Enabling third party authentication and single sign-on (SSO) in Inspector
This procedure describes how to enable third party authentication for MDM Inspector.
About this task
To enable third party authentication for MDM Inspector, you must take the following configuration changes.
Note: MDM Inspector uses MDM operational server for authentication. Therefore, to enable SSO for MDM
Inspector, you must follow the steps that are mentioned in Enabling third party authentication and single sign-on (SSO). This is to enable the SSO for
the MDM operational server.
Important: When you apply an InfoSphere® MDM feature pack
upgrade, your third party authentication configuration is reverted. Repeat this procedure to
reconfigure third party authentication.
Procedure
Results
After completing these steps, third party authentication is enabled.
Note: If you are using ISAM instead of Google OpenID, you might see the following error that is
caused by a missing JEE security role in the
web.xml
and
application.xml
files:
com.ibm.websphere.wim.exception.PasswordCheckFailedException: CWWIM4529E The password verification for the 'mpctest101' principal name failed. Root cause: 'javax.naming.AuthenticationException:[LDAP: error code 49 - 80090308: LdapErr: DSID-0C09042A, comment: AcceptSecurityContext error, data 52e, v3839^@]
To resolve this issue, edit both web.xml and application.xml to add the required security parameters:
- Update web.xml to add the parameters highlighted in
bold type
.<security-constraint> <web-resource-collection> <web-resource-name>SSL</web-resource-name> <url-pattern>/*</url-pattern> </web-resource-collection> <auth-constraint id="AuthConstraint_1" > <description> All Authenticated users </description> <role-name>All Role</role-name> </auth-constraint> <user-data-constraint> <transport-guarantee>CONFIDENTIAL</transport-guarantee> </user-data-constraint> </security-constraint> <security-constraint> <display-name>restrict http methods</display-name> <web-resource-collection> <web-resource-name>restricted methods</web-resource-name> <url-pattern>/*</url-pattern> <http-method>TRACE</http-method> </web-resource-collection> <auth-constraint id="AuthConstraint_2" > <description> All Authenticated users </description> <role-name>All Role</role-name> </auth-constraint> </security-constraint> <login-config> <auth-method>FORM</auth-method> <form-login-config> <form-login-page>/common/login.ihtml</form-login-page> </form-login-config> </login-config> <security-role id="SecurityRole_1" > <description>All Authenticated Users Role.</description> <role-name>All Role</role-name> </security-role>
- Update application.xml to add the parameters highlighted in
bold type
.<application id="Inspector" version="5" xsi:schemaLocation="http://java.sun.com/xml/ns/javaeehttp://java.sun.com/xml/ns/javaee/application_5.xsd" > <display-name>Inspector</display-name> <module id="Module_1334727512382" > <web> <web-uri>inspec tor.war</web-uri> <context-root>inspector</context-root> </web> </module> <security-role id="SecurityRole_1183122147906" > <description>All Authenticated users role.</description> <role-name>All Role</role-name> </security-role> </application>