pp108 : Enabling Process Platform Authentication

Enabling Process Platform Authentication
This topic describes the procedure to enable Process Platform Authentication.

Before you begin this task:
After Process Platform Authentication or Single Sign-On is enabled, only users with a password can log in. Therefore, Cordys users must be created before SSO is enabled in Process Platform. For more information on creating Cordys users, refer to Creating Users.

To enable Process Platform Authentication in a distributed installation, the procedure described in Distributed Installation and Trust and Key Stores must be executed first.


Process Platform provides a secure environment, which requires you to provide your login credentials to use Process Platform.

  1. If you want to audit Single Sign-On to track the verification of assertions, perform the following steps else skip this step.
    1. On CUSP > My Applications , click (System Resource Manager). The System Resource Manager window appears.
    2. Right-click Single Sign-On and click Properties. The Properties - Single Sign-On dialog box appears.
    3. On the Single Sign-On tab, select Check to enable auditing for SSO check box.


      Note: Audit messages are logged for each assertion issued and for each fault encountered during identity validation (For example, wrong password, expired assertion, and so on).


    4. Click then to save and close the properties dialog box.
  2. In the System Resource Manager window, right-click Single Sign-On and click Restart to restart the service container.
  3. Configure the Web server to use the anonymous authentication Web service operation. Refer to: Configuring Anonymous Access in Apache and Configuring Anonymous Access in IIS for more information on the configuration. Domain authentication is not used anymore.
  4. If you want to set the expiry time for an assertion else skip this step.
    Note: The expiry time for assertions is eight hours (480 minutes) by default. To change it, perform the following steps:
    1. On CUSP > My Applications, click (LDAP Explorer). The LDAP Explorer window appears.
    2. Navigate to Cordys > <organization> > soap nodes , right-click Single Sign-On service group and click Properties. The Properties - Single Sign-On window is displayed.
    3. Click the button in the bussoapnodeconfiguration row. The XML Editor - Edit XML of bussoapnodeconfiguration window appears.
    4. Type the expiry time in the expiration tag and click to save the changes.


      Note: Type the expiry time in minutes. If the expiration tag is missing, add it under the <configuration> tag.



      Process Platform Authentication is enabled.