Install the SSO application on a system where ISIM is installed

Install the single sign-on application using the WebSphere Application Server administrative console.

Familiarize ourself with the SSO application details and installation requirements before we install it..

Install the WebSphere Application Server fixes that are specified in ISIM Release Notes. Use the installation instructions in the Release Notes to install the fixes. Install the SSO application on the WebSphere Application Server where ISIM is installed.

When we install the SSO application on the same system where IBM Security Identity Manager is installed, SSO authentication uses ISIM web services. The WebSphere Application Server returns an LTPA token when you authenticate with the WebSphere Application Server.

1. Build the SSO application to create the itim_ws.war file.

2. Install the application using the WebSphere Application Server administrative console.

   1. Log on to the WebSphere Application Server administrative console. For example, http://localhost:9060/ibm/console

   2. Click...
      Applications > New Applications > New Enterprise Application

   3. In the Path to the new application area, select "Local file system".

   4. Click Browse to set Full path to the location of the itim_ws.war file.

   5. Click Next.

   6. In the How do to install the application area, select...
      Detailed - Show all installation options and parameters.

   7. Click Next.

   8. At the Application Security Warnings window, click Continue.

   9. Click the "Map context roots for Web modules" step and specify the context root value as /itim_ws.

   10. Click "Map security roles to users or groups" step. Select the ITIM_CLIENT role

   11. Click "Map Special Subjects > All Authenticated in Trusted Realms."

   12. Click Next repeatedly until the Summary window is displayed.

   13. Click Finish.

   14. Click Save to save your changes directly to the master configuration.

3. Update the class loader properties

   1. Click...
      Applications > Application Types > WebSphere enterprise applications > itim_ws.war > Detailed Properties > Class loading and update detection.

   2. For the Class loader order and Single class loader for application for the WAR class loader policy select "Classes loaded with local class loader first (parent last)"

   3. Click OK.

   4. Click Save to save your changes directly to the master configuration.

The SSO application works only with its own authentication by using ISIM user registry. You must enable authentication with WebSEAL.

• Enabling authentication with WebSEAL
  Enabling authentication with WebSEAL eliminates the need for a separate password to access IBM Security Identity Manager.

Parent topic: IBM Security Identity Manager web services in a single sign-on environment