User connectivitySingle sign-on resourcesSingle sign-onThird-party SSO agents or Identity Management Systems (IdPs)

Third-party SSO agents or Identity Management Systems (IdPs)

Applications can use symmetric and public key cryptography to encrypt applications used for SSO. This design is easy to set up and implement. However, it is not supported by Transact because it is not a unified solution and each site must manage the cryptographic key.

Instead, Transact supports third-party SSO agents and identity management such as OAM and SiteMinder.

Transact can be configured using following security types:

  • Transact default security using LDAP, Active Directory, and Tomcat.

  • SSO authentication with authorization done by Transact using LDAP, Active Directory, and Tomcat.

  • SSO authentication and authorization.

Configure Transact in the web.xml file.

Set the security type

In web.xml, set the authenticationType property to select the security type. It can be configured with the following values:

  • 0: Transact default security using LDAP, Active Directory, and Tomcat.

  • 1: SSO authentication with authorization done by Transact using LDAP, Active Directory, and Tomcat.

  • 2: SSO authentication and authorization.

If you configure the authenticationType parameter cited above with a value of 1 or 2, the following parameters also must be configured:

  • Configure the following parameters for the authenticationFilter filter:

    • requestUsernameHeader: Define the header name used by the SSO agent to set the user-name of authenticated user in the request. The same header name will be used by Transact to fetch the desired information from the SSO agent. (This must be used for both types of security types, that is, 1 and 2.)

    • logoutUrl: Define the logout URL where user will be redirected by Transact after the user logs out by clicking on Sign-out button in the application. The complete URL is expected for this parameter value. (This must be used for both security types 1 and 2.)

    • requestGroupnameHeader: Define the header name used by the SSO agent to set the group name which belongs to the authenticated user in the request. The same header name will be used by Transact to fetch the desired information from SSO. Only one group name is expected for this header value. (This must be used only for security type 2.)

    • requestSuperAdminHeader: Define the header name used by the SSO agent to set whether the group name belonged to the super admin role in the request. The same header name will be used by Transact to fetch the desired information from the SSO agent. The values supported for this header are true and false. (This must be used only for security type 2.)

  • All the <security-constraint> and <login-config> settings must be commented or deleted because these components are managed by the SSO agent.

If you use security type 2, you must also edit the application.properties file and check the default_group property. This setting defines a default group to be used in case the group name is not provided in the request header.

For security types 1 and 2, any realm configured for Transact must be removed.