Documentation Center

Specifying application Information in LiveContentSSO.xml

As part of configuring Single Sign-On (SSO), in the WEB-INF folder of the SDL LiveContent Reach Web application installation, edit LiveContentSSO.xml to specify SDL LiveContent Reach application information.

Procedure

  1. On your main Architect server, access your SDL LiveContent Reach home directory.
  2. Navigate to the webapps subdirectory, and then to its WEB-INF subdirectory.
  3. Open LiveContentSSO.xml for editing.
  4. Set the value of <audienceItem> to the SDL LiveContent Reach Web address, as follows:

    <audienceItem>https://domainname:port/context/</audienceItem>

    For example:

    <audienceItem>https://mycompanyname.com:8910/LiveContent/</audienceItem>

  5. In the <keyStore> element , set the file attribute to the location (relative to the Apache Tomcat installation directory on the Web server) of the keystore file you copied into the Apache Tomcat Web application server, and the password attribute to the keystore password.

    For example:

    On Windows:

    <keyStore file="conf\tomcat_keystore.jks" password="PASSWORD" type="JKS" />

    On Linux:

    <keyStore file="/usr/conf/tomcat_keystore.jks" password="PASSWORD" type="JKS" />

    where PASSWORD is the keystore password.

  6. Extract the Subject information from the Secure Token Service (STS) token signing certificate file that you obtained from the STS provider by doing the following:
    1. Open the certificate file (c:\sts_signing_cert.ceron Windows or /usr/sts_signing_cert.cer on Linux) in the Certificate Manager application, certmgr.exe.
    2. On the Details tab, under Field, click Subject.
    3. Copy the text that appears in the text box below the Field/Value display to your clipboard or to a dummy text file.
  7. In LiveContentSSO.xml, under the <trustedIssuers> element, modify the <issuer> element to specify the Subject information obtained from the STS by doing the following:
    1. Uncomment the entire <issuer> element.
    2. Paste the text you copied from the certificate file from your clipboard or dummy text file into the subject attribute value. For example : <issuer subject="CN = MECPSUSP01.global.sdl.corp" certificateValidation="ChainTrust" name="InfoShareSTS" />
    3. Delete the whitespace before and after the equals sign in the subject attribute value: <issuer subject="CN=MECPSUSP01.global.sdl.corp" certificateValidation="ChainTrust" name="InfoShareSTS" />
    4. Add .* to the beginning and ending of the value of the subject attribute: <issuer subject=".*CN=MECPSUSP01.global.sdl.corp.*" certificateValidation="ChainTrust" name="InfoShareSTS" />
  8. Set a value for <maximumClockSkew> in seconds. The recommended default value is 300 (that is, five minutes).
  9. Under the <protocol> element, modify the <issuer> element to specify the Web address for the STS service.
    For example:
    • For ADFS STS: <issuer>https://servername.domainname.companyname.corp/adfs/ls/</issuer>
    • For SDL LiveContent Architect STS (InfoShareSTS): <issuer>https://servername.domainname.companyname.corp/InfoShareSTS/issue/wsfed</issuer>
  10. Ignore the <freshness> element: SDL LiveContent Reach does not yet support this functionality.
  11. Save and close LiveContentSSO.xml.
  12. For each Batch server you have, perform the same steps as above, making sure that the following requirements are met:
    • You have installed certificates for Reach on the Batch server.
    • You have set up relying parties properly on the Batch server.