SSO integration with security.manager

If you already use a user administration via security.manager and the users should also be used for monitoring, the monitoring application can be integrated (SSO for the users).

The section below describes all properties that are relevant for integration with security.manager:

Configuration settings for service.monitor operation with security.manager user management

security.mode=ONLY_AUTHN
#
# --- ONLY_AUTHN / SSO configuration ---
#
# The name of the domain cookie. This value has to correspond to the settings in security.manager.
security.sso.cookie.name=ct_SSO
# The domain of the domain cookie. This value has to correspond to the settings in security.manager.
security.sso.cookie.domain=
security.sso.support.nonmatchinghosts=true
# URL to the SSO session service of security.manager
security.sso.service.url=http://localhost:8080/administration/resources/ssosessions
# URL des WAS Dienstes des security.manager
security.was.service.url=http://localhost:8080/administration/WAS
# The URL to the login page of security.manager. The client is redirected to this URL if she is currently not authenticated.
security.app.url=https://<HOST>/administration/administration
# An additional postfix to be added when IWA is used and sec.man runs in hybrid mode
security.remoteuser.postfix=
#
# The key store where the private key of the application is defined.
security.keystore.location=<PFAD_DATA_DIR>/.keystore
# The key store password
security.keystore.passwd=changeit
# The alias name of the private key
security.keystore.key.alias=ct-security
# The password for the private key
security.keystore.key.passwd=changeit

The property security.mode determines the change from internal authentication to integration with security.manager. All the following parameters can be found in the current installation of security.manager. This applies to the parameter values of the Java keystore and the settings for the SSO domain cookie.

The values for security.was.service.url and security.sso.service.url are only used by the server and can therefore be defined with internal host names and port specifications if necessary. The value for the security.app.url is defined as a user would see it in the browser.

Role assignment

Please make sure that the roles mon_Administrator or mon_Redakteur are assigned to those users who should be able to use service.monitor. In most use cases mon_Redakteur provides sufficient user rights.