Creating Links for Single Sign-On
Single sign-on is the ability for a user to log into one application and then use other applications without having to log into each one separately. My webMethods Server supports single sign-on through the Security Assertion Markup Language (SAML), an XML-based framework for the exchange of security information.
To take advantage of single sign-on, a user must be known on both the source server and the target entity. In most cases, common knowledge of a user is provided by use of the same directory service. For more information on configuring a server to be used as a target for single sign-on, see
Configuring
My webMethods Server Single Sign-On.
On any page, you can add a link to a SAML target entity, such as a server. If the target accepts SAML assertions from the source server, when a known user clicks the link, no login credentials are required. If the target entity does not accept SAML assertions from the source server, or if the user is not known on the target entity, login credentials may be required.
Under the SAML specification, an intermediary called an artifact receiver can perform authentication on behalf of the target web application. In such a case, the SAML source requires two URLs: one for the Artifact Receiver and one for the target web application.
You can place one or more SAML links on any page you have permission to edit.
To create a SAML link on a source page
1. In the upper right-hand corner of the page, click , and then Edit Page. 2. In the Root list of the Available Portlets panel, click Links.
3. In the Links list of the Available Portlets panel, drag the Single Sign-on Link portlet and drop it onto the page at the location where you want to add the link.
A red box appears beneath the cursor location whenever the cursor is over a valid page location, indicating where the portlet would be positioned if you released the mouse button.
4. On the left side of the page control area, click Save.
5. At the right edge of the title bar for the single sign-on portlet, click , and then Properties. 6. In the Properties specify:
The following table lists the properties that you specify to configure the Single Sign-On Link portlet:
Property | Description |
Name | Replace Single Sign-on Link with the text that is to go with the link. |
SAML Authentication URL | Type the URL for a resource on the target computer. The target can be any page on a server. If you are connecting to a web application through a SAML Artifact Receiver, use this field for the Artifact Receiver URL. |
Use POST or GET | Determines the method used to pass data to the target computer. |
POST | Passes data to a gateway program’s STDIN. POST, the default, is the preferred method for single sign-on data. |
GET | Passes data as a string appended to the URL after a question mark. |
Artifact Parameter Name | If this is a SAML connection with another server or other webMethods product, do not change the default value SAMLart. If this is a SAML connection to a third-party source, type the artifact parameter name used by the third-party application. |
Application Target URL | If you have typed the URL for a SAML Artifact Receiver in the SAML Authentication URL field, type the URL for a web application. Otherwise, leave this field empty. |
7. Click Apply.