Configuring PPM for LW-SSO

Caution: Before you start to configure PPM for LW-SSO, make sure that you first read LW-SSO Security Warnings.

  1. Add the parameters described in the following table to the server.conf file and assign values to each.

    Parameter

    Description

    ENABLE_LW_SSO_UI

    Use to enable the LW-SSO user interface. Set this parameter to true.

    LW_SSO_DOMAIN

    Use to specify the LW-SSO domain.

    Example: xyz.com

    LW_SSO_INIT_STRING

    Use to specify the value of the initString parameter

    For information about the initString parameter, see LW-SSO Security Warnings.

    LW_SSO_EXPIRATION_PERIOD

    The token for validating user logon has an expiration value that determines an application's session validity. Use this parameter to specify the LW-SSO token expiration period in minutes.

    Configure a token expiration for each application that uses LW-SSO. We recommend that you set the value to 60 (minutes).

    Note: The expiration value must be at least as high as that of the application session expiration value.

    LW_SSO_TRUSTED_DOMAIN

    Use to specify one or more LW-SSO trusted domains. To separate multiple domains, use semicolons (;).

    Example: xyz.come;abc.net

    LW_SSO_CLEAR_COOKIE

    Use to specify that PPM must clear the LW-SSO token when a user logs out of PPM.

    Note: For security purposes, we recommend that you always keep this parameter set to true.

    ENABLE_LW_SSO_WEB_ SERVICE

    For integration of PPM Tasks with Service Manager RFCs only.

    To specify that PPM always uses the current user to call Service Manager Web service, set to true.

    Default: false

  2. Run kUpdateHtml.sh.

  3. Stop, and then restart the PPM Servers.