SSO header

SSO header with Collibra Platform users

Since there is no standard for the behavior of the SSO Header modes, Collibra makes certain assumptions.

Once configured with the appropriate header information (see configuration step), Collibra assumes that:

  • You are running a proxy responsible for authenticating the users connecting to Collibra.
  • This proxy fills in the value of the header to the username of the user that has been authenticated by the proxy. This is the case in every single request, including for resources like javascript, CSS and image files.
  • Collibra uses this username to start a session in the application, assuming the above steps were performed properly.
  • Collibra does not perform extra authentication.

To configure SSO header with Collibra users, consult the SSO header: configuration options section.

SSO Header with LDAP synchronization

Much like the SSO Header with Collibra users, there are no standards for proxy behavior.

Collibra assumes that:

  • You are running an LDAP server and Collibra has been configured to sync with that LDAP. For more information about LDAP synchronization, see Configuring LDAP.
  • You are running a proxy server that is responsible for authenticating the users who want to go to Collibra DGC.
  • The proxy server fills in the value of the header to contain either the LDAP Distinguished Name (DN) or the identifying LDAP attribute of the user (as configured, see configuration step).
  • Collibra:
    • Uses the DN or identifying attribute to fetch the username from the LDAP server.
    • Verifies that the user is allowed to use Collibra.
    • Uses this user to start a session.

To configure SSO header with LDAP synchronization, consult the SSO Header LDAP: configuration options section.