Topic
  • 3 replies
  • Latest Post - ‏2013-10-07T21:17:01Z by sree666
DanLingard
DanLingard
2 Posts

Pinned topic HATS and SSO with LDAP?

‏2009-10-29T17:21:42Z |

Hi all,
This is probably a stupid question, but I've looked at lots of documentation now and have yet to find out how to do this!
Anyhow, I've got a Java application running in Websphere App Server 6.1 secured with LDAP, and this all works fine. I'm trying to add both HATS (7.5) dynamic transformation and a WebFaced project into the same application, but can't get it to work.
Both HATS and WebFaced EARS install, but don't participate in the single sign on process for some reason.
The only documentation I can find is for earlier versions of HATS and WAS, and I'm sure it's this disconnect between the docs and what I can see on screen that's tripping me up.
Does anyone have an idiot's guide to setting this stuff up that I can look at?
Cheers,
Dan
Updated on 2009-11-05T17:04:22Z at 2009-11-05T17:04:22Z by DanLingard
  • SystemAdmin
    SystemAdmin
    1192 Posts

    Re: HATS and SSO with LDAP?

    ‏2009-11-05T08:02:14Z  

    We have some information for HATS and WebFacing application single signon in the HATS 7.5 information center. Please take a look and see if it would help.
    Securing your Web applications with single signon (http://publib.boulder.ibm.com/infocenter/hatshelp/v75/index.jsp?topic=/com.ibm.hats.doc/doc/topics/twfeim.html) has a "Install and configure the Lightweight Directory Access Protocol (LDAP)" section (http://publib.boulder.ibm.com/infocenter/hatshelp/v75/index.jsp?topic=/com.ibm.hats.doc/doc/topics/twfldap.html) and information on how to use use single signon in a WebFacing application.
    Security and Web Express Logon (http://publib.boulder.ibm.com/infocenter/hatshelp/v75/index.jsp?topic=/com.ibm.hats.doc/doc/ugsslsec.htm) has information on Web Express Logon (WEL) which gives you a mechanism to authenticate users (that run HATS Web applications and portlets) and provides them with single signon capability.
  • DanLingard
    DanLingard
    2 Posts

    Re: HATS and SSO with LDAP?

    ‏2009-11-05T17:04:22Z  

    We have some information for HATS and WebFacing application single signon in the HATS 7.5 information center. Please take a look and see if it would help.
    Securing your Web applications with single signon (http://publib.boulder.ibm.com/infocenter/hatshelp/v75/index.jsp?topic=/com.ibm.hats.doc/doc/topics/twfeim.html) has a "Install and configure the Lightweight Directory Access Protocol (LDAP)" section (http://publib.boulder.ibm.com/infocenter/hatshelp/v75/index.jsp?topic=/com.ibm.hats.doc/doc/topics/twfldap.html) and information on how to use use single signon in a WebFacing application.
    Security and Web Express Logon (http://publib.boulder.ibm.com/infocenter/hatshelp/v75/index.jsp?topic=/com.ibm.hats.doc/doc/ugsslsec.htm) has information on Web Express Logon (WEL) which gives you a mechanism to authenticate users (that run HATS Web applications and portlets) and provides them with single signon capability.

    Hi Jiayun,
    Thanks for the response - I had found those documents, but they're of limited help to me as they don't go into a great deal of detail. I have set up and configured an LDAP server (not on an iSeries) and my Java application is using it to authenticate sign on.
    I'm now trying to get the HATS dynamic transformation part of my application to also use LDAP and accept single sign on, and what I really need is a step by step guide for the complete novice!
    The link to WEL that you provided, http://publib.boulder.ibm.com/infocenter/hatshelp/v75/index.jsp?topic=/com.ibm.hats.doc/doc/ugsslsec.htm, suggests that I need to write my own plug in class for LDAP.
    "Another possibility
    for a repository is an LDAP directory. However, using LDAP as your CMP requires
    you to write your own plug-in"
    Am I getting confused here, or do I really have to write my own plug in for something as industry standard as LDAP?! I'd really have expected this to be built in and just to need configuring (as it is with WebSphere app server, etc).
    Kind regards,
    Dan
  • sree666
    sree666
    8 Posts

    Re: HATS and SSO with LDAP?

    ‏2013-10-07T21:17:01Z  

    Hi Jiayun,
    Thanks for the response - I had found those documents, but they're of limited help to me as they don't go into a great deal of detail. I have set up and configured an LDAP server (not on an iSeries) and my Java application is using it to authenticate sign on.
    I'm now trying to get the HATS dynamic transformation part of my application to also use LDAP and accept single sign on, and what I really need is a step by step guide for the complete novice!
    The link to WEL that you provided, http://publib.boulder.ibm.com/infocenter/hatshelp/v75/index.jsp?topic=/com.ibm.hats.doc/doc/ugsslsec.htm, suggests that I need to write my own plug in class for LDAP.
    "Another possibility
    for a repository is an LDAP directory. However, using LDAP as your CMP requires
    you to write your own plug-in"
    Am I getting confused here, or do I really have to write my own plug in for something as industry standard as LDAP?! I'd really have expected this to be built in and just to need configuring (as it is with WebSphere app server, etc).
    Kind regards,
    Dan

    Hi 

    Even I feel this is weird. LDAP is a very common approach for Authentication. I am surprised this HATS toolkit provides plugins to connect to DB to get the Host credentials but not for LDAP. Do they think storing userId and password in DB without encryption is more secure than LDAP. I do not see any advantage that DB have over LDAP. I am not sure why IBM chose to give plugins for DB instead of LDAP. I feel IBM should have given plugins for the standard approaches.

    Has any one successfully written a credential mapper plugin for LDAP. Please share your approach on this.