Configuring your single sign-on server

Configure your server, such as CA SiteMinder and IBM Tivoli Access Manager (TAM), to work with SDL Tridion Sites.

Procedure

  1. Ensure that all locations /webservices/CoreService<XXXX>.svc relative to the Content Manager Explorer root URL, where XXXX is any four digits, and all of the subdirectories of those locations, have been put behind a Basic Authentication junction in your SSO proxy.
  2. Consult the documentation of your single sign-on server (such as SiteMinder or Tivoli) to learn how to exclude a location from authentication.
  3. Use this information to exclude the following locations (relative to the Content Manager Explorer root URL) from authentication:
    • /TemplateBuilder
    • /webservices/CoreService<XXXX>.svc/mex, where <XXXX> is any four-digit sequence
    • /webservices/CoreService<XXXX>.svc/streamUpload_basicHttp, where <XXXX> is any four-digit sequence
    • /WebUI/Editors/SiteEdit/Views/Bootstrap
    • /WebUI/Editors/<DIRNAME>/Themes, where <DIRNAME> is any child folder of /WebUI/Editors/.
    • /SDL
  4. Also configure all of these locations, including any further ones you make in your single sign-in server, in the Content Manager configuration file, Tridion.ContentManager.config. In the tridion.security, specify these excluded locations in the noHttpAuthenticationForUrlsattribute.
  5. Configure your single sign-on server as follows:
    • The server should not use cookies.
    • The server should allow GET and POST HTTP methods.
    • The server should allow the following WebDAV HTTP methods: OPTIONS, HEAD, DELETE, TRACE, PROPFIND, PROPPATCH, COPY, MOVE, LOCK, UNLOCK.