Configuring single sign-on
SDL Tridion enables you to integrate Content Manager with single sign-on (SSO) servers so that Content Manager users no longer need to log in separately. If you configure single sign-on integration, you cannot configure LDAP integration, and vice versa.
- Configuring your single sign-on server
Configure your server, such as CA SiteMinder and IBM Tivoli Access Manager (TAM), to work with SDL Tridion. - Configuring single sign-on settings in the Content Manager configuration
In the Single Sign On settings screen of your Content Manager configuration (MMC Snap-in), specify a Directory Service Name or a User Name Header and Qualifier. - Setting up IIS for anonymous access
For single sign-on or LDAP integration to work properly, you must configure IIS to have anonymous access enabled for the SDL Tridion Web site, SDL Tridion virtual folders and SDL Tridion Web applications. - Configuring single sign-on in the web\ folder
In %TRIDION_HOME%\web\web.config, configure an HTTP module that can handle single sign-on requests. - Configuring single sign-on in the webservices\ folder
In the file %TRIDION_HOME%\webservices\web.config, ensure - Configuring single sign-on in the web\WebUI\WebRoot\ folder
In %TRIDION_HOME\web\WebUI\WebRoot\web.config, perform a number of configuration tasks to make it work with single sign-on. - Configuring single sign-on in the Editors' Themes\ folders
In the web.config file in each of the folders under %TRIDION_HOME%\WebUI\Editors\, comment out theauthorizationsection. - Configuring single sign-on for Device Preview
To configure Device Preview for single sign-on, uncomment a section and specify your single sign-on server URL in the Device Preview configuration file, %TRIDION_HOME%\web\WebUI\Editors\DevicePreview\Configuration\DevicePreview.config. - Configuring single sign-on for UGC
If you set up User Generated Content, configure web\WebUI\Models\UGC\web.config. - Applying single sign-on configuration changes
To apply the changes you have made to the various web.config files, restart IIS.