-
Notifications
You must be signed in to change notification settings - Fork 71
Setting Up SSO Between Websphere Portal and IBM Connections
There is a websphere portal server set up on portal.test.com and an IBM connections server on connections.test.com. This article describes how to set up single sign-on between websphere Portal and IBM connections so that when a user logs into websphere Portal they will be authenticated with connections. Note, this is not the same as setting up SSO between two websphere Application servers, additional steps need to be done for the Portal server.
Go to the administrative console of the websphere application server for IBM connections. This is usually hhtps:server:port/ibm/console Go to Security->Global Security->Web and Sip Security->Single Sign-on (SSO).
-
- Click the checkbox to enable SSO,
-
- enter a domain name this is the domain that contains both servers, in the example (.test.com)
- Web inbound security attribute propogation
- Set security cookies to HTTPOnly to help prevent cross-site scripting attacks
- Click OK. Save your changes to the master configuration.
No you need to export the LTPA key, to do this
- Go to Security > Global security > LTPA.
- In the Cross-cell single sign-on section, specify a password for the LTPA key.
- Enter the LTPA key name and the fully qualified directory where you want to export the key.
- Click Export keys. The LTPA keys are exported to the file system.
- Click OK. Save your changes to the master configuration.
- Log out of the WebSphere Integrated Solutions Console for WebSphere Portal.
- Go to the directory where you exported the LTPA key.
- Copy the LTPA key to the server where IBM Connections is installed. You need to transfer this file to the file system of the you portal server, using FTP/winSCP etc.
Now log into the Portal server and repeat the steps above for SSO and for LTPA enter the same values but this time IMPORT the ltpa key. Save and log out.
Use the Config Engine to run the following commands. Config Engine is a command line application located at wp-profile-root/ConfigEngine .
-
Configure SSO with the command below
ConfigEngine configure-single-signon -Ddomain= -DWasRemoteHostName= -DWasSoapPort= -DWasPassword= -Dinteroperable=true -DattributePropagation=true -DrequiresSSL=false -
Import The LTPA Key with the command below ConfigEngine.bat import-ltpakeys-single-signon -DkeyFile=c:\ltpa_demo.txt -DkeyPass= -DdmgrFlag=false -DWasRemoteHostName= -DWasSoapPort= -DWasPassword=
Restart the portal server.
In this scenario connections maintains its user registry in an LDAP server. To allow connections users to log into Websphere portal, portal needs to connect to the LDAP server.
Use the following config engine commands for this but first you need to edit some properties. Use a text editor to open the wkplc.properties file, located in the wp_profile_root\ConfigEngine\properties directory. enter values for the following properties
federated.ldap.id federated.ldap.host federated.ldap.baseDN federated.ldap.ldapServerType federated.ldap.port federated.ldap.bindDN federated.ldap.bindPassword
Save your changes to the wkplc.properties file.
Now run the following commands
ConfigEngine.bat validate-federated-ldap -DWasPassword=password task to validate your LDAP server settings
ConfigEngine.bat wp-update-federated-ldap -DWasPassword=password
Restart Websphere Portal.
You should now be able to log into websphere portal with a user account from connections and when you go to connections you should be automatically authenticated.