[1.0.1.0 and later][Network Deployment 9.0.5.26 or
later]

Authenticating MoRE users by using single sign-on

You can authenticate MoRE users with a user registry or OpenID Connect and configure single sign-on with Lightweight Third Party Authentication (LTPA).

Before you begin

Review the security limitations to make sure that the features that you want are available.

About this task

You configure a user registry and the authentication cache. You can optionally configure LTPA single sign-on and optionally configure an OpenID Connect Relying Party.

Procedure

  • Configure a user registry.

    Information about users and groups exists in a user registry. A user registry authenticates a user and retrieves information about users and groups to perform security-related functions, including authentication and authorization.

  • (Optional) Configure single sign-on (LTPA).

    You can configure single sign-on for the first time. With single sign-on (SSO) support, web users can authenticate one time when they access web resources across multiple application servers. Form login mechanisms for web applications require that SSO is enabled.

  • Configure the authentication cache.

    The security authentication cache affects the frequency of rehashing and the distribution of the hash algorithms.

  • (Optional) Configure OpenID Connect Relying Party.

    If an existing WebSphere Application Server Network Deployment traditional OIDC Relying Party TAI configuration is relatively simple, you can migrate the TAI configuration to your managed Liberty servers. You can alternatively configure an OpenID Connect (OIDC) Relying Party (RP or client) to manage Liberty servers in your cell.

What to do next

After you configure authentication, you must authorize access to resources.