Alex,
for SSO either if not supported by CA this is possible to use the native ntlm setup of liferay itself.:)
depending of your environment you will have to trick/extend the NtlmFilter.class and NtlmPostFilter.class to remove limitations around supported browser.
(I can provide already modified class upon demand for those that don't know howto modify those)
This perform SSO and transparent logon outside of EEM or SiteMinder smoothly
1/ Configure the NTLM properties in the liferay console
2/ Edit the \OSOP\portal-ext.properties: and set NTLM filter to true:
com.liferay.portal.servlet.filters.sso.ntlm.NtlmFilter=true
com.liferay.portal.servlet.filters.sso.ntlm.NtlmPostFilter=true
set the autologin hook:
auto.login.hooks=com.liferay.portal.security.auth.NtlmAutoLogin
add the ntlm properties at the end of the files;
Add ntlm properties:
ntlm.auth.enabled=true <set to true to enable ntlm auth>
ntlm.auth.domain=<set the domain that you need to connect to>
ntlm.auth.domain.controller=<comma separated list of DC IP address for that domain>
ntlm.auth.domain.controller.name=<hostname of the domain controller>
ntlm.auth.service.account=<computer account for that domain>
ntlm.auth.service.password= <password of the computer account>
For SSO to work you need to access specific URL constructed as below to be the landing page of your users after your root:
https://<your root url>/c/portal/login
(Tips: add c/portal/login as home URL in portal settings =>general so you users don't have to care of it )
this can be combine with ldap and EEM for full setup (contact import and SSO fail down)
As usual customization not supported by CA
Hope this help
/J