Configuring SSO for TRIRIGA® on WebSphere Liberty with IIS and AD
There are several steps for configuring single sign-on (SSO) with WebSphere Application Server Liberty, Microsoft Internet Information Services (IIS), and Microsoft Active Directory (AD).
Contents
I. Configuring WebSphere Liberty property trustedSensitiveHeaderOrigin
There was a change on WebSphere Liberty 19.0.0.4 that added a new configuration property named trustedSensitiveHeaderOrigin.
For more details, see Configuring WebSphere Liberty section in Potential WebSphere Application Server problems when deployed behind a WebSphere-aware proxy server support page.
On WebSphere Liberty, trustedSensitiveHeaderOrigin is configured as a HttpDispatcher custom property. This property has a default value of "none", which means that a subset of WebSphere-specific HTTP headers will not be trusted from any host. The property also accepts value a of "*" (all), or a comma-separated list of IP addresses. For a secure deployment in which proxy servers are used, the trustedSensitiveHeaderOrigin property should be configured with a comma-separated list of IP addresses corresponding to those of any WebSphere-aware proxy servers in front of the WebSphere server.
Alternatively, to enable the original unsecured behavior, set trustedSensitiveHeaderOrigin="*", which will direct the WebSphere server to trust all headers sent from any host or proxy. This value must only be used for testing, or if the WebSphere server is isolated from external connections.
For WebSphere Liberty servers, add the following line to the server.xml:
<httpDispatcher trustedSensitiveHeaderOrigin="<TRUSTED_PROXY_IP_ADDRESS>"/>
Replace <TRUSTED_PROXY_IP_ADDRESS>
with the IP of the web server machine
where the WebSphere plug-in is installed.
See reference: HTTP Dispatcher (httpDispatcher)
II. Configuring IIS to pass web requests to WebSphere Liberty
About this task
If you are using an already installed web server plug-in on the web server, reconfigure it to use the web server plug-in by using the following procedure.
You can create a web server configuration beforehand by using the WebSphere Customization Toolbox. The configuration will be installed to C:\Program Files (x86)\IBM\WebSphere\Plugins\config\webserver1. When you are prompted for the web server details, point to the URL by using the remote installation.
Procedure
III. Configuring SSO with Microsoft IIS
About this task
After configuring IIS to pass web requests to WebSphere Liberty, the next step is to set up SSO.
Procedure
IV. Troubleshooting IIS and Maximum File Upload Size
About this task
If you have MAXIMUM_UPLOAD_FILE_SIZE_MEGABYTES
property set to a large value
(for example, 50 MB) in the TRIRIGAWEB.properties file, but you are still
running into problems with uploading large files, Microsoft IIS Web Server's default configuration
needs to be changed to allow large files to be uploaded too.