Update Single Sign-On Website Settings

The Single Sign-On Configuration Tool lets you change default settings for the Single Sign-On website. For example, you can change the virtual directory for the Single Sign-On website. The virtual directory is required to use an encryption scheme for communications among CA servers.
capm360
The Single Sign-On Configuration Tool lets you change default settings for the Single Sign-On website. For example, you can change the virtual directory for the Single Sign-On website. The virtual directory is required to use an encryption scheme for communications among CA servers.
You can change other settings that affect Single Sign-On behavior when users attempt to log in. Some parameters also affect user interface behavior, such as the timeout period that logs the user out automatically in response to inactivity.
Updates to the Single Sign-On website only affect CA data source products that are running on the same server because of the distributed architecture of the software.
Follow these steps:
  1. Log in to the server where CA
    Performance Center
    or a CA data source product is installed.
    Log in as root or with the 'sudo' command.
  2. Launch the Single Sign-On Configuration Tool by running the './SsoConfig' command in the following directory:
    InstallDirectory
    /PerformanceCenter
    /opt/CA is the default installation directory.
    You are prompted to select an option. The available options correspond to CA applications running on the local server.
  3. Use the following commands as needed while you are selecting settings:
    • q (quit)
    • b (go back to the previous menu)
    • u (update)
    • r (reset)
  4. Enter 1 to configure CA
    Performance Center
    .
  5. Enter 4 for Single Sign-On.
    You are prompted to specify the priority.
    The Priority parameter only applies to CA
    Performance Center
    .
  6. Enter one of the following options:
    • 1. Remote Value
      These settings are propagated to all other CA products and data sources that are registered to this instance of CA
      Performance Center
      . This includes the Event Manager in CA
      Performance Center
      , which embeds the URL of CA
      Performance Center
      . CA
      Performance Center
      uses Remote Value settings only if a corresponding Local Override value is not present.
    • 2. Local Override
      Overrides a setting on this CA
      Performance Center
      instance, which does not propagate to other CA products and data sources (including Event Manager) registered to this instance of CA
      Performance Center
      . Local Override takes precedence over both the Remote Value and default settings.
    You are prompted to select a property to configure.
    Configure the scheme or port using Remove Value to include the correct CAPC URL in threshold event email messages.
  7. Enter one or more of the following properties. When prompted, enter u to update the value and supply a new value:
    • 1. Anonymous User Enabled
      Specifies whether the Sign-In page appears when users attempt to log in to a data source interface. A value for the Anonymous User ID parameter is required if this parameter is enabled. Users do not see the Sign-In page when they attempt to log in. They are logged in as the user associated with the Anonymous User ID parameter.
      The Localhost User Enabled parameter takes precedence when the following conditions are met:
      • The user is logging in from the Single Sign-On server.
      • The 'Localhost User Enabled' parameter and the 'Anonymous User Enabled' parameter are both enabled.
      Default
      : Disabled.
      The Anonymous User login takes precedence over Windows Authentication.
    • 2. Anonymous User ID
      Specifies the username that is used to authenticate the user automatically, bypassing the Sign-In page. This parameter is only used if the Anonymous User Enabled parameter is enabled. Select one of the following values:
      • 1
        - The username for the default administrator account (admin).
      • 2
        - The username for the default user account (user).
      • Another username that exists in the CA
        Performance Center
        database.
    • 3. Localhost User Sign-In Page Enabled
      Specifies whether the Sign-In page appears when the user is logging in from the server where Single Sign-On is installed.
      If this parameter is enabled, the Sign-In page appears, even if the user is logging in from the Single Sign-On server.
      If this parameter is disabled, the following rules apply:
      • The Localhost User Enabled parameter must be enabled.
      • The value for the Localhost User ID parameter must contain a valid product username. This value is used to log the user in to the software interface, bypassing the Sign-In page.
      Default
      : Disabled.
    • 4. Localhost User Enabled
      Specifies whether users are automatically signed in -- bypassing the Sign-In page -- when they are logging in from the Single Sign-On server. A value for the 'Localhost User ID' parameter is required if this parameter is enabled.
      • If the 'Localhost User Sign-In Page Enabled' parameter is enabled, this parameter is used in cases where the user clicks Sign In without entering a username or password. The user is then logged in to the software as the user associated with the 'Localhost User ID' parameter.
      • If the user does supply a username and password, those credentials are used for authentication.
      • If this parameter is enabled but the 'Localhost User Sign-In Page Enabled' parameter is disabled, the user bypasses the Sign-In page. The user is instead logged in to the interface using the value of the 'Localhost User ID' parameter.
      • If the user is logging in from the Single Sign-On server and both the 'Localhost User Enabled' and 'Anonymous User Enabled' parameters are enabled, the 'Localhost User Enabled' parameter takes precedence.
      Default
      : Disabled.
    • 5. Localhost User ID
      Specifies the user ID that is used to authenticate users automatically -- bypassing the Sign-In page -- when they log in to the Single Sign-On server. This parameter is used only if the 'Localhost User Enabled' parameter is enabled. Enter one of the following values:
      1
      - The username for the default administrator account (admin).
      2
      - The username for the default user account (user).
    • 6. Cookie Timeout Minutes
      Specifies the number of minutes that pass before a Single Sign-On cookie expires. Each time a user performs an action in a data source interface, the cookie timeout resets. If the timeout expires, the user is logged out and must reauthenticate.
      Default
      : 20 minutes
    • 7. Encryption Decryption Key
      Specifies the key that is used to encrypt and decrypt the Single Sign-On cookie.
    • 8. Encryption Algorithm
      Specifies the encryption algorithm that is used to encrypt and decrypt the Single Sign-On cookie. Supply either DES or AES for the value.
      For FIPS-compliant encryption, use AES encryption.
      CA Application Delivery Analysis
      ,
      CA Network Flow Analysis
      , and
      CA Unified Communications Monitor
      do not support AES encryption. For more information, see FIPS-Compliant Encryption.
      CA Performance Management
      is not fully FIPS-compliant. This feature is for FIPS-compliant encryption only and does not meet full FIPS compliance.
    • 9. Failed Sleep Seconds
      Specifies the number of seconds the Single Sign-On application waits after a failed sign-in attempt.
    • 10. Remember Me Enabled
      Specifies whether the
      Remember Me
      check box is displayed on the Sign-In page. When the 
      Remember Me
       check box selected, Single Sign-On uses
      Remember Me Timeout Days
       to determine when the Single Sign-On token expires. If disabled, a user is automatically logged out when the Single Sign-On token expires after
      Cookie Timeout Minutes
      . When using SAML, if
      Remember Me
       is enabled, the Single Sign-On token uses
      Remember Me Timeout Days
      to set when it will expire. If disabled, the Single Sign-On token uses
      Cookie Timeout Minutes
      to set when it will expire.
      Default
      : Enabled
    • 11. Remember Me Timeout Days
      Specifies the number of days that pass before a user who selected 'Remember Me' on the Sign-In page must reauthenticate. This parameter is only used if the 'Remember Me Enabled' parameter is enabled. A value of 0 indicates that the Remember Me setting does not expire; the user must click the Sign Out link in a data source product interface.
    • 12. Scheme
      Specifies the URL scheme that data source products can use to access the Single Sign-On application. If you are using SSL, supply 'https:' for the value.
    • 13. Port
      Specifies the URL port that data source products can use to access the Single Sign-On application.
    • 14. Virtual Directory
      Specifies the name of the virtual directory for Single Sign-On.
      Default
      : SingleSignOn.
      If you change the value for any of the previous parameters, the default value is not replaced, but the new value now takes precedence. The new value is actually a Local Override.
    • (3.6.1 and Higher Only) 
      15. Allow Single Sign-On in a frame (Local Override)
      Determines whether Single Sign-On is allowed to display within a frame in a web page.
      Default:
       Enabled
  8. Enter b when you have finished changing the default settings.
  9. You return to the previous set of options.
  10. Enter b again to go back to the first set of options.
  11. Enter q to close the Single Sign-On Configuration Tool.
    The Single Sign-On Configuration Tool closes.
    CA
    Performance Center
    directs all unauthenticated users to the Single Sign-On website using the new values that you supplied.