Configuring single sign-on

This page has not been liked. Updated 8/5/15, 9:46 AM by cfjohnstTags: None

This page contains additional information on how to configure the Rational Team Concert integration to use single sign-on. 

Note:  Single sign-on is not supported in Rational ClearQuest.  See Request For Enhancement RATLC01063887.



Overview



By default, IBM Control Desk uses an OAuth endpoint to connect to the Rational products in this integration.  This means that users will be prompted for credentials to Rational Team Concert or Rational ClearQuest the first time they attempt to view, select, or create a defect during their IBM Control Desk session.



If you do not want users to be prompted for credentials to Rational Team Concert after logging into IBM Control Desk, you can configure the integration to use single sign-on (SSO).



To achieve SSO, both Rational Team Concert and IBM Control Desk must be installed on WebSphere Application Server and configured to use the same LDAP registry.  It is recommended to use Tivoli Directory Server, which is packaged with IBM Control Desk.



Configuration



1. Any products that are not installed on WebSphere Application Server must be migrated to WebSphere Application Server.



2. You must configure all products to use the same LDAP registry for authentication.



For information about how to configure IBM Control Desk to use LDAP security, see the LDAP Authentication topic in the information center.



If you need more information about configuring IBM Control Desk to use LDAP, see these resources:



For information about how to configure Rational Team Concert 4.0 to use LDAP security, see the Configuring Jazz applications for LDAP article on Jazz.net.  See the section starting with "Configuring the Jazz server".



Note: Users in the LDAP registry will need to be granted access to the appropriate project areas in Rational Team Concert before they will be able to view, select, or create defects from within IBM Control Desk.



3. If both products are installed on the same WebSphere Application Server, you can skip this step. However, if your IBM Control Desk and Rational Team Concert are installed on separate WebSphere Application Servers, some additional configuration is needed to achieve single sign-on:



Consult the Rational Team Concert information center topic on Deploying with single sign-on on WebSphere Application Server.



4. Create a new Rational Team Concert endpoint within IBM Control Desk and update the provider record to use the new endpoint:



a) Go to Integration > End Points and create a new endpoint.

b) Give it a name and description and select HTTP for the Handler.

c) Fill in the endpoint properties as show below:

d) Save the changes to the endpoint.

e) Run the following database query to update the end point to use with the Rational Team Concert Provider:



update oslcprovider set endpointname='RTCHTTP' where providername='SCCDRTCPROVIDER';

(Replace RTCHTTP with the name of the new end point you created.)

f) Restart MXServer in the WebSphere Application Server administrator console.  You should now be able to view, select, and create defects within IBM Control Desk without being prompted for credentials to Rational Team Concert.