Enable single sign-on for standalone LDAP 

IBM Connections requires a federated repositories configuration, but you can enable IBM Connections applications to perform Single sign-on (SSO) for a standalone LDAP directory.


Before you begin

This procedure is required if you want to enable SSO between IBM Connections and an application hosted by a version of WAS that is earlier than 6.1, which is the version in which federated repositories were introduced.

Before you perform this procedure, configure federated repositories on IBM Connections.


About this task

By default, applications deployed on servers within the same WAS cell are enabled for single-sign-on. To support this, the servers share the same set of LTPA keys and the same LDAP directory configuration. Use this configuration if you want to set up SSO between applications that use different LDAP directory configurations.

To enable SSO between IBM Connections and a WAS configured for standalone LDAP...


Procedure

  1. Log in to the WAS admin console by going to the following web address in a browser:

      http://<web.server.host.name>:9060/ibm/console

  2. Log in to the Welcome page.

  3. Click Security -> Global security.

  4. Select Federated Repositories from the Available realm definitions field, and then click Configure.

  5. On the Federated repositories page, add the <host_name>:<port> of the standalone LDAP server to the Realm name field.

      For example:

      ldap.example.com:389

  6. Click Apply, and then click Save to save this setting.

  1. After changing the realm name, update the administrative user roles because the previous realm name is still appended to the administrative users. Until you remove and re-add the administrative users, the users are unable to access the Integrated Solutions Console.

    1. Navigate to Users and Groups > Administrative User Roles.

    2. Select all user roles and click Remove.

    3. Click Add.

    4. In the Roles field, click Administrator.

    5. In the User field, enter the user name to which you want to grant administrative privileges.

    6. In the Search string field, enter a user name that you want to set as an administrator and then click Search. Select the user name in the Available list and click the right arrow button to move it to the Mapped to role field.

    7. To map other users, repeat the previous step.

    8. Click OK and then click Save.

Note: If there is only one user, you might not be allowed to remove the user. In that case, add the new user first and then remove the original user.

  1. Synchronize the nodes and then restart the servers:

    1. Log into the Integrated Solutions Console for the dmgr.

    2. Expand System administration -> Nodes. Select the name of the node that you updated and click Full Resynchronize.

    3. Select Servers -> Clusters. Select the check box beside the cluster you want to restart and click Stop.

    4. Select System administration -> Node agents. Select the check boxes beside the nodes that you want to restart and click Restart.

    5. Stop and restart the dmgr.

    6. Log into the Integrated Solutions Console again.

    7. Select Servers -> Clusters. Select the check box beside the cluster you want to restart and click Start.


Parent topic

Configure single sign-on


Related tasks


Configure IBM Connections for SSO


October 26, 2011
   

 

Oct 26, 2011 5:41:18 PM Add new step about re-adding administrative users. 1

});