Enable single sign-on for the Windows desktop
Overview
Configure IBM Connections to use SPNEGO for single sign-on (SSO). This configuration permits users to sign in to the Windows desktop and automatically authenticate with Connections.
Verify that IBM Connections works correctly without the SPNEGO authentication protocol.
Create a user account in the LDAP directory, and add it to the WAS administrators group.
Create a service principal name and keytab file.
For on-ramp plug-ins or mobile services, the data traffic is not authenticated by Kerberos tickets or SPNEGO tokens. It is instead authenticated through Java EE form-based authentication.
The Kerberos authentication protocol uses strong cryptography which enables a client to prove its identity to a server across an insecure network connection. After the client and server have proven their identity, the authentication protocol encrypts all data the client and server exchange. The SPNEGO tokens, which wrap valid Kerberos tickets, can be used to negotiate the security for SSO.
Configure Connections to use SPNEGO
- Map an Active Directory account to administrative roles
- Create a service principal name and keytab file
- Create a redirect page for users without SPNEGO support
- Configure SPNEGO on WAS
- Configure web browsers to support SPNEGO
Parent topic:
Configure single sign-onRelated reference: IBM Connections system requirements