Single Sign on for JD Edwards made extremely easy.
Transparent Logon provides a simple, straightforward and secure way of allowing your users to access JD Edwards without having to enter a password, provided they are an active and authenticated user in your Windows domain, or can be authenticated using a SAML2 provider (Office365 and Fortigate are being used but any SAML2 provider should work)). Available for immediate download from https://www.steltix.com/tl and up and running in minutes.
Transparent Logon installs a webserver for each environment it needs to serve. Every server runs on the same machine as an instance on a separate port.
- Your users logon to their Windows account
- As a result, their machine gets a token from the domain server
- When users want to acces the JDEdwards webserver, instead of navigating to the JD Edwards URL, they will navigate to the Transparent Logon URL
- Transparent Logon inspects the token to assess whether the user is an active user in the domain and has access to the resource it requests.
- The token is veriefied with the domain server
- Transparent Logon correlates the windows user ID with a JDEdwards user ID, resets the password and established a session with JDEdwards
- The traffic is redirected and the Transparent Logon server removes itself from between the User and JDEdwards server
- The user now has a session with the JDEdwards server (or AIS server or DAS server).
Transparent Logon URL’s
Once you install a transparent logon server, you can create separate server instances to serve your environments. The URL your users use on this server defines the action Transparent Logon is taking. That is essentially what provides them with Single Sign On for JD Edwards.
When accessing the admin interface the administrative back ends opens. Make sure to restrict access to the panel by setting the correct windows group. Initially, access in not secured, but after uploading a certificate, access to the admin panel is through https.
The URL for end-user to use when interacting with the system served by Transparent logon contains a portnumber and a parameter.
The port is defined by the instance and usually relates to a specific JDEdwards environment.
The parameter defines the actual service the user needs to be redirected to as follows:
When navigating to /jde, TL will navigate to the JD Edwards logon screen (of the server served by this instance of TL) and automatically try to logon. When that is not possible (due to a missing cross reference for instance) it will simply present the logon screen.
When one Windows user has multiple JDEdwards users associated, TL will first prompt for tje JDEdwards user to use.
Identical as the above, but now TL will create a user session in DAS’s Reports Now.
Identical as the above, but now TL will create a user session in the Orchestrator Studio (as from tools release 9.2.4).
TL will now rest the JDEdwards password of the user id correlated to the windows user id and sent a reset mail to the user.
This requires correct setup of email section and the existence of an email address in the cross reference database.
Used for token requests and AIS-API calls into JDEdwards.
Used to check the JDEdwars user id(s) correlated to your windows username.