IBM BPM, V8.0.1, All platforms > Install IBM BPM > IBM BPM Advanced for z/OS: Process Server > Configure IBM BPM Advanced for z/OS: Process Server > Configure components > Configure additional components > Configure Process Portal > Configure the Business Space component for Process Portal > Set up security for the Business Space component and Process Portal

Set up SSO and SSL for Process Portal

For remote environments where Process Portal and your product server are in different cells, set up single-sign-on (SSO) and Secure Sockets Layer (SSL) configuration manually.

Before you complete this task, you must have completed the following tasks:

• Enable application security and administrative security. See Enabling security for the Business Space component.
• Check that your user ID is registered in the user registry for your product.

If you have separate cells configured, make sure that SSO considerations are taken into account (including that LTPA keys are in sync, shared user names/realm names are in sync, and certificates are imported as appropriate). In some cases, with IBM BPM, there might be multiple repositories in the realm, which might result in a realm-mismatch error. See Manage the realm in a federated repository configuration in the WebSphere Application Server documentation.

Procedure

1. If Process Portal is remote from where your product is running, and if the node where Process Portal is running and the node where your product is running are not in the same cell, complete manual steps to make sure that SSO is enabled.

   For example, if you are using more than one product, the servers are on different nodes, and you want them all to be able to work with the Business Space server, you must manually configure SSO. To enable SSO:

   1. On the administrative console for each server, open the Global security page by clicking Security > Global security. Expand Web and SIP security and click single sign-on (SSO) to make sure that the Enabled check box is selected.
   2. Verify that all the nodes use the same User account repository information.
   3. Follow the steps in Import and export keys in the WebSphere Application Server information center.

2. If you are using HTTPS in the endpoints file, the endpoint location is on a different node than Process Portal, and the SSL certificate is a self-signed SSL certificate, you must import it.

   Verify that the signers are configured in the appropriate truststores for the Process Portal server and the IBM BPM server. See Secure communications using Secure Sockets Layer (SSL) in the WebSphere Application Server information center.

   For more information about SSO and SSL, see the WebSphere Application Server information center.

Set up security for the Business Space component and Process Portal