Single Sign On prerequisites

The StarTeam Web Client uses an embedded iframe within which it hosts the Single Sign On (OSP) page.  In order to comply with modern browsers cross origin policies which limit the access of windows and frames to each other there are a number of pre-requisites for supporting Single Sign On (OSP).

1. The StarTeam Web Client war file must be deployed on the same Tomcat instance as the StarTeam server (C:\Program Files\Micro Focus\StarTeam Server 17\WebServer\webapps).
2. If migrating an existing StarTeam Web Client it is important to also copy the shared/StarTeam folder also from your existing StarTeam Web Client installation.

3. Add the following to “Built In Filter Definitions” section of the web.xml file (C:\Program Files\Micro Focus\StarTeam Server 17\WebServer\conf\) to allow same origin requests from the embedded iframe.

   <filter>

   <filter-name>httpHeaderSecurity</filter-name>

   <filter-class>org.apache.catalina.filters.HttpHeaderSecurityFilter</filter-class>

   <async-supported>true</async-supported>

   <init-param>

   <param-name>antiClickJackingEnabled</param-name>

   <param-value>true</param-value>

   </init-param>

   <init-param>

   <param-name>antiClickJackingOption</param-name>

   <param-value>SAMEORIGIN</param-value>

   </init-param>

   </filter>

   <filter-mapping>

   <filter-name>httpHeaderSecurity</filter-name>

   <url-pattern>/*</url-pattern>

   <dispatcher>REQUEST</dispatcher>

   </filter-mapping>

4. When accessing the StarTeam Web Client ensure that you use the same origin, i.e. http://<Host>:<Port> as configured in the StarTeam Server Administration Tools, OAuth2 Issuer URL setting.