Configuration assumptions and SSO deployment checks

We have designed Spectrum SSO to be seamless to end-users. However, systems administrators must complete some tasks before you enable SSO and the make the necessary security changes. Ensure that:
  • The system administrator has deployed the federation server. Microsoft® provides online references for federation server deployment and verification.
  • The system administrator has installed and configured the AD FS server role. Ensure that AD FS is set up and configured for your processing environment. AD FS employs a configuration Wizard that helps with this process.
  • Your system's clustering configuration is in place.
    • Load balancer must be HTTPS-enabled to use SSO in a clustered setup with using AD FS.
    • Load balancer must be in HTTPS-enabled mode.
    • Define a domain entry in the host file of all nodes and load balancer. This maps the domain and IP address for each node to be recognized by Spectrum SSO. For example, in a three-node cluster configuration, you would define:
      node1IP hostname
       node2IP hostname
       node3IP hostname
       ADFSIP hostname
       loadBalancerIP hostname
  • Your system includes a recognized load balancer. For HTTP-level implementation of Spectrum SSO, you must terminate HTTPS at the load balancer level in Spectrum cluster considerations.
  • Change the server hostname(s), as appropriate. Each cluster in your configuration has a unique hostname (computer name). Use best practices for naming your host machines — such as including the DNS in the name — so that they are easily identifiable and traceable.
  • Review the Spectrum™ Technology Platform documentation on setting up clusters for more information.