Sterling External Authentication Server authentication

Sterling External Authentication Server (SEAS) allows you to implement extended authentication and validation services for IBM products, called client applications. SEAS includes a server that client applications connect to and a GUI to configure SEAS requirements.

You can use SEAS for user authentication on Sterling B2B Integrator using one of the following installation methods:

  • IBM Installation Manager (IIM)
  • Certified Container

Using IIM

SEAS provides user authentication to validate a trading partner user ID and password against the Sterling B2B Integrator user store. Before you use this custom exit to validate user information against the user store, you must configure a separate HTTP server adapter in Sterling B2B Integrator to enable both user authentication and SSL. For more information, see Sterling B2B Integrator User Authentication through Sterling External Authentication Server Custom Exit.

Sterling B2B Integrator v6.2.0.0 and above is compatible with SEAS 6.0.3.0 iFix 7 or above and 6.1.0.0 iFix 3 or above. If required, upgrade SEAS to a compatible version and install the plug-in for IIM in Sterling B2B Integrator as per Prepare Sterling File Gateway to Support Single Sign-On on UNIX or Linux.

Using Certified Container

You must integrate the Certified Container with SEAS to perform user authentication.

Follow the steps to integrate SEAS:
  1. Navigate to the SEAS installation directory and copy the following files to the config folder under ibm-b2bi-prod Helm charts:
    • authentication_policy.properties_seas-auth_ext.in
    • security.properties_seas-sso_ext.in
    • servers.properties_seas-auth_ext
    • servers.properties_seas-sso_ext
  2. Edit the following files to ensure the seas-auth entry is not commented:
    1. Edit the file servers.properties_seas-auth_ext to match your install directory.
      For example, change from: 
      seas-auth=<SI_install_dir>/properties/seas-auth/1.0/seas-auth.properties
      To:
      seas-auth=/ibm/b2bi/install/properties/seas-auth/1.0/seas-auth.properties
    2. Edit the file servers.properties_seas-sso_ext to match your install directory.
      For example, change from:
      seas-sso=<SI_install_dir>/properties/seas-sso/1.0/seas-sso.properties
      To:
      seas-auth=/ibm/b2bi/install/properties/seas-auth/1.0/seas-auth.properties
  3. Create a new directory called seas under the volume mapped to /ibm/resources and add the following jars:
    • seas-sso-impl.jar
    • seas-client.jar
    • hadrian-client.jar
    • jdom-<version>.jar.

      Example: jdom-2.0.6.1.jar

    Note: With SEAS Certified Container v6.1.0.0 and higher, an additional jar for JDOM must be copied to the seas directory under the volume mapped to /ibm/resources.
  4. Edit values.yaml to enable SEAS Integration:
    integrations:
 seasIntegration:
   isEnabled: true
   seasVersion: "1.0"
  5. Start Helm chart installation. A new instance of Sterling B2B Integrator comes up.
  6. Add seas-sso.jar:
    1. Go to Customization UI and navigate to Custom Jar > Create CustomJar.
    2. Enter Vendor Name as seas-sso.
    3. Enter Vendor Version as 1.0.
    4. Enter Jar Type as Library.
    5. Enter Target Type as Every.
    6. Upload the seas-sso.jar file and click Save CustomJar.
  7. Add seas-sso.properties:
    1. Go to Customization UI and navigate to Custom Jar > Create CustomJar.
    2. Enter Vendor Name as seas-sso.
    3. Enter Vendor Version as 1.0.
    4. Enter Jar Type as Property File.
    5. Enter Target Type as Every.
    6. Upload the seas-sso.properties file and click Save CustomJar.
  8. Add seas-auth.properties:
    1. Go to Customization UI and navigate to Custom Jar > Create CustomJar.
    2. Enter Vendor Name as seas-auth.
    3. Enter Vendor Version as 1.0.
    4. Enter Jar Type as Property File.
    5. Enter Target Type as Every.
    6. Upload the seas-auth.properties file and click Save CustomJar.
    Tip: While performing steps 6 to 8, you may find that the ASI, AC, and API Pods take longer than usual time to start. This happens because with every pod start-up, the custom properties and jars are deployed again which increases the start-up time. Perform the following alternate steps to prevent the issue:
    1. Remove the properties and jar files from the Customization UI > Custom Jar.
    2. Copy the following files to resources PV after providing read permissions to all:
      • seas-auth.properties
      • seas-sso.jar
      • seas-sso.properties
      Note: You can find the files in /ibm/resources from any Pod.
    3. After you restart a pod, you should have the following entries added to the dynamicclasspath.cfg.in and dynamicclasspath.cfg files:
      VENDOR_JAR=/ibm/b2bi/install/jar/seas-sso/1.0/seas-sso.jar
PROPERTIES=/ibm/b2bi/install/properties/seas-sso/1.0
PROPERTIES=/ibm/b2bi/install/properties/seas-auth/1.0

seas-sso.jar should be part of /ibm/b2bi/install/jar/seas-sso/1.0 folder
seas-sso.properties should be part of /ibm/b2bi/install/properties/seas-sso/1.0
seas-auth.properties should be part of /ibm/b2bi/install/properties/seas-auth/1.0
      Note: In above case, seas version 1.0 is used as an example.
  9. Add your authentication profile(s) for SEAS/SSO:
    1. Navigate to PropertyFile > customer_overrides.
    2. Either import your customer_overrides file from the General tab or add each property individually using the Property tab.
  10. Run the following command to install the customizations:
    helm upgrade <release-name> --timeout 3600s --recreate-pods

Step result:
You can now perform external user authentication using SEAS on Sterling B2B Integrator installed using a Certified Container.