Enable SSO using HTTP headers

You can use the Portal Configuration page to enable single sign-on (SSO) between LiveCycle applications and any application that supports conveying the identity over HTTP header. When SSO is implemented, the LiveCycle user login pages are not required and do not appear if the user is already authenticated through their company portal.

You can also enable SSO by using SPNEGO. (See Enable SSO using SPNEGO.)

1. In Administration Console, click Settings > User Management > Configuration > Configure Portal Attributes.

2. Select Yes to enable SSO. If you select No, the remaining settings on the page are unavailable.

3. Set the remaining options on the page as required and click OK:

   • SSO type: (Mandatory) Select HTTP Header to enable SSO using HTTP headers.

   • HTTP header for user’s identifier: (Mandatory) Name of the header whose value contains the logged-in user’s unique identifier. User Management uses this value to find the user in the User Management database. The value obtained from this header should match the unique identifier of the user who is synchronized from the LDAP directory. (See User settings.)

   • Identifier value maps to user’s User ID instead of user’s unique identifier: Maps the user’s unique identifier value to the User ID. Select this option if the user’s unique identifier is a binary value that cannot be easily propagated through HTTP headers (for example, objectGUID if you are synchronizing users from Active Directory).

   • HTTP header for domain: (Not mandatory) Name of the header whose value contains the domain name. Use this setting only if no single HTTP header uniquely identifies the user. This setting is for cases where multiple domains exists and the unique identifier is unique only within that domain. In this case, specify the header name in this text box and specify domain mapping for the multiple domains in the Domain mapping box. (See Editing and converting existing domains.)

   • Domain mapping: (Mandatory) Specifies mapping for multiple domains in the format header value=domain name.

     For example, consider a situation where the HTTP header for a domain is domainName, and it can have values of domain1, domain2, or domain3. In this case, use domain mapping to map the domainName values to User Management domain names. Each mapping must be on a different line:

     domain1=UMdomain1

     domain2=UMdomain2

     domain3=UMdomain3

 Twitter™ and Facebook posts are not covered under the terms of Creative Commons.