Appendix E - Implementing Spectrum Single Sign-on (SSO)
Spectrum Spatial Analyst now provides single sign-on (SSO) leveraging the Spectrum™ Technology Platform SSO implementation and Active Directory Federation Services (AD FS). SSO allows logged-in users to access Spectrum Spatial Analyst and Spectrum™ Technology Platform Web-based services with one set of credentials. AD FS allows the sharing of trusted party information, seamlessly, using cookie-based authentication.
For more information refer to Implementing Spectrum Single Sign-on (SSO) section in Spectrum™ Technology Platform administration.
Configuration assumptions and SSO deployment checks
The system administrator must complete the following tasks before enabling SSO in SSA and make the necessary security changes.
- the deployment of the ADFS server
- SSO configuration in Spectrum™ Technology Platform
Server configuration for SSO support
Pre-requisites
- HTTPS communication configuration between SSA and Spectrum spatial, and
- Configuration of HTTPS communication with SSA
Set Analyst Login URL
You need to configure the SSO login URL for Analyst in the following file using a text editor -
<serverinstallationlocation>customerconfigurations/_global_/controller.properties
Please amend the entry for the sso.start.url
as follows:
sso.start.url=#ognl("@spectrum_server/sso-integration/?externalapp=y&relaystate="
+requestAttributes["original_request_uri"]
+"/security-check?TargetResource="
+urlEncode(requestAttributes["original_request_uri"])
+insertLocale("&"))
slo.start.url
should be left unchanged.Enabling Guest access
If you wish to enable guest access, ensure that you have completed the configuration - Adding a Guest Role and User for Guest Access
Managing Idle Session timeout
Managing and mapping roles