Prerequisites for Single Sign-On (SSO)

There are several prerequisites for configuring single sign-on (SSO) between the WebSphere® Application Servers that underlie the HCL Connections and ECM servers.

Before configuring SSO between the HCL Connections and ECM servers, ensure that:

  • The two instances of WebSphere® Application Server use the same LDAP directory for authentication.
  • The two instances of WebSphere® Application Server specify the same domain name (for example, .example.com) for all the single sign-on hosts.

    To verify the domain name, follow these steps to navigate to the single sign-on settings pages for the HCL Connections and ECM WebSphere® Application Server instances:

    On each server, complete the following steps:
    1. Open the WebSphere® Application Server administration console.
    2. Click Security > Global security.
    3. Click Web and SIP security.
    4. Click Single sign-on (SSO)
    5. See the value in the Domain name field.
  • Application security is enabled.

    Application security, including authentication and role-based authorization, is not enforced unless Global Security is active. Note that Global Security is enabled by default during the installation of HCL Connections. Thus, application security is enabled on HCL Connections, by default. Also, the fact that the two instances of WebSphere® Application Server use the same LDAP server for authentication ensures that application security is enabled on the HCL Connections server. You need to perform the following steps only if Application security has been disabled for some reason.

    On the HCL Connections server and on the ECM server, complete the following steps:
    1. Open the WebSphere® Application Server administration console.
    2. Expand Security > Global security.
    3. Select the Enable application security check box. See information on enabling security in the WebSphere® Application Server Knowledge Center.
    4. Click Apply.
    5. Click Save.