PTC Arbortext Content Delivery Customization > Customizing the Login Page for PTC Arbortext Content Delivery > Configuring Authentication in PTC Arbortext Content Delivery > Customizing the Authorization Filter for SSO in PTC Arbortext Content Delivery
  
Customizing the Authorization Filter for SSO in PTC Arbortext Content Delivery
PTC Arbortext Content Delivery provides the capability to ensure that the user authorization for a single sign-on (SSO) setup is successful. You can use a third-party SSO authentication system to work with PTC Arbortext Content Delivery. After the SSO system authenticates a user, the system adds either a header variable or the session cookie to the initial user request for further access to PTC Arbortext Content Delivery. The header variable or the session cookie contains the user’s identifier.
* 
It is assumed that you have set up an SSO gateway (such as SiteMinder, OpenAM) in front of PTC Arbortext Content Delivery to intercept all the traffic and perform authentication. After this SSO gateway allows the traffic through, PTC Arbortext Content Delivery verifies through this custom filter the existence of the user in the system. This section describes how to author this custom filter.
In PTC Arbortext Content Delivery, a custom authorization filter reads the user identifier from the header variable or the session cookie to check if the user exists in the system. The custom authorization filter must extend the wt.httpgw.filter.AbstractRemoteUserFilter filter and implement the getRemoteUser method. The getRemoteUser method retrieves the user name from the header variable or the session cookie of the user request and returns the user name to PTC Arbortext Content Delivery for further authorization. The following example shows a sample custom filter that extends the wt.httpgw.filter.AbstractRemoteUserFilter filter: