Related Tips & Info
Wikis - Page

Best Practice: Access your SSO Server with SSO URL Override through IIS port 443

David Goodale
 
0 Likes

It is best practice to the describe environment setup in Configurator > Component Servers tab.  To this end, we use the Beyond Firewall checkbox to describe the URL used in the web browser to get to the SBM server.  Given optimum circumstances, Single Sign On (SSO) server URLs will be automatically defined.  The following is an example of the setup. 

  • The SBM name is myhost.internaldomain.com.
  • The user types the following DNS in the web browser:  SBM.contoso.com.
  • Use IIS for all connections is set to make communication to SBM Tomcat go through the IIS port not the SBM Tomcat port because Tomcat HTTP ports are not open.
  • Configurator > Component Servers will set the Host to myhost.internaldomain.com, check Beyond Firewall, set the External host on the Firewall tab to SBM.contoso.com.
  • To really streamline the setup, we can set Use IIS for all connections so that all SBM Tomcat communication happens via IIS ports.

The SBM browser tries to access the SBM Single Sign On (SSO) Login Server at the specified settings for the Tomcat server port or hostname set in Configurator.  We can override SSO URLs in Configurator, and these SSO URLs can always be reached via the IIS ports even if the SSO server is on a different server.

  1. Go to Security > Secure SSO 
  2. Override the Security Token Service External and Federation Server URLs to use user facing values: the DNS alias and the IIS port.
  3. Override the Security Token Service (STS) and Application Engine web services to use a URL accessible from the server.  In this case, the STS can get to SBM Tomcat server directly if the port is open or via the IIS server.
  4. For multi-server environments, SSO URL overrides are server specific.  This means that the overrides need to be made on each component server as appropriate. The overrides for each server will appear in the configuration database.

Tags:

Labels:

How To-Best Practice
Support Tips/Knowledge Docs
Comment List
Related
Recommended

Resources

Support
Documentation
Learning Services
Partner Programs
Privacy
Compliance
Help
Company
Privacy Policy
Terms of Use
Cookies Preferences
Accessibility
Anti-Slavery Statement
Support
Contact Us
Careers
Code of Business Conduct and Ethics
The opinions expressed above are the personal opinions of the authors, not of OpenText. By using this site, you accept the Terms of Use. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.), Hewlett Packard Enterprise Company, or Micro Focus. As of January 31, 2023, the Material is now offered by OpenText, a separately owned and operated company. Any reference to the HP, Hewlett Packard Enterprise/HPE, and Micro Focus marks is historical in nature and the HP, Hewlett Packard Enterprise/HPE, and Micro Focus marks are the property of their respective owners.