SSO Application - Preparing the WebSphere Application Server

To install the single sign-on application on a separate system than where IBM Security Identity Manager is installed, modify the WebSphere environment on that system.

1. Ensure administrative security is enabled for the profile on which the SSO application is to be installed.

2. Create a folder named classes under...
   WAS_HOME/profiles/profile_name/classes

   Copy itim_server.jar, itim_common.jar, and jlog.jar from...

   ISIM_HOME/lib

   ...to the WebSphere Application Server client....

   WAS_HOME/profiles/profile_name/classes

3. From...
   ISIM_HOME/data

   ...copy the following properties files...

   • enRole.properties
   • enRoleAuthentication.properties
   • enRoleLDAPConnection.properties (java.naming.provider.url=ldap_host)
   • Properties.properties
   • tmsMessages.properties

   ...to the WebSphere Application Server client...

   WAS_HOME/profiles/profile_name/properties

4. On the WAS client create a data folder in...
   WAS_HOME/profiles/profile_name

5. Copy the ISIM_HOME/data/keystore folder to the WebSphere Application Server client...
   WAS_HOME/profiles/profile_name/data folder

6. Restart the WebSphere Application Server client/server.

7. Log in to the WebSphere Application Server client. On WebSphere administrative console, click...
   Global security > Security Domains > Copy Global Security

8. Enter the information for IBM Security Identity Manager Security Domain.

9. Click OK and save the changes to the master configuration.

10. Configure the security domain.

    1. Go to...
       Security Domain > ISIMSecurityDomain

       Specify server1 as the scope of the domain. Click OK and save the changes to the master configuration.

    2. Go to...
       Security Domain > ISIMSecurityDomain > Security Attributes > Application Security

       Select the option Customize for this domain and check the checkbox: Enable Application Security. Click OK and save the changes to master configuration.

    3. Go to...
       Security Domain > ISIMSecurityDomain > User Realm

       Select Standalone custom registry.

    4. Click Configure. Enter the realm name and custom registry class name. Select Ignore case for authorization.

    5. Click OK and save the changes to master configuration.

11. Export and import the LTPA keys for the encryption and decryption of the identity tokens.

    1. Export the LTPA key from the WebSphere Application Server, where IBM Security Identity Manager is installed.

       1. Go to...
          Global Security > LTPA

       2. Specify a password in the Password and Confirm password fields.

       3. Specify the path and LTPA key file name in the Fully qualified key file name field.

       4. Click Export keys.

    2. Import the LTPA key on the WebSphere Application Server client, where SSO application is installed.
       1. Go to Global Security > LTPA.
       2. Specify the password that was used in exporting the LTPA key in the Password and Confirm password fields.
       3. Copy the LTPA key file from the WebSphere Application Server to the WebSphere Application Server client. Specify the path of the LTPA key file on the WebSphere Application Server client in the Fully qualified key file name field.
       4. Click Import keys.
       5. Save the changes to the master configuration.

Parent topic: IBM Security Identity Manager web services in a single sign-on environment