SIEMENS Teamcenter 10.1 Security Services Installation/Customization TSS00001 • 10.1.4 Contents Getting started with Security Services . 1-1 Overview of Security Services . 1-1 Siemens PLM Software customization support . 1-2 Prerequisites . 1-2 Where to find system requirements . 1-2 Supported Web application servers . 1-3 Supported Web browsers . 1-3 Supported LDAP directories . 1-3 Java environment . 1-3 Teamcenter Security Services product support . 1-3 Basic concepts about Security Services . 1-4 Security Services components . 1-7 Session management . 1-7 Security Services communication channels . 1-8 Using Teamcenter Security Services AutoLogin as the authentication mechanism . 1-11 Context-sensitive rights management . 1-12 Installing Security Services . 2-1 Overview of Security Services installation . 2-1 Basic guidelines . 2-1 Basic installation process . 2-2 Upgrade to Security Services 10.1 . 2-2 Installation files . 2-2 Create the WEB_ROOT directory . 2-3 Copy installation files from the software distribution image . 2-3 Copy files in Windows Explorer . 2-3 Copy files in UNIX . 2-4 Launch the Web Application Manager . 2-4 Creating the Login Service . 2-5 Create the Login Service . 2-5 Name the Login Service . 2-5 Choose advanced options . 2-5 Enter disk locations . 2-6 Select the solution type . 2-6 Select solutions . 2-7 Create the Identity Service . 2-7 Logging Teamcenter application information . 2-9 Setting up an LDAP server for Security Services . 3-1 Choose an LDAP server . 3-1 LDAP requirements . 3-1 Overview of LDAP requirements . 3-1 TSS00001 10.1.4 Security Services Installation/Customization 3 CoContentsntents Example 1 – Defining multiple attributes . 3-2 Example 2 – Defining a single shared Teamcenter attribute . 3-2 Example 3 – Defining pseudo application IDs . 3-3 Example 4 – No schema changes . 3-4 How to enable encrypted LDAP . 3-4 Configuring Security Services . 4-1 Context parameter worksheets . 4-1 Debugging Teamcenter Security Services . 4-14 Using the DEBUG parameter . 4-14 Debug output files . 4-15 Debugging from within an application . 4-15 Configuring the Login Service . 4-15 Launch the Web Application Manager . 4-15 Modifying Web application information . 4-16 Modifying context parameters . 4-16 Values found in the Login Input Definitions table . 4-17 Configuring a load balancer, reverse proxy, or SSO Gateway (commercial SSO) . 4-18 Customizing the logon window . 4-18 Configuring the Identity Service . 4-18 Modify context parameters for the Identity Service . 4-18 Modifying Identity Service tables . 4-19 Configuring the secure socket layer (SSL) . 4-25 Overview of secure socket layer (SSL) configuration . 4-25 Enable SSL for Security Services components . 4-25 Enable SSL for Teamcenter clients . 4-25 Enable SSL for Teamcenter applications . 4-26 Debug SSL issues . 4-27 Deploying Security Services on Web application servers . 4-27 Setting environment variables . 5-1 Verifying Security Services . 6-1 Test Identity Service . 6-1 Test Login Service . 6-1 Test Java API documentation . 6-2 Verify DNS lookup of Active Directory domain controllers . 6-3 Customizing Security Services . 7-1 Overview of Security Services customization . 7-1 Customize client-certificate authentication . 7-1 What is client-certificate authentication? . 7-1 Retrieving Teamcenter user names from certificates . ..