Topic
  • 3 replies
  • Latest Post - ‏2017-07-10T15:10:04Z by NicolasK
PARTHKAUSHIK
PARTHKAUSHIK
13 Posts

Pinned topic SSO With Liberty

‏2017-05-05T21:08:08Z |

Hi , 

 

I am trying to configure SSO with Liberty (on RHEL6.8/10.5.0/3.5.0) with active directory . Once configured, i get the windows authentication pop up . It excepts my domain credentilas, but instead of taking me inside the application  it takes me to the login page where i have to input  my local tririga profile login details. Can someone please help me on this ??

 

Thanks in advance,

 

Parth 

  • JeffLong
    JeffLong
    19 Posts

    Re: SSO With Liberty

    ‏2017-05-10T16:23:06Z  

    Hello,

     

    Have you verified the following settings:  https://www.ibm.com/support/knowledgecenter/en/SSHEB3_3.5.0/com.ibm.tap.doc/sso_topics/r_sso_properties.html

  • MartinBurch
    MartinBurch
    75 Posts

    Re: SSO With Liberty

    ‏2017-06-14T00:38:45Z  

    We have this wiki: https://www.ibm.com/developerworks/community/wikis/home?#!/wiki/IBM%20TRIRIGA1/page/TRIRIGA%20on%20WebSphere%20Liberty%20-%20SSO%20with%20IIS%20and%20AD

    The first thing I would check is this property is set up correctly:

    SSO_REQUEST_ATTRIBUTE_NAME=$WSRU

  • NicolasK
    NicolasK
    45 Posts

    Re: SSO With Liberty

    ‏2017-07-10T15:10:04Z  

    I have configured a full WebSphere with TRIRIGA SSO..

    I have read and applied the process described in :

    Redbooks : Implrementing Kerberos in a WebSphere Application Server Environment

    There was something that I did more or less documented if I remember which was key in enabling auto logon :

    In the app server, I had to modify the following file (ajust to you build number) and note that this must be re-applied with each deployment or upgrade :

    AppServer\profiles\AppSrv01\config\cells\QUED00806Node01Cell\applications\IBM-TRIRIGA_Build-101076.ear\deployments\IBM-TRIRIGA_Build-101076\tririga-ibs.war\WEB-INF\web.xml and add a new security contrainst which looks like this :

        <security-constraint id="SecurityConstraint_1">

            <web-resource-collection>

                <web-resource-name>TRIRIGA-Application</web-resource-name>

                <description>Protection area for TRIRIGA-Application.</description>

                <url-pattern>/*</url-pattern>

                <http-method>GET</http-method>

                <http-method>POST</http-method>

            </web-resource-collection>

            <auth-constraint id="AuthConstraint_1">

            <description>TRIRIGA Security:+:All Authenticated users for TRIRIGA.</description>

            <role-name>TRIRIGA-Application</role-name>

            </auth-constraint><user-data-constraint id="UserDataConstraint_1">

            <transport-guarantee>NONE</transport-guarantee>

            </user-data-constraint>

        </security-constraint>

     

    Then I went in WebSphere(app server instance) in the TRIRIGA  enterprise application configuration page and select "Security role to user/group mapping" and set special subjects like this

     

     

    After restarting the WebSphere app server, auto logon started working.

     

    Also keep in mind that unless you want to configure the integration Web service with SSO which may be possible/required, it is quite complex and needs something like a JAX SSO wrapper (depending on the techology used by you connecting application), you have to definer another role and security constraint to allow for basic authentication by external applications (that is what I use the TRIRIGA-BusinessConnect role for...