Normally on a Windows Platform, CA SDM's authentication module bopauth_nxd/boplgin is able to do native External Authentication against users that belong to the Windows Domain that the Windows host/server belongs to.
This is not the case for Linux/Unix based systems.
This document provides a few options that can be considered to authenticate such Domain users when CA SDM is on Linux platform. Similar approach could be considered for other Unix flavors as well.
Notes:
CA Service Desk Manager
Enabling Tomcat's Authentication:
CA SDM offers Tomcat web server, which serves as an "out of the box" web and application server for CA SDM needs. Out of the box, Tomcat 7s Integrated Windows authentication can be enabled as one option. There are several ways in which this can be done:
Use CA Embedded Entitlements Manager (EEM) for Authentication:
CA SDM offers a way to authenticate CA SDM contacts against EEM. EEM can be setup against an external Directory like LDAP/Windows Active Directory for its users.
As long as a user is a valid user and can authenticate in EEM, that user now can login to CA SDM (assuming the contact record exists in CA SDM)
Enable some sort of Single Sign-On option for the Apache Web Server:
CA SDM offers native support to integrate with Apache Web Server and out of the box Tomcat that is offered with the CA SDM install.
Apache Web Server could be configured to do HTTP Basic Authentication.
Notes:
Move CA SDM Authentication Program to a Windows Server:
The CA SDM bopauth_nxd program can moved from Linux/Unix platform to a Windows Server, which belongs to the same domain against which the CA SDM users need to be authenticated. Documentation on how to move this program to a Windows server is available via CA SDM Implementation/Administration guides.
Notice: Broadcom does not own the 3rd party technology plug-ins mentioned in this document and as a result may not be able to resolve issues with those technologies. If Broadcom Support determines the issue lies with the 3rd party plug-in, they may ask you to try an alternate architecture for authentication.