Install an SSO server and smart card

SSO and smart card limitations and requirements

  • The only smart card client reader supported is the Common Access Card (CAC), a United States Department of Defense (DoD) smart card issued as standard identification for logging in to DoD hosted software.

  • Installing or configuring an SSO server requires specific Light Directory Access Protocol (LDAP) parameters. For details, see SSO authentication prerequisites.

  • See the SSO and smart card prerequisites in Single sign-on prerequisites‌‌.

Install SSO and smart card‌

  1. Run the server installer. Read and accept the license agreement.

  2. Select Modify to add features to an existing CM installation.

  3. Select these installation options:

    • Single Sign On

    • (Optional) Smart Card Setup

  4. Select an SSO server installation option:

    • New: Install a new SSO server.

    • Existing: Configure a connection to an existing SSO server, for example, Solutions Business Manager (SBM).

  5. Do one of the following:

    • Existing SSO server:Specify the SSO server’s host name and port. Optionally select a secure HTTPS connection.

    • New SSO server without smart card:

      To configure LDAP details for user credentials, enter parameters for Hostname, Port, Base DN, Search Filter, Bind User DN, and Password.

      Defaults:

      • Port: 389

      • Search Filter: (&(objectClass=user)(sAMAccountName={0}))

      For information about server SSO and smart card parameters, see Single sign-on prerequisites‌‌.

    • New SSO server with smart card:

      • To configure the LDAP connection for authenticating smart cards, enter parameters for Hostname, Port, Bind User DN, and Password.

        Default port: 389

      • To configure LDAP details for user credentials, enter parameters for Hostname, Port, Base DN, Search Filter, Bind User DN, and Password.

        Search Filter default: (&(objectClass=user)(sAMAccountName={0})).

        For information about server SSO and smart card parameters, see Single sign-on prerequisites‌‌.

  6. Click Install. When the installation is complete, click Finish.

  7. Manually configure the smart card trusted certificate authorities. For details, see Configure trusted certificate authorities.

Fix demo certificate mismatches

Note: Only applicable if you are using demo certificates.

Upgrading an 12.x server (without SSO) to the latest 14.x version and then enabling SSO with the demo certificates causes a mismatch of the jks and pem files. You need to manually restore the certificates on the latest server version, and restart Tomcat:

  1. Stop the Tomcat service.

  2. Rename this file: 

    ..\common\tomcat\<tomcatversion>\
  alfssogatekeeper\conf\truststore.jks

    Replace it with a file called truststore.jks.14.x.x in the same folder, where 14.x.x is the upgraded OpenText Dimensions CM version.

  3. Rename this file: 

    c:\Program Files\OpenText\Dimensions
<version>\cm\dfs\sts.pem

    Replace it with a file called sts.pem.14.x.x in the same folder, where 14.x.x is the upgraded OpenText Dimensions CM version.

  4. Restart the Tomcat service.