Comments on: Single Sign-On, SAML, and Authentication in Documentum

By: paintball barrel

paintball barrel — Tue, 29 Jun 2010 02:30:32 +0000

Good post, doing some research on saml and ran across this.

By: Raoul B

Raoul B — Wed, 02 Dec 2009 16:05:00 +0000

Hi Bab,

actually I didn’t find much info on developing on CenterStage but if you look on our web site (www.solfit.ch) you will see that we already implemented SSO for CenterStage based on kerberos.
You need to understand java, dwr, and ExtJS (ajax).

I thought you might be interested…
Raoul

By: Bab

Bab — Wed, 26 Aug 2009 08:16:58 +0000

Hi,

great blog ! I love word press.

Maybe this isn’t the best place for my question…. but…
I’m working with Center Stage and I’d like to integrate my SSO system.

I’m looking for information, guide for developers. Nothing.

Do you have any idea?

Thank you.

By: Brinda

Brinda — Thu, 18 Jun 2009 21:50:09 +0000

Hi,

I am lookin towards integrating Documentum and BPM to an external application. Both the EMC app server and the external application share the same authentication store and SSO provider.

Can you please let me know if there is there an API exposed through DFS to perform the SSO (token based authentication) from an external product to documentum?

Is there a way to access the SSO generated token from within the form adaptors and the BPM events to perform an SSO login to the external system

By: Pie

Pie — Thu, 17 Apr 2008 14:26:25 +0000

I would suggest two things. One would be to read my more recent post on Authentication Design Patterns and the discussion on the EMC Developer Network. The Network itself is a useful resource. From a purely technical perspective, if SSO is not an option, I would continue your course, but maybe encrypt and move the authentication information into a properties file for use in your code. If you are feeling adventurous, try the Generated Credential Authentication approach that I mention.

By: Sujeet

Sujeet — Wed, 16 Apr 2008 21:44:06 +0000

thanks for the info about licesing, i wil let my PM knows about the risk involved. back to my problem, do you have any hints for accomplishing this..

sujeet

By: Pie

Pie — Wed, 16 Apr 2008 21:13:01 +0000

If your purpose is to provide search without authentication, then aside from losing the auditing and authorization for each user, you need to be sure to be cognizant of the licensing issues.

By: Sujeet

Sujeet — Wed, 16 Apr 2008 20:43:27 +0000

thanks for the quick reply. The idea is to populate the Advaced Search Page without propmting the login screen. I am hardcoding the userid, password, docbase name and domain.

Sujeet

By: Pie

Pie — Wed, 16 Apr 2008 20:14:11 +0000

Short answer: Yes.

Long answer: It depends on what you are trying to do. If you are just running scripts, you can use the DFC and connect through the code.

So my question is, what exactly are you trying to accomplish? A simple use-case should help to clarify things.

By: Sujeet

Sujeet — Wed, 16 Apr 2008 18:43:31 +0000

Hi,

I am just wandering, can we access the contents from the documentum repository without prompting the user to enter the login information. i would like to run the scripts background. Help really appreciated.

Regards,
Sujeet

By: James

James — Tue, 14 Aug 2007 10:31:05 +0000

My blog mentioned the need for encryption between the DFC and Documentum which is different than the content server?

By: Pie

Pie — Wed, 08 Aug 2007 03:11:37 +0000

James has already replied. For more information on Documentum's security, check this page on their website. Most people don't implement all of the features of encryption between the client (Web Application Server) and the Content Server. It is there and only requires a digital certificate. Oh, and I think a better description of what Documentum stores from LDAP is cached information. If the LDAP server(s) that Documentum is aware of is down, those users do not get into the system.