You are here

SCT Workflow SSO Question

Submitted by sspyrison on Tue, 06/07/2005 - 22:22

Hi LDN,

We are testing SCT Workflow integration with Luminis. Seems to be working fine by following the documentation, but I don't quite understand why and I'd like to :)

It's using CPIP, so it may be I just don't understand CPIP well enough yet.

Here's what seems to be happening:

1) Workflow is setup to use external authentication by pointing to Luminis LDAP. Workflow maintains the uid's as external usernames, but not the passwords.

2) A user logs into Luminis, then clicks one of the Workflow links.

3) From snooping the connection, I know that Workflow binds back to Luminis LDAP with the user's dn and Luminis password.

My question is, how does Workflow know what the user's Luminis password is? I don't see any pdsExternalSystemId for it or anything like that. Does this sound like normal CPIP behavior or do you think SCT is using some custom SSO code to accomplish this?

Just thought I'd ask :)

General:

We also run Workflow SSO, I just checked the LDAP, and sure enough there is an pdsExternalSystemId for us.  (USERNAME::sctfw)  Maybe we have something configured differently?

Interesting.....that's along the lines of what I expected to see when I looked in our LDAP. We don't have any pdsExternalSystemID with sctwf. I don't even see any mention of that in the 4.1 documentation. What version are you running?

Read jwheat's post and the documentation on cpip filters with cptool sync password, because that sounds pretty darn close to what is happening with Workflow. There is no filter listed for sctwf, though, and the install guide doesn't specifiy to create one (INB does, though).

Reading more on cpip now...

Maybe we have things configured differently...

My config settings: (OUR_SERVER is our server...)

es.sctwf.sendcpuid=true
es.sctwf.configURL=http\://OUR_SERVER\:7777/wfpsc1/cpip/GetConfigVersion2
es.sctwf.api.workflow=http\://OUR_SERVER\:7777/wfpsc1/home/worklist.do
es.sctwf.autosync=true
es.sctwf.domain=http\://OUR_SERVER\:7777/wfpsc1

Yep, we are slightly different. We have no sendcpuid or autosync, and our configURL has the following appended to it:

?renderer=luminis&hidecrumbs=false&hidenav=false