/
Admin ServiceManager Further Details MSSQL SSO COnfiguration
Document toolboxDocument toolbox

Admin ServiceManager Further Details MSSQL SSO COnfiguration

Owned by Paul Hindle
Last updated: Oct 30, 2019 by Andrew Hill (Deactivated)Version comment

On This Page:

SSO is implemented using the services of ntlmauth.dll.  This DLL is located within the SERVICEManager\misc\sso subdirectory available within the both the servicemanager-release-windows-tomcat.zip and servicemanager-update-windows-tomcat.zip bundles.

Enabling SSO requires a number of steps:

  1. Ensure that the SQL Server instance has the appropriate user defined and that user has the appropriate database access permissions.
  2. Determine which of the ntlmauth.dll libraries to use (dependent upon processor architecture).
  3. Configure Tomcat to include the directory containing the desired ntlmauth.dll in its java.library.path.
  4. Update the hibernate.cfg.xml file for this Tomcat/SERVICEManager instance to use SSO.
  5. Restart Tomcat instance.

 java.library.path Configuration

The Java system property java.library.path is used to define where a Java process should locate any additional native libraries.  For SSO the directory of the appropriate ntlmauth.dll should be included in Tomcat's java.library.path.

Tomcat needs to have been installed as a service as this populates the Windows registry with a number of required configuration elements.  This data should be modified using the, Tomcat supplied, tomcat5w.exe configuration application or directly via the Windows REGEDIT tool.

Regardless of method chosen the following property should be added: -Djava.library.path=<path to directory containing ntlmauth.dll>

Note

  • There is no space between the -D and the property name, nor are there spaces either side of the = (equals) sign. 
  • The library path is the path to the directory containing ntlmauth.dll and not the full path to the DLL itself.

tomcat5x.exe is located within SERVICEManager\tomcat\bin

Its Java tab contains a "Java Options" edit control, this should be edited to include the library path property.

REGEDIT is a Windows supplied tool for manually modifying the registry.  The data to edit is located within the "Options" field under the key:

HKEY_LOCAL_MACHINE\SOFTWARE\Apache Software Foundation\Procrun 2.0\Tomcat5\Parameters\Java

hibernate.cfg.xml Configuration

The file hibernate.cfg.xml (located within SERVICEManager\sm_properties) contains the database connection parameters defined for a given installation.  These should be edited.  Specifically:

  1. The connection.url property needs extending to include the domain containing the SSO user.
  2. The connection.username property should be removed/commented out.
  3. The connection.password property should be removed/commented out.

An example of this file after editing might be (assuming that the SSO user exists within the domain SP):

<property name="connection.url">
  jdbc:jtds:sqlserver://spdb:1433;databaseName=sp-demo;domain=SP;
</property>

<property name="connection.driver_class">
  net.sourceforge.jtds.jdbc.Driver
</property>
<property name="dialect">
  org.hibernate.dialect.SQLServerDialect
</property>
<!--** These properties have been commented out for SQLServer and SSO **
<property name="connection.username">
  testdbuser
</property>
<property name="connection.password">
  Test
</property>
-->