We have currently enabled LDAP for our on-premise clarity instance and it is working fine. Now we would like to implement SSO for clarity and I need your expert advice on the same.
Can we implement Clarity SSO with Active Directory Federation Services ? If Yes, can anyone has any guidelines for me to start with.
Can we implement Clarity SSO with Kerbos Authentication at Tomcat side?
Any Help will be greatly appreciated.
Thanks in advance,
you might find this useful..
We are on premise customer on Clarity 13.3 patch 5 and use LDAP protocol with Active Directory and have implemented SSO and SSL within single Clarity application server environment for our Dev environment, with plans to migrate to UAT and eventually production in near future. For Dev environment, Clarity runs on Apache Tomcat server on Linux platform. We installed additional Apache server instance on same server, which connects to Clarity SiteMinder. From SiteMinder, please use provided CA guide to build realms and rules accordingly. You will need someone on your team familiar with SiteMinder system and knowledgeable on install and configuration. Pay attention to page 29 of the guide for proxy and reverse proxy redirects. We required assistance from CA to fully get the configuration correct. Our Dev environment is also setup with custom SiteMinder login page, as well as having SSL certificate installed on F5 server at this time to have application be https enabled.
Hope this helps.
Thanks for the information Allen. But the organization is not ready to invest on new Single Sign on Server as we already have Active Directory Federation Services as SSO server for other enterprise applications so we would like to know if clarity is feasible to integrate with ADFS if not we would like to know if there is any other way to get SSO running without have to invest in another SSO server only for the sake of clarity.So I am exploring these options.
Suggest you contact CA Support to engage CA Clarity engineering team regarding your specific integration requirement. CA PPM Release notes only indicate SiteMinder product as SSO supported platform.
It is possible to get Clarity to work with SSO software other than CA Siteminder. I am aware of several customers who have done this successfully. Most customers use CA Services to help with this type of integration. However, I am aware of 1 or 2 customers who have accomplished this successfully on their own.
There is one thing you should be aware of before you choose to do an integration with an SSO product that is not listed in our Compatibility list. CA Clarity support cannot assist you with any problems that are caused by your integration with a product other than what is listed in our compatibilities section (in this case SiteMinder). What this means is:
- Your settings may not be exactly what is described in the CA Siteminder Green paper that am1 suggested you look at. If the standard settings do not work for you, support will not be able to help you with determining the correct settings.
- If you have a problem that support believes may be caused by your SSO integration, they may ask you to demonstrate whether or not the problem occurs on a non-sso instance of Clarity. So, I strongly suggest that you maintain a non-sso instance of Clarity for trouble-shooting purposes. (Actually I recommend this for customers who use SiteMinder as well. But this is essential for anyone using an integration with any other SSO product).
- If you do have a problem that turns out to be caused by your SSO integration, we will still give you best effort assistance. This means that if it is a known issue with Siteminder or we can replicate the problem in a vanilla environment with Siteminder, we can still support you. But if it can't be, we will refer you back to your own IT team or your SSO vendor for assistance.
Finally, if you decide to move forward with this integration either on your own or with the assistance of Services, please use the SiteMinder Green Paper as a guide to how your system should be set up. You ensure that you set up equivalent settings on your SSO/Clarity environment for everything mentioned in that guide. Pay particular attention to which urls should and should nott be protected.
I hope you find this information useful.
Senior Support Engineer - Clarity
CA Technologies, Inc.
Thanks a lot Jeanne. This definitely helps us to proceed further in a right direction.
Did you implement Clarity SSO with ADFS ?
We have same requirement now, Currently Clarity application is SSO enabled and using SSO Vendor but now we are moving out to internally hosted ADFS server for authentication.
Please let us know if this is implemented, how did you implement whether you took clarity support engineer help or on yourself.
Appreciate if you could send any instructions or any information/documents that you have for this Clarity SSO integration with ADFS.