Documentation Center

Specifying application Information in LiveContentSSO.xml

As part of configuring Single Sign-On (SSO), specify SDL LiveContent Reach application information in the LiveContentSSO.xml file in the WEB-INF folder in the SDL LiveContent Reach Web application installation.

Procedure

  1. Open the LiveContentSSO.xmlfile for Windows or Linux in a text editor.
    • SDLLiveContentReachHome\webapps\WEB-INF\LiveContentSSO.xml
    • SDLLiveContentReachHome/webapps/WEB-INF/LiveContentSSO.xml
  2. Modify the <audienceItem> element content to specify the web address for SDL LiveContent Reach.

    The web address should be of this format:

    <audienceItem>https://domain.name:port/context/</audienceItem>

    For example:

    <audienceItem>https://mycompanyname.com:8910/LiveContent/</audienceItem>

  3. Modify the <keyStore> element content to specify the location of the keystore file you copied into the Apache Tomcat web application server and the keystore password.

    For example:

    On Windows:

    <keyStore file="conf\tomcat_keystore.jks" password="*****" type="JKS" />

    On Linux:

    <keyStore file="\usr\conf\tomcat_keystore.jks" password="*****" type="JKS" />

    where ***** is the keystore password.

  4. Extract the Subject information from the Secure Token Service (STS) token signing certificate file c:\sts_signing_cert.cer (/usr/sts_signing_cert.cer on Linux) that you obtained from the STS provider.
    1. Open the token signing certificate c:\sts_signing_cert.cer (/usr/sts_signing_cert.cer on Linux) in the Certificate Manager application (certmgr.exe).
    2. On the Details tab, under Field, click Subject.
    3. Copy the text that appears in the text box below the Field/Value display.
  5. Under the <trustedIssuers> element, modify the <issuer> element to specify the Subject information obtained from the STS (Security Token Service).
    1. Uncomment the entire <issuer> element.
    2. Paste the text you copied from the token signing certificate file in the preceding step into the subject field. For example : <issuer subject="CN = MECPSUSP01.global.sdl.corp" certificateValidation="ChainTrust" name="InfoShareSTS" />
    3. Delete the whitespaces before and after the equals sign. For example: <issuer subject="CN=MECPSUSP01.global.sdl.corp" certificateValidation="ChainTrust" name="InfoShareSTS" />
    4. Add .* before and .* after. For example <issuer subject=".*CN=MECPSUSP01.global.sdl.corp.*" certificateValidation="ChainTrust" name="InfoShareSTS" />
  6. The recommended default value for the <maximumClockSkew> element is 300 (seconds), or five minutes.
  7. Under the <protocol> element, modify the <issuer> element to specify the web address for the STS service.
    For example:
    • For ADFS STS:

      <issuer>https://servername.domainname.companyname.corp/adfs/ls/</issuer>

    • For SDL LiveContent Architect STS (InfoShareSTS):

      <issuer>https://servername.domainname.companyname.corp/InfoShareSTS/issue/wsfed</issuer>