Single Sign On and Content Web Services Update

impersonation, single sign on, sso, Uncategorized 2 Minutes

Update 04/28/2016

Pre- Requisites– Livelink 10/10.5/16  Server configured for Single Sign On using IWA . This is for users/companies who allow REMOTE_USER to trickle into livelink. If you have configured your livelink to use OTDS or simply said if OTDS is actually responsible for providing the Authentication then this post does not address that.In CWS which involves a OTDS server you are sourcing your authentication(read a different WSDL than the livelink authentication WSDL) from that.The theory there is your wsapi computer or client will pass your kerberos authentication and OTDS will vet that with AD/DC and pass it back. This OTDS ticket is now usable in your code.

 

Sample Setup on the WSAPI WEBSERVER

  1. Copy the webservices from OpenText  to a folder in the IIS server.For ease we assume your livelink server is on the same host and knows how to handle REMOTE_USER.If you want to run your livelink on another server edit the Web.Config to give it the real server name and port.I doubt if my setup can span computers never tested it that way.
  2. Configure an application that looks like the screen capsso setup
  3. Make sure it has IWA turned onsso1and make sure Extended Protection is OFF
  4. If not already done create a logs directory that is at the same level as \bin and manage its permissions correctly.This can also be done by doing a setspn which is really an advanced topic.The intent is when the client code hits this WSDL the application pool identity will transfer your remote_user and windows will do all that mumbo_jumbo.windows acl
  5. Edit the Web.Config carefully after making a copy .I am showing you changes highlighted for Authentication,DocumentManagement& ContentService.The file is rife with several possibilities so start with these 3 and mature into SSL and others Web.Config
  6. Give the WSDL a whirl .If it cant create a service or the green lines it is not a fault of OT.This is all windows WCF configuration.Check Microsoft sites or google for your errors.Things I check is that if all is successful the logs directory will show windows logs
  7. If the WSDL can now be put into a real source code file and you get errors in your client file the log files will indicate the errors coming from livelink. Note if you were using code form anonymous livelink/wsapi  you need to rebuild the source after updating the wsdl’scode
  8. The above were tested on a CS10 with oscript directory services and patches for SSO. I wrote a client WS which uses windows authentication and gave it to our app dev team.

If you have the chance to code in this you will be very pleased

Advertisement

Published by appukili

Oscripter and Livelink aficionado

Published

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.