Documentation Center

Enabling SSO in lc.properties and LiveContentSecurity.xml

As part of configuring Single Sign-On (SSO), modify these files in the WEB-INF folder in the SDL LiveContent Reach web application installation.

About this task

These two files contain the settings that enable and disable SSO security in general. That is:
  • You can enable SSO security by making these changes (in addition to making all of the other configuration changes required for SSO).
  • You can disable SSO security (that is, you can use the internal user and group accounts and SDL LiveContent Reach user authentication in) by reverting the configuration settings in these two files to their original specifications.
Both of these changes (whether you are enabling or disabling SSO security) require that you restart the Apache Tomcat service afterwards.

Procedure

  1. Open LiveContentReach_Home\webapp\WEB-INF\lc.properties in a text editor and make these changes:
    1. Change the setting for identity.provider from internal to sso.
    2. Set the security token attributes you wish to use.

      These attributes will be added as claims mappings in the Relying Party.

      If you are using ADFS STS user authentication, specify the security token attributes as shown in this example:
      sso.saml_attribute_list=role,givenname,department,surname,emailaddress
      If you are using SDL LiveContent Architect STS (InfoShareSTS) user authentication, only the role and emailaddress attributes are supported.
      sso.saml_attribute_list=role,emailaddress,displayname
    3. Define which group-type saml token attributes map authenticated users to the default internal SDL LiveContent Reach groups.
      For example:
      sso.permission.group=role,department
  2. Open LiveContentSecurity.xml in a text editor and remove the commenting characters around all security-constraint elements.