I WANT TO CREATE A SINGLE SIGN ON WITH MICROSOFT ACTIVE DIRECTORY ON LDAP OVER PORTAL. I HAVE READ SOME PEOPLE USE KERBEROS, TAI++ AND SPNEGO, BUT I DON'T KNOW HOW TO USE THEM AT ALL. PLEASE I REALLY NEED SOMEONE TO HELP ME WITH THIS AND GIVE ME SOME EXPLANATIONS. THANKS...
DAVID GIOVANON
WebSphere Portal 6 does not have out-of-the-box SSO support for windows desktop (Kerberos authentication), but it can be configured provided that you have a TAI module that supports that in place.
Hi Oved,
What do you mean by true SSO ? If my requirement gets fulfilled without custom TAI, then it is fine. SPNEGO and Kerberos are just other ways to achieve it.
You are absolutely right. there are many ways to achive SSO and the articles that you sent shows some of them.
The title of the thread says Kerberos and SPNEGO specifically which allows delegation of the windows desktop credential to the Porta all the way to the database (where you can assign and revoke permissions to database resources based on the user credentials) and thus I refered to it as a requirement.
Are you on 6.1? If so:
http://publib.boulder.ibm.com/infocenter/wpdoc/v6r1/index.jsp?topic=/com.ibm.wp.ent.doc_v6101/config/cfg_spnego.html
That will address login/authentication. VMM configuration will point to MSAD and will cover the authorization side of things.
You might also find this helpful:
http://www-10.lotus.com/ldd/portalwiki.nsf/dx/test-6.1-spnego
(Test infrastructure: Simple and Protected Negotiation Mechanism (SPNEGO) testing with WebSphere Portal 6.1)
Also, if you are on 6.0, you might want to use Tivoli Access Manager (TAM) to get SPNEGO support, per:
http://www.redbooks.ibm.com/redpapers/pdfs/redp4339.pdf
Tags
Use the search field to
find all types of content in My developerWorks with that tag.
Use the slider bar to see more or fewer tags.
Popular tags shows the top tags for this particular type of content or application that you're viewing.
My tags shows your tags for this particular type of content or application that
you're viewing.
