Option 2: Configuring single sign-on based on IBM Lightweight Third-Party Authentication

You can configure single sign-on based on IBM Lightweight Third-Party Authentication(LTPA)with ® IBM Security Access Manager for Web.

Before you begin

Back up the following files before you start configuring single sign-on:
  • server.xml
    • Unix systems installation_dir/wlp/usr/servers/server1
    • Windows systems installation_dir\wlp\usr\servers\server1
  • web.xml
    • Unix systems installation_dir/wlp/usr/servers/server1/apps/tema.war/WEB-INF
    • Windows systems installation_dir\wlp\usr\servers\server1\apps\tema.war\WEB-INF

About this task

The following scenario presents a typical workflow for configuring BigFix InventoryLicense Metric Tool to work with BigFix® Security Access Manager. However, you might want to use other software products for enabling single sign-on in your infrastructure.

Procedure

  1. Configure the connection to your directory server.
  2. Create the users that will be authenticated with the single sign-on server. You must create at least one user that has the Administrator role.
    Important: Ensure that you select Single Sign-on from the Authenticated method drop-down list.
  3. Export the LDAP server SSL certificate embedded in BigFix® IBM Security Access Manager for Web.
  4. Configure LTPA single sign-on in BigFix InventoryLicense Metric Tool web user interface.
  5. Import the LTPA keys into BigFix® Security Access Manager for Web.
  6. Import the BigFix InventoryLicense Metric Tool server certificate into BigFix® Security Access Manager for Web.
  7. Configure a Virtual Junction in BigFix® IBM Security Access Manager for Web.
  8. Enable single sign-on in BigFix InventoryLicense Metric Tool.
  9. Optional: Update the WebUI shortcut (Windows only)
  10. Optional: Reverting SSO configuration for LTPA.

    You can revert to the default LTPA SSO configuration with single sign-on disabled if there are problems with logging in to the application.