6.1 Configuring Single Sign-On Through the Roles Based Provisioning Module

This solution uses the iFrame portlet of the Roles Based Provisioning Module. The iFrame portlet invokes a URL inside an iFrame control within the portlet. This allows the portlet to pass the authentication parameters from the Roles Based Provisioning Module to the Role Mapping Administrator.

6.1.1 Enabling the Roles Based Provisioning Module for Single Sign-On

  1. Log in to the Roles Based Provisioning Module as the administrator user.

  2. Select the Administration tab.

  3. In the Application Configuration tab, select Password Module Setup > Login.

  4. In the Enable SSO setting, select true.

  5. Click Save, then log out to enable single sign-on.

6.1.2 Creating a Shared Page

  1. Log in to the Roles Based Provisioning Module as the administrator user.

  2. Select the Administration tab.

  3. In the Page Admin tab, select Maintain Shared Pages.

  4. Select New under Page Actions at the bottom of this page.

  5. Fill in the following fields:

    Page Link Name: Specify the URL of the shared page that contains the iFrame in the Roles Based Provisioning Module.

    Page Name: This field is populated when you enter a value in the Page Link Name field. You can keep the prepopulated name or you can change it.

    Assign Categories: Select the categories where the shared page link is displayed in the Roles Based Provisioning Module. You can select one or more of the following options:

    • Administration

    • General

    • Information Management

    • Directory Management

    • Guest Pages

    • Password Management

    Description: (Optional) Specify a description for the new page.

  6. Click Save Page to save the new page.

6.1.3 Assigning Permissions

By default, only the administrator user can see the new page. You must assign permissions to the users before they can see the page.

  1. At the bottom of the Page Admin tab, click Assign Permissions.

  2. Search for users, groups, or containers you want to assign rights to view this page.

  3. Select the users, groups, or containers, then click the right-arrow to add them to the Current Assignments list.

  4. Click Save to save the assignments, then close the window.

6.1.4 Selecting Content

  1. At the bottom of the Page Admin tab, click Select Content.

  2. Select iFrame in the Available Content pane, then click Add.

  3. Click Content Preferences under the Selected Content pane.

  4. Click OK in the message stating something has changed on the page.

  5. Fill in the following fields:

    URL: Specify the URL to the login page for the Role Mapping Administrator.

    For example: http://dns_name:8081/IDMRMAP

    URL / Form Parameters: Specify the following three parameters in the same order as listed below:

    • login_panel_user=$PORTLET_AUTH_ID$

    • login_panel_pwd=$PORTLET_AUTH_PWD$

    • url=./com.novell.rolemap.client.ui.UI/UI.html

    Encode URL parameters: Set this parameter to True.

    Form Post?: Set this parameter to True.

    Authentication Required?: Set this parameter to True.

    Username: Specify the format of the username. This is the format that is used when a user logs into the Roles Based Provisioning Module. The three options are:

    • $(Application/login-user): Passes the exact ID that is entered in the Roles Based Provisioning Module.

    • $(User/simpleid): Only provides the CN of the user.

    • $(User/canonical): Provides the dot notation of the logged-in user.

    Password: Click Use scope path, then enter the following parameter in the Password field:

    $(Application/login-pass)

    Height and Width: Set the height and width options as required.

  6. Click Save Preferences to save these parameters.

  7. Click Save Contents to save the iFrame configuration.