Documentation Center

Configuring Single Sign On

SDL Tridion enables you to integrate Content Manager with single sign-on (SSO) servers. Integration with these servers ensures that Content Manager users no longer need to log in separately. This section describes how to configure Single Sign on with Archive Manager Explorer.

Before you begin

Single Sign On is not supported in combination with the Business Connector.

Procedure

  1. Open Internet Information Services (IIS) Manager.
  2. Go to the SDL Archive Manager Explorer Web application and open the Web.Config file located in the root folder in a text editor.
  3. In the <tridionConfigSections> section, enable the following line and specify the full path to your Tridion.ContentManager.config file:
    <add filePath="C:\Program Files (x86)\Tridion\config\Tridion.ContentManager.config" />
  4. In the <appSettings> section, enable the following line and change SSOVIRTUALHOST to your Single Sign on virtual host:
    <add key="sso.url" value="http://SSOVIRTUALHOST" />
  5. In the <system.web><httpModules> section, enable the following line:
    <add name="SsoAgentHttpModule" type="Tridion.Security.Web.SsoAgentHttpModule,  Tridion.Security, 
    Version=6.1.0.25, Culture=neutral, PublicKeyToken=ddfc895746e5ee6b" />
  6. Only if you use IIS 7.5, in the <system.webServer><Modules> section, enable the following line:
    <add name="SsoAgentHttpModule" type="Tridion.Security.Web.SsoAgentHttpModule,  Tridion.Security, 
    Version=6.1.0.25, Culture=neutral, PublicKeyToken=ddfc895746e5ee6b" />
  7. In the <appSettings> section, set the authorization.method value:
    • to CoreService for users existing in the Content Manager and on the Single Sign On server:
      <add key="authorization.method" value="CoreService"/>
    • to None to use SSO authorization only:
      <add key="authorization.method" value="None"/>
  8. In the <appSettings> section of your In the Web.Config file, locate the following line and specify the TCM URI of your Archive Manager User Group in the value field. For example:
    <add key="security.group.uri" value="tcm:0-24-65568"/>
  9. Save and close Web.Config.
  10. In IIS, make sure the SDL Archive Manager Explorer application pool Identity is set to Network Service (the default).
  11. Configure IIS security settings:
    1. Select the SDL Archive Manager Explorer Web site and double-click the Authentication icon on the right.
    2. Select the Anonymous Authentication row and click Enable in the Actions area on the right.
    3. Select each of the other rows in turn and for each row, click Disable in the Actions area on the right. (If necessary, you could choose to keep Digest Authentication and Forms Authentication enabled.)
  12. Close IIS.