You can use the Portal Configuration page to enable single
sign-on (SSO) between LiveCycle applications and any application
that supports conveying the identity over HTTP header. When SSO
is implemented, the LiveCycle user login pages are not required
and do not appear if the user is already authenticated through their
company portal.
You can also enable SSO by using SPNEGO. (See Enable SSO using SPNEGO.)
In Administration Console, click Settings > User Management
> Configuration > Configure Portal Attributes.
Select Yes to enable SSO. If you select No, the remaining
settings on the page are unavailable.
Set the remaining options on the page as required and click
OK:
SSO type: (Mandatory) Select HTTP Header
to enable SSO using HTTP headers.
HTTP header for user’s identifier: (Mandatory) Name
of the header whose value contains the logged-in user’s unique identifier.
User Management uses this value to find the user in the User Management
database. The value obtained from this header should match the unique
identifier of the user who is synchronized from the LDAP directory.
(See User settings.)
Identifier value maps to user’s User ID instead of user’s unique identifier: Maps
the user’s unique identifier value to the User ID. Select this option
if the user’s unique identifier is a binary value that cannot be
easily propagated through HTTP headers (for example, objectGUID
if you are synchronizing users from Active Directory).
HTTP header for domain: (Not mandatory) Name of the
header whose value contains the domain name. Use this setting only
if no single HTTP header uniquely identifies the user. This setting
is for cases where multiple domains exists and the unique identifier
is unique only within that domain. In this case, specify the header
name in this text box and specify domain mapping for the multiple
domains in the Domain mapping box. (See Editing and converting existing domains.)
Domain mapping: (Mandatory) Specifies mapping for
multiple domains in the format header value=domain name.
For
example, consider a situation where the HTTP header for a domain
is domainName, and it can have values of domain1, domain2, or domain3.
In this case, use domain mapping to map the domainName values to
User Management domain names. Each mapping must be on a different
line:
domain1=UMdomain1
domain2=UMdomain2
domain3=UMdomain3
|
|
|