How to Configure Service Catalog for NTLM (SSO)?

Document ID : KB000054065
Last Modified Date : 14/02/2018
Show Technical Document Details

Description:

This technical document outlines the procedure to configure Service Catalog for NTLM (single sign-on).

Solution:

In order to configure Catalog and Tomcat for NTLM:

  1. Confirm the EEM server has joined the appropriate Windows domain.

  2. Confirm the appropriate users exist in the active directory as well as in Service Catalog.

  3. Confirm Inernet Explorer Enhanced Security Configuration is not checked within Add/Remove Windows Components.

    Figure 1

  4. Change any shortcuts to utilize http://<hostname>:<port> instead of http://<hostname>:<port>/usm/wpf

  5. On each View server, edit %USM_HOME%\view\webapps\ROOT\index.html

    Figure 2

  6. Edit %USM_HOME%\view\webapps\usm\WEB-INF\web.xml
    <!-- USM NtlmAuthFilter  --> <!--  Uncomment <filter>  <filter-name>NtlmAuthFilter</filter-name>  <filter-class>com.ca.usm.httpfilter.NtlmAuthenticationFilter</filter-class>  <init-param>   <param-name>eiamBackendHost</param-name>   <param-value>lod0026</param-value>  </init-param>  <init-param>   <param-name>eiamApplication</param-name>   <param-value>Service Delivery</param-value>  </init-param>  <init-param>   <param-name>eiamCertFile</param-name>   <param-value>C:/Program Files/CA/Unicenter Service Delivery/USMcertfile.p12</param-value>  </init-param>  <init-param>   <param-name>eiamMaskedPassword</param-name>   <param-value>BQ5waHJzXjgJHAUDeGMBCgYAfQV9JhUOZ3FzcBYYM3VTAFIVDndXZnt0JBc=</param-value>  </init-param>  <init-param>   <param-name>bypassNodes</param-name>   <param-value>icguinode.login,icguinode.logout,iclaunchpad.launch,   icguinode.changepwdlockout,icguinode.lockout</param-value>  </init-param>  <init-param>   <param-name>failbackLoginPage</param-name>   <param-value>wpf?Node=icguinode.login</param-value>  </init-param>  <init-param>   <param-name>defaultLaunchNode</param-name>   <param-value>iclaunchpad.launch</param-value>  </init-param> </filter> -->  Uncomment  <!-- USM NtlmAuthFilter - mapping --> <!-- Uncomment <filter-mapping>  <filter-name>NtlmAuthFilter</filter-name>  <url-pattern>/wpf/*</url-pattern> </filter-mapping> <filter-mapping>  <filter-name>NtlmAuthFilter</filter-name>  <url-pattern>/uslm/*</url-pattern> </filter-mapping> <filter-mapping>  <filter-name>NtlmAuthFilter</filter-name>  <url-pattern>/assure/*</url-pattern> </filter-mapping> <filter-mapping>  <filter-name>NtlmAuthFilter</filter-name>  <url-pattern>/documents/*</url-pattern> </filter-mapping> -->  Uncomment
  7. Recycle Unicenter Service View service.