User Guide
Setting Up SSO from SiteMinder
Hyperion products can be integrated with Web access management solutions such as Netegrity
SiteMinder to provide SSO to Hyperion products. Where SSO from SiteMinder is accepted,
Hyperion products trust the authentication information sent by SiteMinder regarding the
protected resources on the user directory. The illustrated concept:
1. When a user logs in to SiteMinder to access Hyperion products, SiteMinder presents a login
screen. SiteMinder forwards the user credentials to the SiteMinder Policy Server, which
authenticates users against configured user directories.
2. If the user is authenticated, the SiteMinder Policy Server grants access to Hyperion products
and passes a SiteMinder token that has
HYPLOGIN HTTP header appended to it.
HYPLOGIN is configured to SM_USERLOGINNAME parameter in SiteMinder.
Note:
In SiteMinder Version 6, configure HYPLOGIN to use SMUSER parameter. HYPLOGIN is a
header that you must create to support SiteMinder integration with Hyperion products. See
SiteMinder documentation for information on configuring
HYPLOGIN HTTP header to
carry the user name of the authenticated user.
3. The Security API implemented on the Hyperion product parses the
HYPLOGIN HTTP header
and validates the user against the user directories configured on Shared Services.
4. Hyperion product checks Shared Services for the user's provisioning information. Based on
the provisioning information, the Hyperion product provides access to the user.
To enable SSO, SiteMinder and Shared Services must be configured to use the same set of user
directories. Also, the user directories configured in Shared Services must be set up to support
security agent for single sign on. See “Setting Global Parameters” on page 57 for details.
The SiteMinder–enabled SSO, general overview:
Setting Up SSO from SiteMinder
25