External security managers
Use external security managers such as IBM Tivoli Access Manager to perform authentication and authorization for WebSphere Portal.
You can use an external security manager for authentication only or for both authentication and authorization. Using an external security manager to perform only authorization is not supported at this time.
To configure external security managers:
- Enable the SPNEGO TAI
You can create single sign-on requests for your HTTP server using the Simple and Protected GSS-API Negotiation Mechanism (SPNEGO) trust association interceptor (TAI) available in IBM WAS. The WebSphere Portal installation removes the SPNEGO TAI from the list of available trust association interceptors; therefore, enable the SPNEGO TAI.
- Configure Tivoli Access Manager
WebSphere Portal supports the use of IBM Tivoli Access Manager. Existing Tivoli Access Manager users can leverage the commonly used Tivoli Access Manager services to assist them in their deployment.
- Configure eTrust SiteMinder
WebSphere Portal supports the use of Computer Associates eTrust SiteMinder for authentication and authorization.
- Verify Trust Association Interceptors for authentication
After configuring WebSphere Portal to use an external security manager for authentication, you should verify that the Trust Association Interceptors (TAI) are working properly before continuing with any additional configuration tasks.
- Masking passwords in External Security Manager properties files
WAS has an encoding mechanism to mask the passwords and remove all comments from the production versions of properties files.
- Changing the login and logout pages
By default, when unauthenticated users attempt to access the myportal page, they get redirected to the login page to provide a user name and password. When using a WebSEAL or Computer Associates eTrust SiteMinder TAI for authentication, you no longer need to use the WebSphere Portal login screen. Instead, the login icon should point to the protected portal page.
- Manage access control with external security managers
WebSphere Portal externalizes roles and uses access control to control role membership. From the perspective of the external security manager, these externalized roles contain only one permission: membership in the role. WebSphere Portal always determines the permissions associated with each role.
Parent topic:
Additional security features