Previous Topic

Book Contents

Book Index

Next Topic
SSO Configuration of Valuemation with WAFFLE servlet filter

Complete the following steps to configure the Valuemation SSO with WAFFLE servlet filter.

Note: The following example concerns the Tomcat web server on Window only!

Prerequisities

  • Domain users must exists in Valuemation otherwise the mapping must be defined.

Configuration steps

  1. Download the Waffle binaries.

    Please see the 'download version…' link from the Github website.

  2. Unpack the 'waffle.zip' file.
  3. Copy the required libraries into the Tomcat lib folder.

    Please see also the following page at the Github website.

  4. Unpack (deploy) the 'vmweb.war' file on Tomcat.
  5. Enable the Waffle SSO filter in the Valuemation 'web.xml' file (uncomment the ‘SecurityFilter’ filter definition).

    <filter>

    <filter-name>SecurityFilter</filter-name>

    <filter-class>waffle.servlet.NegotiateSecurityFilter</filter-class>

    <init-param>

    <param-name>waffle.servlet.spi.NegotiateSecurityFilterProvider/protocols</param-name>

    <param-value>

    NTLM

    </param-value>

    </init-param>

    </filter>

    <filter-mapping>

    <filter-name>SecurityFilter</filter-name>

    <url-pattern>/vmweb/*</url-pattern>

    <url-pattern>/peconsole/*</url-pattern>

    </filter-mapping>
  6. Set the SSO mainparameters in the following way:
    • [VMWeb, VMWebSSOEnabled] = 'true'
    • [VMWeb, VMWebSSOType] = 'TrustedRemoteUserName'
    • [VMWeb, VMWebSSOUserHTTPHeaderName] = 'REMOTE_USER'
    • [VMWeb, VMWebSSOUsers] = ‘*’ (...or define the SSO user mapping.)
  7. Set AUTH_TYPE=AuthenticationManagerWEBLogon in the 'AuthenticationManager.properties' file.
  8. Start Tomcat.
  9. Open the Valuemation web page.

    If the user exists in Valuemation, he should be logged in automatically.

Out-of-domain Access

To enable users who fail with the SSO authentication to access Valuemation using the standard login dialog, it is necessary to configure the handling of the 'HTTP Error 401' error page in the following way:

  1. Define another mapping for vmweb servlet in the 'web.xml' file.

    <servlet-mapping>

    <servlet-name>vmweb</servlet-name>

    <url-pattern>/vmwebnosso</url-pattern>

    </servlet-mapping>

    Note: Do not add '/vmwebnosso' into Waffle filter URL mapping.
  2. Define the 401 error handler in the 'web.xml' file.

    <error-page>

    <error-code>401</error-code>

    <location>/401.html</location>

    </error-page>
  3. Create a simple 401.html file and put it into the <tomcat/webapps>/vmweb folder.

    The file will only make the redirection to 'vmwebnosso' URL.

    Example:

    <!DOCTYPE HTML >

    <html>

    <head>

    <meta http-equiv="refresh" content="0; url=/vmweb/vmwebnosso">

    </head>

    <body>

    redirecting to no-SSO login

    </body>

    </html>

See Also

WAFFLE on Tomcat

Setting Logging Levels for WAFFLE