IBM Tivoli Monitoring > Version 6.3 Fix Pack 2 > Installation Guides > Installation Guide > Prepare for installation > Security options
IBM Tivoli Monitoring, Version 6.3 Fix Pack 2
Single sign-on capability
Enable single sign-on support for the Tivoli Enterprise Portal
The single sign-on (SSO) feature provides users the ability to launch out of the Tivoli Enterprise Portal to other Tivoli Web-based or Web-enabled applications, or to launch into the Tivoli Enterprise Portal from those applications, without having to re-enter their user IDs and passwords.
Single sign-on is required if you are using monitoring dashboard applications such as...
- IBM Infrastructure Management Dashboards for Servers
- IBM Infrastructure Management Dashboards for VMware
- IBM Infrastructure Management Capacity Planner for VMware
- IBM Infrastructure Management Capacity Planner for PowerVM
- custom dashboards
...with Dashboard Application Services Hub, and you want to assign different permissions to your dashboard users or launch from the monitoring dashboards to the Tivoli Enterprise Portal client.
For SSO to be enabled for these scenarios, authentication must be configured through the Tivoli Enterprise Portal Server and the LDAP registry defined to the portal server must be a central registry shared by all participating Tivoli applications. All the participating applications must be configured for SSO and must belong to the same internet or intranet domain and realm.
Enable single sign-on support for the Performance Monitoring service provider
If you are using the Performance Monitoring service provider, it uses the Security Services component of Jazz for Service Management to support single sign-on. When the Performance Monitoring service provider receives an HTTP GET request from an OSLC client, it forwards the LTPA token to Security Services to authenticate the request. If the request does not contain a LTPA token or Security Services indicates that the token is not valid or has expired, the Performance Monitoring service provider returns an HTTP 401 status code to indicate that the request could not be authenticated.
- Install Security Services on the same application server as the Registry Services component of Jazz for Service Management.
- Enable WebSphere Global Security in the application server for Registry Services and Security Services, configure the application server to use a central LDAP registry and enable single sign-on. See Configuring Jazz for Service Management for a central user registry and Configuring Jazz for Service Management for SSO in the Jazz for Service Management Information Center.
- Configure the application servers for OSLC client applications to use the same LDAP registry and enable LTPA based single sign-on with Security Services. The applications must also be configured to use the same LTPA key.
- Configure the Performance Monitoring service provider to use Security Services by setting the Tivoli Enterprise Monitoring Automation Server environment variable...
KAS_SECURITY_SERVICES_ENABLED = Yes
...and restart the automation server.
For instructions on using SSO, see the Enabling user authentication chapter in the IBM Tivoli Monitoring Administrator's Guide.
Parent topic:
Security options