Topic
  • 5 replies
  • Latest Post - ‏2012-12-17T13:29:39Z by DavidSeager
NickLaqua
NickLaqua
17 Posts

Pinned topic Public Service Catalogue - anonymous access to BusinessSpace

‏2012-11-30T08:46:35Z |
Hi there,

we would like to set up a read only service catalogue which doesn't require logging into business space (anonymous user).

Is this possible ?

thx Nick
WSRR v8
Updated on 2012-12-17T13:29:39Z at 2012-12-17T13:29:39Z by DavidSeager
  • DavidSeager
    DavidSeager
    64 Posts

    Re: Public Service Catalogue - anonymous access to BusinessSpace

    ‏2012-11-30T09:24:05Z  
    You cannot access Business Space with an anonymous user, if security is enabled on the WSRR & Business Space servers. The best you can do is designate a "view" user who you share the log in details for, and has access to only the Service Catalog space, which is a read-only view onto the services in WSRR.

    For details and samples of how to set up a service catalog, see this dW article I co-authored:

    http://www.ibm.com/developerworks/websphere/library/techarticles/1210_seager/1210_seager.html
  • NickLaqua
    NickLaqua
    17 Posts

    Re: Public Service Catalogue - anonymous access to BusinessSpace

    ‏2012-11-30T09:46:57Z  
    You cannot access Business Space with an anonymous user, if security is enabled on the WSRR & Business Space servers. The best you can do is designate a "view" user who you share the log in details for, and has access to only the Service Catalog space, which is a read-only view onto the services in WSRR.

    For details and samples of how to set up a service catalog, see this dW article I co-authored:

    http://www.ibm.com/developerworks/websphere/library/techarticles/1210_seager/1210_seager.html
    Thx for the response David. I did actually use your article when setting the catalogue up.

    Regarding my question, I should have been more precise. Of course, WSRR and business space requires authentication to apply role based security. So the right question would have been for SSO (how to automatically login to WSRR, e.g. LTPA). At the end of the day, business space is "just another" web application :-)

    Nick
  • DavidSeager
    DavidSeager
    64 Posts

    Re: Public Service Catalogue - anonymous access to BusinessSpace

    ‏2012-12-05T09:48:30Z  
    • NickLaqua
    • ‏2012-11-30T09:46:57Z
    Thx for the response David. I did actually use your article when setting the catalogue up.

    Regarding my question, I should have been more precise. Of course, WSRR and business space requires authentication to apply role based security. So the right question would have been for SSO (how to automatically login to WSRR, e.g. LTPA). At the end of the day, business space is "just another" web application :-)

    Nick
    So if Business Space runs on the same WebSphere Application Server profile as WSRR, the login to Business Space is used as the login to WSRR. So when the user logs into Business Space they use their WSRR login. The default standalone WSRR profile creation is for Business Space to be installed onto the same WAS profile.

    If Business Space runs on a different WAS system, maybe on a different machine, then you need to configure single sign on between the WAS running Business Space and the WAS running WSRR. This page in our infocenter describes how to do this:
    http://pic.dhe.ibm.com/infocenter/sr/v8r0/topic/com.ibm.bspace.imuc.doc/topics/tcfg_bsp_sec_sso.html

    However there isn't any evidence that separating Business Space and WSRR produces a performance benefit, so for simplicity I would recommend putting Business Space on the same WAS server as WSRR.
  • NickLaqua
    NickLaqua
    17 Posts

    Re: Public Service Catalogue - anonymous access to BusinessSpace

    ‏2012-12-11T01:17:23Z  
    So if Business Space runs on the same WebSphere Application Server profile as WSRR, the login to Business Space is used as the login to WSRR. So when the user logs into Business Space they use their WSRR login. The default standalone WSRR profile creation is for Business Space to be installed onto the same WAS profile.

    If Business Space runs on a different WAS system, maybe on a different machine, then you need to configure single sign on between the WAS running Business Space and the WAS running WSRR. This page in our infocenter describes how to do this:
    http://pic.dhe.ibm.com/infocenter/sr/v8r0/topic/com.ibm.bspace.imuc.doc/topics/tcfg_bsp_sec_sso.html

    However there isn't any evidence that separating Business Space and WSRR produces a performance benefit, so for simplicity I would recommend putting Business Space on the same WAS server as WSRR.
    David,

    there is no concern about installing both Business Space and WSRR on the same server, as per the default setup.

    My question was more around making BusinessSpace/WSRR part of an internal SSO network, so that based on the existing enterprise logon, users are automatically signed on to Business Space without having to enter username/password again.

    so the more appropriate info center link is actually two lines down where it is explained how to use WebSeal (external authentication component) together with Business Space. In this case, I assume, that the user is not being shown the Business Space logon screen.

    http://pic.dhe.ibm.com/infocenter/sr/v8r0/index.jsp?topic=%2Fcom.ibm.bspace.imuc.doc%2Ftopics%2Ftcfg_bsp_sec_sso.html

    Nick
  • DavidSeager
    DavidSeager
    64 Posts

    Re: Public Service Catalogue - anonymous access to BusinessSpace

    ‏2012-12-17T13:29:39Z  
    • NickLaqua
    • ‏2012-12-11T01:17:23Z
    David,

    there is no concern about installing both Business Space and WSRR on the same server, as per the default setup.

    My question was more around making BusinessSpace/WSRR part of an internal SSO network, so that based on the existing enterprise logon, users are automatically signed on to Business Space without having to enter username/password again.

    so the more appropriate info center link is actually two lines down where it is explained how to use WebSeal (external authentication component) together with Business Space. In this case, I assume, that the user is not being shown the Business Space logon screen.

    http://pic.dhe.ibm.com/infocenter/sr/v8r0/index.jsp?topic=%2Fcom.ibm.bspace.imuc.doc%2Ftopics%2Ftcfg_bsp_sec_sso.html

    Nick
    Yes, if WebSeal is used then the user should not see the Business Space login screen, and will be directed to the space.

    There is an APAR open for this function, IV27434, which you can see if you have Passport Advantage access, according to this page http://www-01.ibm.com/support/docview.wss?uid=swg21461170

    "The ability to see Open APARs on the Web is restricted to clients with entitled IBM Customer Identification Numbers (ICNs). You should login with your IBM Login ID which is mapped to your ICNs."

    We aim to fix this APAR for the next fix packs of 7.5 and 8.0, alternatively once it is closed and published (and therefore visible on the web) you can request an interim fix.