Reverting the Single Sign On set up (Kerberos) in AMX BPM.

Reverting the Single Sign On set up (Kerberos) in AMX BPM.

book

Article ID: KB0086913

calendar_today

Updated On:

Products Versions
TIBCO BPM Enterprise (formerly TIBCO ActiveMatrix BPM) -
Not Applicable -

Description

Description:
TIBCO ActiveMatrix BPM (AMX BPM) can be configured to use Single Sign-On (SSO) authentication for client requests. TIBCO AMX BPM Single Sign On document details the steps needed to implement SSO mechanism through SiteMinder or Kerberos. This article is outlined to illustrate the steps needed to revert such changes for SSO Kerberos authentication.

Issue/Introduction

Reverting the Single Sign On set up (Kerberos) in AMX BPM.

Resolution

The following steps can be performed to revert changes to implement LDAP authentication.

- OpenSpace Client

1. Find the config.properties property files. For example under Windows, these are located in the referenced path.

Openspace: C:\ProgramData\amx-bpm\tibco\data\tibcohost\Admin-AMX BPM-AMX BPM Server\data_3.2.x\host\plugins\com.tibco.openspace.login_1.7.1.00n\resources\config.properties
Accessible Openspace: C:\ProgramData\amx-bpm\tibco\data\tibcohost\Admin-AMX BPM-AMX BPM Server\data_3.2.x\host\plugins\com.tibco.os.a11y.app_1.1.1.005\accessibility\config.properties


2). Open the config.properties file and ensure the authenticate property has the value =1 so you would get the login page


3). Change lockdown.showLogoutButton property to "true".

4). client.inactivity.warning and client.inactivity.tick properties back to your original value. By default, it is set to 30.

5). Save and close the config.properties file.

 - Workspace Client

1). Open the config.xml file.

2). Locate the authenticationMode record and ensure that the mode attribute uses the value useSessionByDefault and useLDAP. Use the value "true".
 For example:
<record jsxid="authenticationMode" mode="useSessionByDefault" useLDAP="true"/>>

3). Locate the showLogoutButton record. Amend the showLogout attribute to true to show the Workspace logout button.

For example:
<record jsxid="showLogoutButton" showLogout="true">

4). Save and close the config.xml file.


Browser Settings

Internet Explorer

1). Go to Internet options >> Advanced tab .


2). Uncheck "Enable Integrated Windows Authentication".


3). Apply and close.


Firefox/Chrome

None required

ActiveDirectory (AD) Server

1). Either remove or delete the spn set for this account.


- AMX BPM Administrator

1). Go to the applications tab >> amx.bpm.app .

2). Go to substitution variables tab in the bottom.


3). Look for authAllowUsername and set it to "true".


4). Set authDefaultMethod to use LdapAsp.


5). Set authSiteMinderService to "/" .

6). Apply and save the changes.

7). Move the keytab file from the config_home in the server that was placed while SSO was implemented.

Additional Information

https://docs.tibco.com/pub/amx-bpm/4.0.0/doc/pdf/TIB_amx-bpm_4.0_single_sign_on.pdf