Configuring your single sign-on server
Configure your server, such as CA SiteMinder and IBM Tivoli Access Manager (TAM), to work with SDL Tridion.
Procedure
- Ensure that all locations /webservices/CoreService<XXXX>.svc relative to the Content Manager Explorer root URL, where XXXX is any four digits, and all of the subdirectories of those locations, have been put behind a Basic Authentication junction in your SSO proxy.
- Consult the documentation of your single sign-on server (such as SiteMinder or Tivoli) to learn how to exclude a location from authentication.
- Use this information to exclude the following locations (relative to the Content Manager Explorer root URL) from authentication:
- /TemplateBuilder
- /webservices/CoreService<XXXX>.svc/mex, where <XXXX> is any four-digit sequence
- /webservices/CoreService<XXXX>.svc/streamUpload_basicHttp, where <XXXX> is any four-digit sequence
- /WebUI/Editors/SiteEdit/Views/Bootstrap
- /WebUI/Editors/<DIRNAME>/Themes, where <DIRNAME> is any child folder of /WebUI/Editors/.
- /SDL
- Configure your single sign-on server as follows:
- The server should not use cookies
- The server should allow
GETandPOSTHTTP methods - The server should allow the following WebDAV HTTP methods:
OPTIONS,HEAD,DELETE,TRACE,PROPFIND,PROPPATCH,COPY,MOVE,LOCK,UNLOCK.