementing the Single Sign-on by customizing the Documentum components.
Before we discuss about the Configuration Steps involved ,lets first see What is Single Sign-On :
Single Sign-on is a concept that enables users to be authenticated once and gain access to the resources of multiple software systems. The requirement is to provide the portal user access to Webtop without being asked to submit the credentials.
Approaches to achieve Single Sign-on
Approach A was evaluated, however with requirements conflicting with the version support, approach B was preferred.
In order to achieve the Single Sign-On, user credentials are passed as URL parameters by encrypting the userid & password. The same is decrypted before establishing documentum session. The following steps provide the details in accomplishing the same.
Note: A standard algorithm is used for the encryption/decryption purposes, which however is out of scope.
A. Documentum Configurations
Compile the java class and update the classpath.
Figure 1: Pictorial representation of the directory structure used.
Copy the login.jsp page available wdk\system\login to webtop\webtop\custom\login folder and customize as per the requirement. Add the path information in the login_component.xml.
The code snippet of login_component.xml after the changes is as follows:
B. Portal Configurations
1. Append the encryption/decryption class to the classpath
2. Create a portlet, retrieve the user-id/password from the form and add the same to session or a cookie
3. Use the encryption algorithm to encrypt the user-id and password and append the same to the URL link calling Webtop. The URL format to be used is as follows:
3. If the user is a valid documentum user, user is allowed to access the documentum repository without being asked to enter the credentials. If the authentication fails, user will be provided with the standard Webtop login page.