Configuring your single sign-on server
Configure your server, such as CA SiteMinder and IBM Tivoli Access Manager (TAM), to work with SDL Web.
Procedure
- Ensure that all locations /webservices/CoreService<XXXX>.svc relative to the Content Manager Explorer root URL, where XXXX is any four digits, and all of the subdirectories of those locations, have been put behind a Basic Authentication junction in your SSO proxy.
- Consult the documentation of your single sign-on server (such as SiteMinder or Tivoli) to learn how to exclude a location from authentication.
- Use this information to exclude the following locations (relative to the Content Manager Explorer root URL) from authentication:
- /TemplateBuilder
- /webservices/CoreService<XXXX>.svc/mex, where <XXXX> is any four-digit sequence
- /webservices/CoreService<XXXX>.svc/streamUpload_basicHttp, where <XXXX> is any four-digit sequence
- /WebUI/Editors/SiteEdit/Views/Bootstrap
- /WebUI/Editors/<DIRNAME>/Themes, where <DIRNAME> is any child folder of /WebUI/Editors/.
- /SDL
- Also configure all of these locations, including any further ones you make in your single sign-in server, in the MMC Snap-in. In the MMC Snap-in General Settings screen, specify these excluded locations in the Urls without HTTP authentication field.
- Configure your single sign-on server as follows:
- The server should not use cookies.
- The server should allow
GETandPOSTHTTP methods. - The server should allow the following WebDAV HTTP methods:
OPTIONS,HEAD,DELETE,TRACE,PROPFIND,PROPPATCH,COPY,MOVE,LOCK,UNLOCK.
Related reference