You can authenticate MoRE users with a
user registry or OpenID Connect and configure single sign-on with Lightweight Third Party
Authentication (LTPA).
Before you begin
Review the security limitations to make sure
that the features that you want are available.
About this task
You configure a user registry and the authentication cache. You can optionally configure
LTPA single sign-on and optionally configure an OpenID Connect Relying Party.
Procedure
- Configure a user registry.
Information about users and groups exists in a user registry. A user registry authenticates a
user and retrieves information about users and groups to perform security-related functions,
including authentication and authorization.
- (Optional) Configure single sign-on (LTPA).
You can configure single sign-on for the first time. With single sign-on (SSO) support, web users
can authenticate one time when they access web resources across multiple application servers. Form
login mechanisms for web applications require that SSO is enabled.
- Configure the authentication cache.
The security authentication cache affects the frequency of rehashing and the distribution of the
hash algorithms.
- (Optional) Configure OpenID Connect Relying
Party.
If an existing WebSphere Application Server Network Deployment traditional OIDC Relying
Party TAI configuration is relatively simple, you can migrate the TAI configuration to your managed
Liberty servers. You can alternatively configure
an OpenID Connect (OIDC) Relying Party (RP or client) to manage Liberty servers in your cell.
What to do next
After you configure authentication, you must authorize access to resources.