Configuring your single sign-on server
Configure your server, such as CA SiteMinder and IBM Tivoli Access Manager (TAM), to work with SDL Tridion Sites.
Procedure
- Ensure that all locations /webservices/CoreService<XXXX>.svc relative to the Content Manager Explorer root URL, where XXXX is any four digits, and all of the subdirectories of those locations, have been put behind a Basic Authentication junction in your SSO proxy.
- Consult the documentation of your single sign-on server (such as SiteMinder or Tivoli) to learn how to exclude a location from authentication.
- Use this information to exclude the following locations (relative to the Content Manager Explorer root URL) from authentication:
- /TemplateBuilder
- /webservices/CoreService<XXXX>.svc/mex, where <XXXX> is any four-digit sequence
- /webservices/CoreService<XXXX>.svc/streamUpload_basicHttp, where <XXXX> is any four-digit sequence
- /WebUI/Editors/SiteEdit/Views/Bootstrap
- /WebUI/Editors/<DIRNAME>/Themes, where <DIRNAME> is any child folder of /WebUI/Editors/.
- /SDL
- Also configure all of these locations, including any further ones you make in your single sign-in server, in the Content Manager configuration file, Tridion.ContentManager.config. In the
tridion.security, specify these excluded locations in thenoHttpAuthenticationForUrlsattribute. - Configure your single sign-on server as follows:
- The server should not use cookies.
- The server should allow
GETandPOSTHTTP methods. - The server should allow the following WebDAV HTTP methods:
OPTIONS,HEAD,DELETE,TRACE,PROPFIND,PROPPATCH,COPY,MOVE,LOCK,UNLOCK.