Clarity: SSO integration, XOG and Scheduler considerations

Document ID : KB000051304
Last Modified Date : 14/02/2018
Show Technical Document Details

Description:

XOG and Schedule Connect (used for both MSP and Open Workbench integration) were not originally designed to work with SSO-enabled Clarity applications. Special considerations must be taken for these applications to successfully interact with Clarity when Single Sign-on is enabled in Clarity. Prior to Clarity 8.1.2, a separate non-SSO enabled application instance was required to be set up in order for XOG and the schedulers to work with Clarity.

Solution:

In Clarity 8.1.2 and higher, the separate non-SSO instance is no longer required, but the Scheduler Entry URL in the NSA must be set so that the schedulers bypass the SSO web agent when they make requests. XOG and ScheduleConnect will not present the SSO token with their requests, so all attempts for XOG/ScheduleConnect to interact with Clarity through the SSO-enabled web server will fail. All XOG activity should use the Scheduler Entry URL so that the XOG authentication succeeds.

The correct configuration is to set the Scheduler Entry URL to the direct port that the application server (Tomcat, Weblogic, Wepshere) instance is running on so that the request from XOG/ScheduleConnect is not intercepted by the SSO web agent. In a clustered environment, the Scheduler Entry URL can be set to a load balancer pool that contains the direct application server instance ports so that the requests bypass the SSO web agent.

Example #1, clustered environment:

Clarity Web URL (load balanced web URL into the SSO-enabled webserver ports)

http://myclaritycluster.mycompany.com:80

Clarity Webserver URLs , SSO-enabled with web agent

http://myclaritywebserver01.mycompany.com:8000
http://myclaritywebserver02.mycompany.com:8000
http://myclaritywebserver03.mycompany.com:8000

Clarity Scheduler URL (load balanced URL directly to the application instance ports)

http://myclarityschedulers.mycompany.com:80

Clarity Application instance URLs (tomcat, websphere or weblogic):

http://myclarityappserver01.mycompany.com:9080
http://myclarityappserver02.mycompany.com:9080
http://myclarityappserver03.mycompany.com:9080

NSA Application Settings:

HTTP Entry URL: http://myclaritycluster.mycompany.com/
Scheduler Entry URL: http://myclarityschedulers.mycompany.com/

Example #2, single server environment:

Clarity Web URL:

http://myclarityserver.mycompany.com/

Clarity Application instance URL:

http://myclarityserver.mycompany.com:9080/

NSA Application Settings:

HTTP Entry URL: http://myclarityserver.mycompany.com/
Scheduler Entry URL: http://myclarityserver.mycompany.com:9080/

Keywords: CLARITYKB, XML Open Gateway, properties, NSA, configuration, client.