Configure Single sign-on (SSO)

Not usable on replica nodes.

Authentication

If you want to enable Single sign-on (SSO) support, you have to:

  • To configure the deployment to accept Single sign-on authentication, modify the file conf/platform.properties.

    platform.properties
    com.systar.photon.application.auth.ssoMode=strict
    Parameter value Description
    off SSO is disabled, the login screen is always displayed.
    permissive SSO is activated, but if no SSO information is present in the request, the login screen is displayed.
    strict SSO is activated, but if no SSO information is present in the request, an error page is displayed.
  • Add a Single sign-on agent into the lib/plugins directory. This agent must be a JAR file implementing an OSGi bundle, with a J2EE filter providing the authentication information. To learn more about SSO agent development, read Develop a SSO agent.

Authorization

If you want to enable or disable Single sign-on (SSO) role provisioning, modify the file conf/platform.properties.

platform.properties
com.systar.photon.application.auth.ssoRoleProvisioning=true
Parameter value Description
true Default value. SSO provides the user roles. Modifying SSO user roles through the deployment is forbidden.
false SSO does NOT provide any user role. SSO user roles are managed through the deployment.

Customizations

Authentication error page

If you want to use a custom error page when the ssoMode is set to strict, modify the conf/platform.properties file to specify the URL of the page to use. 

platform.properties
com.systar.photon.application.auth.ssoErrorPageUrl=https://sso.central.mybank.com/login

Logout landing page

If you want to use a custom logout page, modify the file conf/platform.properties to specify the URL of the page to use.

platform.properties
com.systar.photon.application.auth.ssoDisconnectedPageUrl=https://sso.central.mybank.com/logout

Hide logout button

When SSO is enabled, you can choose to hide the logout button.

In strict mode, the button is hidden for all users. In permissive mode, the button is hidden only for users logged via SSO.

To hide the logout button, add the following line to the conf/platform.properties file:

platform.properties
com.systar.photon.application.auth.ssoLogoutDisabled=true

Related Links