Allow a User Web Portal to Automatically Sign a User into SBM

Recently, SBM has been used in conjunction with portal websites.  Once a user is logged into a custom web portal, it may be undesirable for the user to be required to also be forced to enter their password to login to SBM.  Why not just use the successful authentication to the portal site to authenticate the user to SBM?  This is now possible as of SBM 11.3.1 with the use of Single Sign On.

First, use Configurator to make sure that you are using Single Sign On for Authentication.  We will be trusting the portal to provide a user endorsement for a given user.  To add the endorsing user, perform steps 1 - 3 below.

1. Edit "[SBM]\Common\tomcat\server\default\webapps\idp\WEB-INF\conf\Configuration.xml"
2. Look for "" and insert the following XML snippet         

 Adjust user/pass accordingly. It is a shared secret between the portal and the SSO server. The credentials do not have to exist in AE.

3. Restart Tomcat

Next, we POST the following JSON to /idp/services/rest, and we are returned an SSO token for the given user.  This URI is the Tomcat server so adjust the port number as necessary.  Request SSO token for "bill" using the endorsing user/pass credentials as follow:

POST /idp/services/rest
content-type: application/json
accept: application/json
...other headers as necessary

    "credentials": {
    "username": "secret_username",
    "password": "secret_password"
  "onBehalfOf": {
    "username": "bill"

Finally, we parse the returned JSON and add it to a form that will submit values for ALFSSOAuthNToken= and ALFSSOGatekeeperCommand=CreateSSOSession.  Attached is an example portal written in ASP.  It includes a file to parse the JSON.  The core of the code is all in portal.asp.

SBM MODSCRIPT, PART 15 - Singletons
Dimensions CM 2019 CABs Announced

Related Posts


No comments yet

Recent Tweets