Enable single sign-on between all applications 

Enable single sign-on between all installed applications.


Before you begin

If the Home page application is on a different node from the other applications, all the servers must use the same user repository. If you are using federated repositories, the realm name must be identical on each server. The base entry and DN of the base entry for the user repository must also be identical on each server.

You must configure the SSO domain to be the common domain for all your servers. An example might be enterprise.example.com.

You must be able to access your installed applications from a web browser before you can enable SSO for them.

Note:


About this task

For deployments in which the IBM Connections applications are installed on separate nodes, configure IBM Connections to allow single sign-on (SSO) between all the applications. When SSO is enabled, users can log into one application and then switch to other applications without having to authenticate again.

Ensure that all the servers share the same LTPA keys. To do this, export the keys from one server and import them into the other servers.

To set up SSO between all of the applications...


Procedure

  1. On each node where applications other than Home page are installed, enable SSO:

    1. Log into the WAS admin console as an administrator and expand Security -> Global security.

    2. Expand web securityand then click single sign-on (SSO).

    3. Type the domain name into the Domain name field. You must include a dot (.) before the domain name. For example:

        .enterprise.example.com

  2. On the node where Home page is installed...

    1. Log into the WAS admin console as an administrator and click Security -> Global security.

    2. Under Authentication, click LTPA.

    3. In the Cross-cell single sign-on section, provide values for the following fields:

      • Password: Type a secure password that you will remember. You will need to provide this password later, when you configure to the keys you are exporting.

          Note: Confirm the password.

      • Fully qualified key file name: Specify a valid path and a file name for the file that will hold the exported keys. This file is encrypted using the password specified above.

    4. Click Export keys.

  3. On each node where the other applications are installed...

    1. Log into the WAS admin console as an administrator, and click Security -> Global security.

    2. Under Authentication, click LTPA.

    3. In the Cross-cell single sign-on section, provide values for the following fields:

      • Password: Type the password that you used for the key file that you exported from the node where Home page is installed.

          Note: Confirm the password.

      • Fully qualified key file name: Specify the file name of the key file that you exported from the node where Home page is installed.

    4. Click Import keys.

  4. When you have regenerated the LTPA keys, clear the schedules in the cluster. For more information, see the Clearing all scheduled tasks topic.

  5. Restart all the nodes.


What to do next

By default, WAS regenerates LTPA keys periodically. You must disable this automatic regeneration if you want to maintain SSO. However, for better security, you should manually regenerate a new set of LTPA keys.


Parent topic

Configure single sign-on


Related tasks


Single sign-on
Export LTPA keys
Importing LTPA keys
Use the Profiles database as the user directory
Hiding email addresses
Exposing email addresses
Clearing all scheduled tasks
Enable single sign-on for standalone LDAP


   

 

});