To install Knowledge Center in an SSO configuration:Knowledge Center supports HTTP header based Single Sign-On (SSO). The HTTP Headers are provided by the Single Sign-On provider. The HTTP Headers contain authentication and/or other user information that Knowledge Center uses to authenticate and maintain basic user information managed through the user source of the Single Sign-On provider.
Note: Single Sign-On providers such as Oracle Access Manager require an additional installation on IIS allowing IIS to communicate with the Single Sign-On provider. For Oracle Access Manager this would be the Oracle Access Manager Webgate or the modosso plug-in.
The HTTP Headers defined in the Single Sign-On Provider are mapped in Knowledge Center in order to authenticate and manage user information defined by the headers. At a minimum there must be one HTTP Header defined to the username. Other HTTP Header mappings can be defined to maintain other user fields such as first and last name, e-mail, and other user information. For example, the HTTP_USERNAME header would be mapped to the username, HTTP_FIRSTNAME would be mapped to the user’s first name, HTTP_LASTNAME would be mapped to the user’s last name, and so on.
Knowledge Center contains an IIS Application for web services (KData) used for non-browser applications. This IIS Application cannot be protected by the Single Sign-On Provider and must be accessible without being authenticated through the Single Sign-On Provider. The web services are authenticated using the Knowledge Center Standard Authentication providing a login dialog for authentication.
The IIS Application containing the browser based application (KCenter) needs to be configured to allow Single Sign-On Authentication and pass the configured HTTP Headers.
The Knowledge Center installer contains an option to install on a Single Sign-on environment. This option configures Knowledge Center to authenticate with the Single Sign-On Provider with a single HTTP Header containing the username.
To install Knowledge Center in an SSO configuration:
You can then modify the CustomHeaders.xml file. The CustomHeaders.xml contains the HTTP Header mappings from the Single Sign-on provider and Knowledge Center. When the install of Knowledge Center completes there is only a single item that maps the username. This only validates the authentication of the user and the user data is maintained within Knowledge Center.
Example:
<items>
<item headerName="HTTP_USERNAME" fieldName="USERNAME" isCustom="false"/>
</items>
Other standard fields can also be mapped allowing the user data from the SSO provider to be populated into Knowledge Center when Knowledge Center is launched. The standard fields consist of FIRSTNAME, LASTNAME, MINIT, and EMAIL. If there are HTTP Headers available for these standard fields then mapping information can be added. The headerName is the name of the HTTP Header containing the value and the fieldName contains the field mapped to Knowledge Center.
Example:
<items>
<item headerName="HTTP_USERNAME" fieldName="USERNAME" isCustom="false"/>
<item headerName="HTTP_FIRSTNAME" fieldName="FIRSTNAME" isCustom="false"/>
<item headerName="HTTP_LASTNAME" fieldName="LASTNAME" isCustom="false"/>
<item headerName="HTTP_MINIT" fieldName="MINIT" isCustom="false"/>
<item headerName="HTTP_EMAIL" fieldName="EMAIL" isCustom="false"/>
</items>
Knowledge Center Custom User Fields can also be mapped to HTTP Header values. Create a Custom User Field in Knowledge Center as a text type. The name of the Custom User field will be the fieldName within the map item (Department Name in the example). The headerName is the HTTP Header that contains the value. There is an isCustom attribute that must be set to 'true' for custom user fields.
Example:
<item headerName="HTTP_DEPARTMENT" fieldName="Department Name" isCustom="true"/>