Installation and Configuration  Server Configuration  Single Sign-On (SSO) Configuration  Configuring Tomcat for SSO

Configuring Tomcat for SSO

To use a standalone Deployment Automation installation with Release Manager, you must update configuration files to enable Serena Common Tomcat to find and use the correct SBM SSO installation.

Before you can use SSO with Deployment Automation, you must have SBM installed and SSO must be enabled. You must have the Deployment Automation server installed on the same machine as the Serena Common Tomcat.

  1. On the Deployment Automation server, stop the Serena Common Tomcat service.
  2. Navigate to the application server conf directory. For example: ..\Serena\..\common\tomcat\7.0\alfssogatekeeper\conf
  3. In gatekeeper-core-config.xml, change the following parameters as necessary to replace the host and port values. Replace the placeholder variables shown here and in the default file as $HTTP_OR_HTTPS, $HOSTNAME and $PORT, with either HTTP or HTTPS, and the host name and port for your SBM SSO server. The default HTTP port number for the SBM SSO server is 8085, and the default HTTPS port number for the SBM SSO server is 8243.
    • <parameter name="SecurityTokenService" Type="xsd:anyURI">$HTTP_OR_HTTPS://$HOSTNAME:$PORT/TokenService/services/Trust<parameter>
    • <parameter name="SecurityTokenServiceExternal" Type="xsd:anyURI">$HTTP_OR_HTTPS://$HOSTNAME:$PORT/TokenService/services/Trust</parameter>
    • <parameter name="FederationServerURL" Type="xsd:anyURI">$HTTP_OR_HTTPS://$HOSTNAME:$PORT/ALFSSOLogin/login</parameter>

    For example:

    <parameter name="SecurityTokenService" Type="xsd:anyURI">
HTTPS://myserver:8243/TokenService/services/
Trust<parameter>             
 
<parameter name="SecurityTokenServiceExternal" Type="xsd:anyURI">
HTTPS://myserver:8243/TokenService/services/
Trust</parameter>
              
<parameter name="FederationServerURL" Type="xsd:anyURI">
HTTPS://myserver:8243/ALFSSOLogin/login
</parameter>
    CAUTION:
    For the gatekeeper core configuration, you use the SBM SSO HTTP or HTTPS port number. Be careful not to confuse this with the port numbers for Deployment Automation, which are by default 8080 and 8443 for HTTP and HTTPS respectively.
  4. Navigate to your program installation directory. For example: ..\Users\username\.serena\ra\conf\server
  5. Modify the serena_ra_config.xml to set the ssoEnabled property to true as follows: 
    <ssoConfig>
    <ssoEnabled>true</ssoEnabled>
</ssoConfig>
  6. On the Deployment Automation server, start the Serena Common Tomcat service.
  7. Verify the configuration by invoking the Deployment Automation web application through your implementation's URL, such as http://sdaserver:8080/serena_ra. If when attempting to sign on, you receive the following error, you will need to update your SSO STS certificates.

    ALF SSO Gatekeeper error has occurred: Error obtaining security token.

    Detail

    Validation of WS-Federation token failed with code 40:Token issuer not allowed.

    See the Serena Knowledgebase item S140637 for more information.

Copyright © 2011–2015 Serena Software, Inc. All rights reserved.