Display Server Single Sign-On

Enterprise RTView®
User Guide

In addition to supporting the single sign-on method that utilizes the rtvuser, rtvpass, rtvsign and rtvrole parameters in getdisplay.jsp, the Display Server also supports two other types of single sign-on:

Login from a Servlet Container
User authentication is a general feature of servlet containers (Tomcat, WebLogic, etc). The web.xml servlet file can be configured to require user login before the web server allows access to the servlet. A sample web.xml file included with Enterprise RTView and located in rtvdisplay\web.xml.auth_example, shows how user authentication can be configured for the Display Servlet. It requires the user to login to the servlet container in order to open any Display Servlet URL, then grants authenticated users access to all Display Servlet URLs.

The sample web.xml specifies DIGEST authentication mode, which tells the browser to prompt for a user name and password, then encrypt the password before sending it to the web server. Most modern browsers and servlet containers support DIGEST mode. Other authentication modes are also defined, but support for those is determined by your servlet container and browser, not by Enterprise RTView.

For more information on this topic, see http://java.sun.com/developer/Books/certification/scwcd_9.pdf.

To configure the Display Servlet to accept user names authenticated by the servlet container as the login user name for the Display Server:

1. Set web.xml to require user login before the web server allows access to the servlet.

2. Modify the LoginEnabled property in the rtvdisplay.properties file as follows:

LoginEnabled=AUTH

To enable single sign-on to the servlet container and the Display Server, the servlet container login name must match the user name defined in the user configuration file. It is not necessary for the passwords to match unless passclientlogin is set to true, since it is assumed that the user name has already been authenticated by the servlet container.

For example, the user database for Tomcat is defined in the file <tomcat_home>/conf/tomcat-users.xml. By default, a user named admin is defined. The default user configuration file for Enterprise RTView also defines a user named admin. If the Display Servlet files web.xml and rtvdisplay.properties are configured as described above, a user could login to Tomcat as admin and the Display Servlet would then automatically login the admin user to the Display Server, without prompting again for a user name and password.

The Display Servlet also supports login from custom JavaScript by calling the following JavaScript function:

rtvLogin(username, password, role)

This function returns the string "ok" if the login is successful and returns a string with an error message if it fails. The role argument is optional. The password is encrypted before it is sent to the server. To call the rtvLogin function from a custom web page, the page must be included in the Display Servlet web archive file and must import the rtv1.js and rtvx.js script files. An rtvLogout function is also available:

rtvLogout()

These functions use the XMLHttpRequest object that is included with most modern browsers. In Internet Explorer, if scripting of ActiveX objects is disabled, these functions will fail.

For example, the following HTML file presents the user with a combo box containing the user names admin and guest, and a text box for entering a password. When the user clicks OK, the rtvLogin function is called. If the login information is validated by the Display Server, the displays.html file is opened in the browser. Otherwise an error dialog appears.

Example:

<html>

function doLogin ()
{
                   var user = document.getElementById("usercombo").value;
                   var pwd = document.getElementById("password").value;
                   var msg = rtvLogin(user, pwd);
                   if (msg != "ok")
                                     alert(msg);
                   else
                                     document.location = "displays.html";
}
</script>

<body>
<div>Please log in</div>

<table border="0" cellpadding="2" cellspacing="0">
                  <tr><td align="right" nowrap>Username:</td>
                  <td align="right">
                                    <select id="usercombo" style="width:120px">
                                                      <option value="admin">admin</option>
                                                      <option value="guest">guest</option>
                                    </select>
                   </td></tr>
                   <tr><td align="right" nowrap>Password:</td>
                   <td align="right"><input type="password" id="password"
                                     style="width:120px"
                                     value="" onkeypress="if (isEnterKey(event)) doLogin()">
                    </td></tr>
                    <tr><td colspan="2" align="right">
                                     <button onclick="doLogin()">OK
                    </td></tr>
</table>
</body>
</html>

Enterprise RTView contains components licensed under the Apache License Version 2.0.

JMS, JMX and Java are trademarks or registered trademarks of Sun Microsystems, Inc. in the United States and other countries. They are mentioned in this document for identification purposes only.

SL, SL-GMS, GMS, Enterprise RTView, SL Corporation, and the SL logo are trademarks or registered trademarks of Sherrill-Lubinski Corporation in the United States and other countries. Copyright © 1998-2009 Sherrill-Lubinski Corporation. All Rights Reserved.