Treasury Front Office Single Sign On Configuration
This section details about the configuration required for single sign on in Treasury Front Office.
Introduction
TFO is enhanced to be compatible with Temenos Transact and WSO2 Authentication to achieve SSO (though the changes are normally ‘switched off’ in web.xml). UXP browser is enhanced to support a JWT SSO token that provides a seamless and bug free transition between other applications and UXPB. Various changes are required to make TFO compatible with the new SSO token.
Temenos Transact Environment Configuration
Setenv.bat File
- To relax UXPB security to permit launching links, the Setenv.bat file needs to be edited as below:
- Identify the deployment mode and update the Setenv.bat file. (for example, in sample below the mode is ’DEV’).
- The Deploy mode is ’DEV‘ which falls under last ELSE
2. JBOSS_STARTUP needs to include the below setting:
- -Dauthfilter.options.browserSessionUidCheckEnabled=N
Whitelist File
If a deep link is invoked, the specified Temenos Transact model is validated against a whitelist. Otherwise, the user is not allowed to execute enquiry or version specified in the link. The whitelist also known as ExternalCommandLineWhiteList.txt:
- Exists in the BRP/generated/edge/data/ folder
- Holds the list of enquiries or versions that are permitted
- Needs to have one entry for each line (this is case sensitive, but can be trimmed at the beginning and end).
Whitelist Items – Model Configuration
As mentioned above, the user needs to specify the Application/Table name, using which the Model artefacts are created in the whitelist. This enables the functionality that involves the artefacts to work properly.
As part of DX Deal Capture screen in TFO, the user needs to specify the DX.TRADE, TY.BLOTTER and DX.CONTRACT.MASTER applications in the whitelist.
The addition to whitelist continues based on the requirement to add the application for SSO functionality for each enhancement.
Temenos Transact Configuration
- Log on to BrowserWeb and use OFS.SOURCE, IRISINTERNAL.
- Ensure there is an ATTRIBUTE value of PREAUTHENTICATED present for IRIS R18. Similarly, set attribute value of PREAUTHENTICATED for IRISAAINTERNAL.
Browser Configuration
- Open Browser.war from Temenos\jboss\standalone\deployments and edit WEB-INF/SSOAPI.properties file to add or amend the below properties.
TOKEN.TYPE.JWT=true
T24.SSO.MODE=true
Example
Recent build
Browser Iris Configuration
- Open browser-iris.war from Temenos\jboss\standalone\deployments and edit WEB-INF/SSOAPI.properties file to add or amend the below properties.
TOKEN.TYPE.JWT=true
TFO Configuration
WEB-INF/SSOAPI.properties
- Open TFO.war from Temenos\jboss\standalone\deployments and edit WEB-INF/SSOAPI.properties file to add or amend the below properties.
TOKEN.TYPE.JWT=true
T24.SSO.MODE=true
ModelConfig/Set_SSO.bat
1. To enable Single Sign On (SSO) feature, the Set_SSO.bat batch file is executed from the command prompt. This batch file renames some of the existing files by appending with ‘_Original’ and enables SSO files to be used in TFO.war and TFO-iris.war files. For example, web.xml is renamed as web_Original.xml.
- To rename the files within the archive (war) file, 7Zip software is required.
- Ensure to keep a backup of existing TFO.war and TFO-iris.war files.
2. To enable the SSO feature, edit the Set_SSO.bat in Notepad/Notepad++ file and update the following:
- WARPATH variables with the location of TFO.war file
- TEMPPATH with the location of a temporary folder (which has access to create/add/delete)
- NEWAUTHENTICATORJARFILENAME with authenticator file name available in Browser.war (WEB-INF\lib folder)
- OLDAUTHENTICATORJARFILENAME with authenticator file name available in TFO.war (WEB-INF\lib folder).
3. Save the file Set_SSO.bat.
4. Open command prompt and change the directory to 7Zip location.
5. Execute the batch file Set_SSO.bat as shown below.
6. On successful completion, start Temenos Transact to use SSO feature.
In this topic