Preparing the WebSphere® Application Server
To install the single sign-on application on a separate system than where IBM Verify Identity Governance is installed, you must modify the WebSphere environment on that system.
About this task
Procedure
- Make sure that administrative security is enabled for the profile on which the SSO application is to be installed.
-
Create a folder that is named classes, if it does not exist, in
WAS_HOME/profiles/profile_name folder on which SSO
application is deployed.
Copy the itim_server.jar, itim_common.jar, and jlog.jar files from IM_HOME/lib to the WAS_HOME/profiles/profile_name/classes folder on the WebSphere Application Server client.
-
Copy the following property files from IM_HOME/data
to the WAS_HOME/profiles/profile_name /properties folder on
the WebSphere Application Server client.
- enRole.properties
- enRoleAuthentication.properties
- enRoleLDAPConnection.properties
Specify the IBM Security Identity Manager LDAP server in the url java.naming.provider.url field. Use the IP address or machine name, such as java.naming.provider.url=ldap://10.88.36.209:389.
- Properties.properties
- tmsMessages.properties
- Create a data folder in the WAS_HOME/profiles/profile_name folder on the WebSphere Application Server client.
- Copy the IM_HOME/data/keystore folder to the WAS_HOME/profiles/profile_name/data folder on the WebSphere Application Server client.
- Restart the WebSphere Application Server client/server.
-
Log in to the WebSphere Application Server client.
On WebSphere administrative console, click Global security > Security Domains > Copy Global Security.
- Enter the information for IBM Security Identity Manager Security Domain.
- Click OK and save the changes to the master configuration.
-
Configure the security domain.
-
Go to Security Domain > ISIMSecurityDomain.
Specify server1 as the scope of the domain. Click OK and save the changes to the master configuration.
-
Go to Security Domain > ISIMSecurityDomain > Security Attributes > Application Security.
Select the option Customize for this domain and check the checkbox Enable Application Security. Click OK and save the changes to master configuration.
-
Go to Security Domain > ISIMSecurityDomain > User Realm.
Select Standalone custom registry.
-
Click Configure.
Enter the realm name and custom registry class name. Select Ignore case for authorization.
- Click OK and save the changes to master configuration.
-
Go to Security Domain > ISIMSecurityDomain.
-
Export and import the LTPA keys for the encryption and decryption of the identity tokens.
-
Export the LTPA key from the WebSphere Application Server, where IBM Verify Identity Governance is installed.
- Go to Global Security > LTPA.
- Specify a password in the Password and Confirm password fields.
- Specify the path and LTPA key file name in the Fully qualified key file name field.
- Click Export keys.
-
Import the LTPA key on the WebSphere Application Server client, where SSO application is
installed.
- Go to Global Security > LTPA.
- Specify the password that was used in exporting the LTPA key in the Password and Confirm password fields.
- Copy the LTPA key file from the WebSphere Application Server to the WebSphere Application Server client. Specify the path of the LTPA key file on the WebSphere Application Server client in the Fully qualified key file name field.
- Click Import keys.
- Save the changes to the master configuration.
-
Export the LTPA key from the WebSphere Application Server, where IBM Verify Identity Governance is installed.