Enable single sign-on between all features
Overview
If you have a network deployment in which the features are installed on separate nodes, and you have installed the Home page feature or enabled the Profiles service, configure Lotus Connections to allow single sign-on (SSO) between all of the features. When SSO is enabled, users can log into one feature of Lotus Connections and then switch to other features without having to authenticate again.
If the Home page feature is on a different node than the other features, all the servers must be using the same user repository. Thus, if you are using federated repositories, the realm name must be identical on each server. Furthermore, the base entry and DN of the base entry for the user repository must also be identical on each server.
Configure the SSO domain. This should be the common domain for all your servers. An example might be enterprise.example.com. You must be able to access your installed features from a Web browser before you can enable SSO for them.
If you are enabling SSO between Lotus Connections and a product that is deployed on a pre-6.1 version of WebSphere Application Server, or if the product is using IBM Lotus Domino®, first complete the steps described in the Enabling SSO with stand-alone LDAP topic.
This procedure is only required if you have chosen to install an advanced stand-alone deployment and installed different features into different WebSphere Application Server cells.
You must ensure that all the servers share the same LTPA keys. To do this, export the keys from one server and import them into the others.
Set up SSO between all of the features
- On each node where features other than Home page are installed, enable SSO:
- Log into the WAS admin console as an administrator, expand...
-
Security | Secure administration, applications, and infrastructure | Web security | single sign-on (SSO)
- Type the domain name into the Domain name field. You must include a dot (.) before the domain name. For example:
- .enterprise.acme.com
- Log into the WAS admin console as an administrator, expand...
- On the node where Home page is installed...
- Log into the WAS admin console as an administrator, click...
-
Secure administration, applications, and infrastructure | Authentication mechanisms and expiration | Cross-cell single sign-on
..and provide values for...
Password You will need to provide this password later, when you configure to the keys you are exporting. Fully qualified key file name Specify a valid path and a file name for the file that will hold the exported keys. This file is encrypted using the password specified above. - Click Export keys.
- Log into the WAS admin console as an administrator, click...
- On each node where the other features are installed...
- Log into the WAS admin console as an administrator, click...
-
Secure administration, applications, and infrastructure | Authentication mechanisms and expiration | Cross-cell single sign-on
..and provide values for the following fields...
Password
Fully qualified key file name
- Click Import keys.
- Log into the WAS admin console as an administrator, click...
- Restart all the nodes.
By default, WAS regenerates LTPA keys periodically. Disable this automatic regeneration to maintain SSO.
Related tasks
Single sign-on
Export LTPA keys
Import LTPA keys
Forcing users to log in before they can access a feature
Enable Lotus Connections service extensions
Hiding e-mail addresses
Exposing e-mail addresses
Configure single sign-on