Option 2: Configuring single sign-on based on IBM Lightweight Third-Party Authentication

You can configure single sign-on based on IBM® Lightweight Third-Party Authentication (LTPA) with IBM IBM Security Access Manager for Web.

Before you begin

Back up the following files before you start configuring single sign-on:
  • server.xml
    • Unix systems installation_dir/wlp/usr/servers/server1
    • Windows systems installation_dir\wlp\usr\servers\server1
  • web.xml
    • Unix systems installation_dir/wlp/usr/servers/server1/apps/tema.war/WEB-INF
    • Windows systems installation_dir\wlp\usr\servers\server1\apps\tema.war\WEB-INF

About this task

The following scenario presents a typical workflow for configuring License Metric Tool to work with IBM Security Access Manager. However, you might want to use other software products for enabling single sign-on in your infrastructure.


  1. Configure the connection to your directory server.
  2. Create the users that will be authenticated with the single sign-on server. You must create at least one user that has the Administrator role.
    Important: Ensure that you select Single Sign-on from the Authenticated method drop-down list.
  3. Export the LDAP server SSL certificate embedded in IBM Security Access Manager for Web.
  4. Configure LTPA single sign-on in License Metric Tool web user interface.
  5. Import the LTPA keys into IBM Security Access Manager for Web.
  6. Import the License Metric Tool server certificate into IBM Security Access Manager for Web.
  7. Configure a Virtual Junction in IBM Security Access Manager for Web.
  8. Enable single sign-on in License Metric Tool.
  9. Optional: Update the WebUI shortcut (Windows only)
  10. Optional: Reverting SSO configuration for LTPA.

    You can revert to the default LTPA SSO configuration with single sign-on disabled if there are problems with logging in to the application.