Topic
IC4NOTICE: developerWorks Community will be offline May 29-30, 2015 while we upgrade to the latest version of IBM Connections. For more information, read our upgrade FAQ.
5 replies Latest Post - ‏2012-12-17T13:29:39Z by DavidSeager
NickLaqua
NickLaqua
17 Posts
ACCEPTED ANSWER

Pinned topic Public Service Catalogue - anonymous access to BusinessSpace

‏2012-11-30T08:46:35Z |
Hi there,

we would like to set up a read only service catalogue which doesn't require logging into business space (anonymous user).

Is this possible ?

thx Nick
WSRR v8
Updated on 2012-12-17T13:29:39Z at 2012-12-17T13:29:39Z by DavidSeager
  • DavidSeager
    DavidSeager
    63 Posts
    ACCEPTED ANSWER

    Re: Public Service Catalogue - anonymous access to BusinessSpace

    ‏2012-11-30T09:24:05Z  in response to NickLaqua
    You cannot access Business Space with an anonymous user, if security is enabled on the WSRR & Business Space servers. The best you can do is designate a "view" user who you share the log in details for, and has access to only the Service Catalog space, which is a read-only view onto the services in WSRR.

    For details and samples of how to set up a service catalog, see this dW article I co-authored:

    http://www.ibm.com/developerworks/websphere/library/techarticles/1210_seager/1210_seager.html
    • NickLaqua
      NickLaqua
      17 Posts
      ACCEPTED ANSWER

      Re: Public Service Catalogue - anonymous access to BusinessSpace

      ‏2012-11-30T09:46:57Z  in response to DavidSeager
      Thx for the response David. I did actually use your article when setting the catalogue up.

      Regarding my question, I should have been more precise. Of course, WSRR and business space requires authentication to apply role based security. So the right question would have been for SSO (how to automatically login to WSRR, e.g. LTPA). At the end of the day, business space is "just another" web application :-)

      Nick
      • DavidSeager
        DavidSeager
        63 Posts
        ACCEPTED ANSWER

        Re: Public Service Catalogue - anonymous access to BusinessSpace

        ‏2012-12-05T09:48:30Z  in response to NickLaqua
        So if Business Space runs on the same WebSphere Application Server profile as WSRR, the login to Business Space is used as the login to WSRR. So when the user logs into Business Space they use their WSRR login. The default standalone WSRR profile creation is for Business Space to be installed onto the same WAS profile.

        If Business Space runs on a different WAS system, maybe on a different machine, then you need to configure single sign on between the WAS running Business Space and the WAS running WSRR. This page in our infocenter describes how to do this:
        http://pic.dhe.ibm.com/infocenter/sr/v8r0/topic/com.ibm.bspace.imuc.doc/topics/tcfg_bsp_sec_sso.html

        However there isn't any evidence that separating Business Space and WSRR produces a performance benefit, so for simplicity I would recommend putting Business Space on the same WAS server as WSRR.
        • NickLaqua
          NickLaqua
          17 Posts
          ACCEPTED ANSWER

          Re: Public Service Catalogue - anonymous access to BusinessSpace

          ‏2012-12-11T01:17:23Z  in response to DavidSeager
          David,

          there is no concern about installing both Business Space and WSRR on the same server, as per the default setup.

          My question was more around making BusinessSpace/WSRR part of an internal SSO network, so that based on the existing enterprise logon, users are automatically signed on to Business Space without having to enter username/password again.

          so the more appropriate info center link is actually two lines down where it is explained how to use WebSeal (external authentication component) together with Business Space. In this case, I assume, that the user is not being shown the Business Space logon screen.

          http://pic.dhe.ibm.com/infocenter/sr/v8r0/index.jsp?topic=%2Fcom.ibm.bspace.imuc.doc%2Ftopics%2Ftcfg_bsp_sec_sso.html

          Nick
          • DavidSeager
            DavidSeager
            63 Posts
            ACCEPTED ANSWER

            Re: Public Service Catalogue - anonymous access to BusinessSpace

            ‏2012-12-17T13:29:39Z  in response to NickLaqua
            Yes, if WebSeal is used then the user should not see the Business Space login screen, and will be directed to the space.

            There is an APAR open for this function, IV27434, which you can see if you have Passport Advantage access, according to this page http://www-01.ibm.com/support/docview.wss?uid=swg21461170

            "The ability to see Open APARs on the Web is restricted to clients with entitled IBM Customer Identification Numbers (ICNs). You should login with your IBM Login ID which is mapped to your ICNs."

            We aim to fix this APAR for the next fix packs of 7.5 and 8.0, alternatively once it is closed and published (and therefore visible on the web) you can request an interim fix.