+

Search Tips   |   Advanced Search


Configure single sign-on (SSO) for Digital Asset Management (or DAM) | HCL Digital Experience

This section provides the steps on how to configure SSO for Digital Asset Management.


Configure single sign-on (SSO) across the HCL WebSphere Portal 9.5 container deployments to share Digital Asset Management media assets

HTTP single sign-on preserves user and session authentication on different web applications. By using HTTP single sign-on (SSO), the HCL Digital Asset Management application is not prompted for security credentials when communicating with HCL Digital Experience container services within a trust domain. The trust domain in an HCL WebSphere Portal 9.5 container deployment includes the following applications and servers:

HCL WebSphere Portal

IBM WebSphere Application Server:

In an SSO scenario, an HTTP cookie is used to propagate a service authentication information to disparate web servers. This propagation relieves the server or user from having to enter authentication information for every new client/server session (assuming basic authentication).

HCL WebSphere Portal can read and generate the Lightweight Third Party Authentication (LTPA) cookie, which is used to pass SSO credentials between WebSphere Application Server applications. The default mechanism to support SSO requires HCL WebSphere Portal to be used as the common user repository that is shared by all of the applications that require SSO.

To configure single sign-on between HCL WebSphere Portal staging and production environments to promote Digital Asset Management assets to the production server, complete the following steps: HCL WebSphere Portal 9.5 staging services:

HCL WebSphere Portal 9.5 target production services:

  1. In the HCL WebSphere Portal 9.5 container staging server, access the WebSphere Application Server console to generate an LTPA token and define a domain. See the following:

    • Generate the LTPA.
      Figure 1. Global security > Single sign-on (SSO) screen

    • Set the domain.
      Figure 2. Enter a domain name

    • Export the LTPA token.
      Figure 3. Export the LTPA key

  2. Use a command line interface to copy the LTPA key file from the staging server to the production server.

  3. Use a command line interface to access the copy of the LTPA file stored on the staging server (from the previous step). Copy that file to the production server. home/dx_user/ltpa_stage.key

  4. Open the WebSphere Application Server console on the target HCL WebSphere Portal 9.5 container deployment.
  5. Using the WebSphere Application Server console on the target staging HCL Digital Experience 9.5 container deployment server, import the LTPA key, as in the following:
    Figure 4. Import the LTPA key

  6. On the target production HCL WebSphere Portal 9.5 container server, set the domain.
    Figure 5. Set the domain

  7. Once the steps are completed, stop and start both the source and the target HCL Digital Experience 9.5 container servers.


Validate the single sign-on across the source staging and target production HCL Digital Experience 9.5 container deployments

  1. Log in to the HCL WebSphere Portal 9.5 staging container deployment.
  2. Use the same browser session, change the URL to log into the target production HCL Digital Experience 9.5 container deployment.

  3. Verify that access is operational without being prompted for re-authentication.


HCL WebSphere Portal Solution Feedback

HCL WebSphere Portal is interested in your experience and feedback working with HCL Digital Experience 9.5 release software. To offer comments or issues on your findings, please access the HCL WebSphere Portal 9.5 Feedback Reporting application.