Ca provides file /webroot/sso-template-jsp.txt
copy this to new file
cp sso-template-jsp.txt singlesignon.jsp
And have Sharepoint or any asp.net webpage authenticate the user and redirect to this file with username= parameter set
And the SSO starts working. (I added encryption decryption later for obvious reasons)
This worked fine in Dev for me but the same did not work in Stage and Prod so I was stuck. Non of the logs helped and kept getting Error 403 (forbidden)
CA support help to the rescue and pointed me to webroot/WEB-INF/web.xml
There is this section
<filter-class>com.niku.union.web.filter.ClarityContentFilter</filter-class>
<init-param>
<param-name>allowedList</param-name>
<param-value>DefaultPrint.css,FeaturePrint.css,pagebutton-center.png,Login.gif,ajax-impls.js,ajax.js,lookupManagement.js,DefaultScreen.css,DocMgrScreen.css,LinkActions.js,common.js,Theme.css,FeatureScreen.css,Feature.css,smallFont.css,spacer.gif,WdgError.gif,Spacer.gif,/timesheet,spacer.png,blue.gif,eMailLogo.gif,workspace.png,BOServerStatus.jsp,monitor.jsp,monitor_lite.jsp,common.png,/login,/logoff,min.js,min.css,shortcut.ico,favicon.ico,s.gif,_header.gif,cache.js,gantt.js,hook.js,/nu,/app,.cache.html,hosted.html,pie.htc,/odata*,/odata.v2*,/soap,/sched,/xog,/proxool*,/wsdl*,/test.html,blue.gif,spacer.png,eMailLogo.gif,/,sso.jsp</param-value>
I just added the last 8 characters (allowed the new file to be browsed) and it works just fine.
What I understand this says is these executable files are not harmful and are permitted to execute. all others are blocked.
I remember web,xml did this to me in past but good to know again. Documenting it here as I dont want to spend days on this again.
I love CA Support when they dont redirect to Service saying it is not what Support does! Kudos!!!