Customizing the Authorization Filter for SSO in Servigistics InService
Servigistics InService provides the capability to ensure that the user authorization for a single sign-on (SSO) setup is successful. You can use a third-party SSO authentication system to work with Servigistics InService. After the SSO system authenticates a user, the system adds either a header variable or the session cookie to the initial user request for further access to Servigistics InService. The header variable or the session cookie contains the user’s identifier.
|
|
It is assumed that you have set up an SSO gateway (such as SiteMinder, OpenAM) in front of Servigistics InService to intercept all the traffic and perform authentication. After this SSO gateway allows the traffic through, Servigistics InService verifies through this custom filter the existence of the user in the system. This section describes how to author this custom filter.
|
In Servigistics InService, a custom authorization filter reads the user identifier from the header variable or the session cookie to check if the user exists in the system. The custom authorization filter must extend the wt.httpgw.filter.AbstractRemoteUserFilter filter and implement the getRemoteUser method. The getRemoteUser method retrieves the user name from the header variable or the session cookie of the user request and returns the user name to Servigistics InService for further authorization. The following example shows a sample custom filter that extends the wt.httpgw.filter.AbstractRemoteUserFilter filter:
