Configuring SBM Single-Sign-On for Serena Dashboard

If you have enabled Single-Sign-On (SSO) for your Serena Business Manager implementation, you can take advantage of this feature for Serena Dashboard as well. This way, any users who have been defined for SBM will be able to log in to Serena Dashboard.

To configure single-sign-on for Serena Dashboard:

1. You must install the SBM SSO component on the Serena Dashboard server.

2. On the Dashboard server, open the following file in a text or XML editor: <tomcat directory>/conf/web.xml

3. Except for the opening and closing comments, remove all comment markup (<!-- and --> ) from the following section:
   <!-- ======== Start of Serena SSO Gatekeeper Filter Configuration ======== -->
   
   <filter>
      <filter-name>ALFSSOGatekeeperFilter</filter-name>
      <filter-class>org.eclipse.alf.security.sso.server.gatekeeper.filterloader.GatekeeperFilterLoader</filter-class>
      <init-param>
          <param-name>gatekeeper.enabled</param-name>
          <param-value>true</param-value>
      </init-param>
      <init-param>
          <param-name>gatekeeper.config.filename</param-name>
          <param-value>${catalina.home}/alfssogatekeeper/conf/gatekeeper-services-config.xml</param-value>
      </init-param>
      <init-param>
          <param-name>gatekeeper.lib.dir</param-name>
          <param-value>${catalina.home}/alfssogatekeeper/lib</param-value>
      </init-param>
      <init-param>
          <param-name>gatekeeper.root.dir</param-name>
          <param-value>${catalina.home}/alfssogatekeeper</param-value>
      </init-param>
      <init-param>
          <param-name>gatekeeper.log4j.use-repo-selector</param-name>
          <param-value>true</param-value>
      </init-param>
      <init-param>
          <param-name>gatekeeper.log4j.create-new-repo</param-name>
          <param-value>true</param-value>
      </init-param>
      <init-param>
          <param-name>gatekeeper.log4j.properties.filename</param-name>
          <param-value>${catalina.home}/alfssogatekeeper/conf/log4j.properties</param-value>
      </init-param>
   </filter>
   <filter-mapping>
      <filter-name>ALFSSOGatekeeperFilter</filter-name>
      <url-pattern>/*</url-pattern>
   </filter-mapping>
   
   <!-- ========= End of Serena SSO Gatekeeper Filter Configuration ========= -->

4. Save the web.xml file.

5. Open the following file in a text or XML editor:
   <tomcat directory>/alfssogatekeeper/conf/gatekeeper-global-core-config.xml

6. In the following sections, enter the URL to the single-sign-on server. For example, if the server is named SBM, then you would enter the following URL:
   http://SBM:8085/TokenServer/services/Trust</parameter>
   In the sections that follow, the places where you need to enter the URL are indicated by the variable SSO_URL.
   <!-- ==========================================
      End point reference for the Security Token Service (STS).
      @internal
   ======================================= -->
      <parameter name="SecurityTokenService" Type="xsd:anyURI">SSO_URL
   <!-- =============================================
      End point reference for Security Token Service (STS) endpoint.
      @external
   =================================================-->
      <parameter name="SecurityTokenServiceExternal" Type="xsd:anyURI">SSO_URL
   <!-- ======================================
      Federation server (AKA, the ALF Login UI) entry point. This is an URL that is passed to the user browser and consumed
      via HTTP 302 redirect (by default configuration). Be mindful how the user is seeing this.
      @external
   ========================================-->
      <parameter name="FederationServerURL" Type="xsd:anyURI">SSO_URL

7. Save the gatekeeper-global-core-config.xml file.

8. On the Serena Dashboard server, open the following file in a text or XML editor:
   <tomcat directory>/alfssogatekeeper/conf/gatekeeper-services-config.xml

9. Add the following line to the the <GatekeeperProtextionControl> section:
   <URIMatcher requestURI=”/dashboard/*” />

10. Add the following line to the <ServiceEntryPointes><BrowserRequests> section:
    <URIMatcher requestURI=”/dashboard/*” />

11. Save the gatekeep-services-config.xml file.

12. Restart the tomcat service.

13. Open a supported browser and enter the URL for Serena Dashboard:
    http://<servername>:<port>/dashboard/login
    For example, if the server name is dashboard and the port number is the default of 8080, enter:
    http://dashboard:8080/dashboard/login
    You should be prompted for a valid SSO login account. Provide valid SSO login credentials.

14. On the Serena Dashboard login screen, log in to Dashboard as the default admin user. The user name is "admin" and the default password is "serena".

15. Select Users from the Administration view.

16. Ensure that at least one user with a valid SSO login has administrative rights. If necessary, add a new user corresponding to an SSO user account, and grant that user administrator rights. The login name must exactly match the SSO account name.

17. Select Login Options from the Administration view.

18. Under Validate user access with, select Serena Single Sign-On.

19. Click OK.

20. Log out of Serena Dashboard and quit the browser.

21. Reopen the browser and open the Serena Dashboard URL. When prompted to log in, enter a valid Serena Single Sign-On account. If the configuration is successful, you are logged into Serena Dashboard without having to enter additional Dashboard user credentials.