Pinned topic HATS and SSO with LDAP?
This is probably a stupid question, but I've looked at lots of documentation now and have yet to find out how to do this!
Anyhow, I've got a Java application running in Websphere App Server 6.1 secured with LDAP, and this all works fine. I'm trying to add both HATS (7.5) dynamic transformation and a WebFaced project into the same application, but can't get it to work.
Both HATS and WebFaced EARS install, but don't participate in the single sign on process for some reason.
The only documentation I can find is for earlier versions of HATS and WAS, and I'm sure it's this disconnect between the docs and what I can see on screen that's tripping me up.
Does anyone have an idiot's guide to setting this stuff up that I can look at?
SystemAdmin 110000D4XK1192 Posts
Re: HATS and SSO with LDAP?2009-11-05T08:02:14ZThis is the accepted answer. This is the accepted answer.
We have some information for HATS and WebFacing application single signon in the HATS 7.5 information center. Please take a look and see if it would help.
Securing your Web applications with single signon (http://publib.boulder.ibm.com/infocenter/hatshelp/v75/index.jsp?topic=/com.ibm.hats.doc/doc/topics/twfeim.html) has a "Install and configure the Lightweight Directory Access Protocol (LDAP)" section (http://publib.boulder.ibm.com/infocenter/hatshelp/v75/index.jsp?topic=/com.ibm.hats.doc/doc/topics/twfldap.html) and information on how to use use single signon in a WebFacing application.
Security and Web Express Logon (http://publib.boulder.ibm.com/infocenter/hatshelp/v75/index.jsp?topic=/com.ibm.hats.doc/doc/ugsslsec.htm) has information on Web Express Logon (WEL) which gives you a mechanism to authenticate users (that run HATS Web applications and portlets) and provides them with single signon capability.
DanLingard 270001A77K2 Posts
Re: HATS and SSO with LDAP?2009-11-05T17:04:22ZThis is the accepted answer. This is the accepted answer.
- SystemAdmin 110000D4XK
Thanks for the response - I had found those documents, but they're of limited help to me as they don't go into a great deal of detail. I have set up and configured an LDAP server (not on an iSeries) and my Java application is using it to authenticate sign on.
I'm now trying to get the HATS dynamic transformation part of my application to also use LDAP and accept single sign on, and what I really need is a step by step guide for the complete novice!
The link to WEL that you provided, http://publib.boulder.ibm.com/infocenter/hatshelp/v75/index.jsp?topic=/com.ibm.hats.doc/doc/ugsslsec.htm, suggests that I need to write my own plug in class for LDAP.
for a repository is an LDAP directory. However, using LDAP as your CMP requires
you to write your own plug-in"
Am I getting confused here, or do I really have to write my own plug in for something as industry standard as LDAP?! I'd really have expected this to be built in and just to need configuring (as it is with WebSphere app server, etc).
sree666 270005S1NH8 Posts
Re: HATS and SSO with LDAP?2013-10-07T21:17:01ZThis is the accepted answer. This is the accepted answer.
- DanLingard 270001A77K
Even I feel this is weird. LDAP is a very common approach for Authentication. I am surprised this HATS toolkit provides plugins to connect to DB to get the Host credentials but not for LDAP. Do they think storing userId and password in DB without encryption is more secure than LDAP. I do not see any advantage that DB have over LDAP. I am not sure why IBM chose to give plugins for DB instead of LDAP. I feel IBM should have given plugins for the standard approaches.
Has any one successfully written a credential mapper plugin for LDAP. Please share your approach on this.