Portal, V6.1
External security managers
Use external security managers such as IBM Tivoli Access Manager for e-business to perform authentication and authorization for IBM WebSphere Portal. Use an external security manager for authentication only or for both authentication and authorization. Using an external security manager to perform only authorization is not supported at this time.
Perform the following tasks to configure external security managers:
- Enabling the SPNEGO TAI
You can create single sign-on requests for your HTTP server using the Simple and Protected GSS-API Negotiation Mechanism (SPNEGO) trust association interceptor (TAI) available in IBM WAS. The IBM WebSphere Portal installation removes the SPNEGO TAI from the list of available trust association interceptors; therefore, enable the SPNEGO TAI.- Configure Tivoli Access Manager
IBM WebSphere Portal supports the use of IBM Tivoli Access Manager for e-business. Existing Tivoli Access Manager users can leverage the commonly used Tivoli Access Manager services to assist them in their deployment.- Configure eTrust SiteMinder
IBM WebSphere Portal supports the use of Computer Associates eTrust SiteMinder for authentication and authorization.- Verifying Trust Association Interceptors
After configuring IBM WebSphere Portal to use an external security manager for authentication, you should verify that the Trust Association Interceptors (TAI) are working properly before continuing with any additional configuration tasks.- Masking passwords in External Security Manager properties files
WAS has an encoding mechanism to mask the passwords and remove all comments from the
production versions of properties files.- Change the login and logout pages
By default, when unauthenticated users attempt to access the myportal page, they get redirected to the login screen to provide a user name and password. When using a WebSEAL or Computer Associates eTrust SiteMinder TAI for authentication, you no longer need to use the IBM WebSphere Portal login screen. Instead, the login icon should point to the myportal page.- Manage access control with external security managers
WebSphere Portal externalizes roles and uses access control to control role membership. From the perspective of the external security manager, these externalized roles contain only one permission: membership in the role. WebSphere Portal always determines the permissions associated with each role.
Parent topic
Configure additional security features