SSO Configuration (baja-SSOConfiguration)
This component is a frozen slot on the AuthenticationService, used to configure Single Sign On (SSO) properties for the station. These properties allow you to enable different aspects of SSO functionality such as whether or not to automatically attempt single sign on when users log on to the station. This component is located in the baja palette.
Single Sign On is a method of controlling access to multiple related, but independent software systems. With SSO, a user logs in once and gains access to all networked systems without being prompted to log in again at each of them. Centrally managed credentials eliminate the opportunity for errors and using one point of authentication makes authentication less complicated and more secure.
To access, expand and double-click SSO Configuration.
| Property | Value | Description |
|---|---|---|
| Auto Attempt Single Sign On | true or false (default) | When set to true, SSO is automatically
attempted when logging you into the station. That is unless the user
specifically visits the login or prelogin pages. Typically, when there
is just one SSO scheme available you would set auto-SSO to true. In order to set this to true, there must be exactly
one SSO scheme available. When multiple SSO schemes are present in the station this setting is automatically false and read only. |
| Ignore Auto SSO If User Cookie Present | true (default) or false | When set to true, the presence of the niagara_userid cookie causes the user to always be
redirected to the login screen, instead of automatically attempting
SSO. When set to false, this has no effect. This is useful if you have certain users who need to login as station users rather than SSO users, such as admin users. |
| Display SSO Schemes On Login Page | true (default) or false | When set to true, a separate login button
for each SSO authentication scheme in the station displays on the
login page as well as on the prelogin page. Users logging in select
a scheme by clicking one of those buttons. When using multiple SSO schemes, it is a good idea to configure the Login Button Text for each with a meaninful label. For example, OpenAM SSO Login. |
| Remember My Choice Domain | text string, null (default) | If no value in this field, logging in with SSO sets a cookie
for that domain (i.e. controller1.myDomain.com) on that station only. If a domain name is entered in the field the effect is that a user only has to login to one station to set a cookie for that domain on all networked stations. For example, if stations all follow the pattern controller1.myDomain.com, controller2.myDomain.com, etc..., entering myDomain.com will cause a cookie for this domain to be set on all of the stations. This is especially useful in an environment where Auto Attempt Single Sign On is set to false. |