Documentation Center

Configuring your single sign-on server

Configure your server, such as CA SiteMinder and IBM Tivoli Access Manager (TAM), to work with SDL Tridion.

Procedure

  1. Ensure that all locations /webservices/CoreService<XXXX>.svc relative to the Content Manager Explorer root URL, where XXXX is any four digits, and all of the subdirectories of those locations, have been put behind a Basic Authentication junction in your SSO proxy.
  2. Consult the documentation of your single sign-on server (such as SiteMinder or Tivoli) to learn how to exclude a location from authentication.
  3. Use this information to exclude the following locations (relative to the Content Manager Explorer root URL) from authentication:
    • /TemplateBuilder
    • /webservices/CoreService<XXXX>.svc/mex, where <XXXX> is any four-digit sequence
    • /webservices/CoreService<XXXX>.svc/streamUpload_basicHttp, where <XXXX> is any four-digit sequence
    • /WebUI/Editors/SiteEdit/Views/Bootstrap
    • /WebUI/Editors/<DIRNAME>/Themes, where <DIRNAME> is any child folder of /WebUI/Editors/.
    • /SDL
  4. Configure your single sign-on server as follows:
    • The server should not use cookies
    • The server should allow GET and POST HTTP methods
    • The server should allow the following WebDAV HTTP methods: OPTIONS, HEAD, DELETE, TRACE, PROPFIND, PROPPATCH, COPY, MOVE, LOCK, UNLOCK.