Single Sign-On configuration

Implement a Single Sign-On (SSO) solution to use external authentication providers such as SiteMinder.

Note: By default, Siteminder’s Web agent configuration provides restrictions for characters in URL and URL query parts. To support REST over SiteMinder, these options must be modified.

This allows the OpenText Application Quality Management user to authenticate once through the external authentication point without any need to provide credentials again until the end of the user session.

The typical SSO server controls the user's access to various organizational resources, protecting confidential personal and business information from unauthorized users.

For details, see your SSO vendor's documentation.

Configure your SSO server to secure the following ALM resources:

  • /qcbin/*

  • /loadtest/* (for OpenText Enterprise Performance Engineering)

    Note: Ensure that your authentication scheme supports non-browser clients. Otherwise, OTA integrations and add-ins will not work in an SSO environment.

Before configuring external authentication in ALM, ensure that the SSO log in process works. Ensure that you can pass SSO authentication before the ALM home page opens. If SSO is not working, work with your SSO administrator.

Note:  

  • It is recommended to use SSL with SSO. If SSL is not enabled, the SSO cookie is vulnerable to being intercepted.
  • The SSO cookie must be HTTP-only.When it is set as a regular cookie, it is vulnerable to XSS attacks.

If the same LDAP settings were defined in OpenText Application Quality Management and in SSO, you can authenticate through both the SSO and ALM login screens using the same credentials. If not, verify that the LDAP settings in OpenText Application Quality Management match those used by SSO.

ALM requires the SSO vendor to pass the authenticated user name as a header on the HTTP request. Configure the header name and pattern in Site Administration. For details, refer to Configure Site Administration.

Note: There are no special processing considerations when configuring Apache or IIS for SSO. If you are using an older version of SiteMinder (prior to version 12.5), you must use Apache as the web server.