Enabling single sign-on for Windows desktop

Configure IBM Docs to use SPNEGO for single sign-on (SSO). This configuration permits users to sign in to the Microsoft Windows desktop and automatically authenticate with IBM Docs.

Before you begin

Verify that IBM Connections and Connections Docs works correctly without the SPNEGO authentication protocol.

About this task

The following steps assume that Connections Docs and IBM Connections are in the same cell.

Procedure

Complete the steps to enable SSO for IBM Docs to use SPNEGO.
  1. Make sure you have configured SSO for IBM Connections to use SPNEGO. To configure Connections to use SPNEGO for single sign-on (SSO), see Enabling single sign-on for Windows Desktop in the IBM Connections Knowledge Center. And make sure the SSO to use SPNEGO works first for IBM Connections.
  2. Map Active Directory account and create service principal name and keytab file for IBM Docs nodes.
    1. Follow the guide Mapping an Active Directory account to administrative roles to map Active Directory account for Docs nodes, Viewer nodes (if Viewer is not installed on same nodes with Connections), and Conversion nodes.
    2. Follow the guide Creating a service principal name and keytab file to create service principal name and keytab file for Docs nodes, Viewer nodes (if Viewer is not installed on same nodes with Connections), Docs nodes, and Conversion nodes.
    3. After you merge these new created keytab files into the Deployment Manager keytab file, and use the new merged keytab file to create Kerberos configuration file, for example, krb5.conf. Copy the two files (new merged keytab file and krb5.conf file) into the location that you configured in the guide Configuring SPNEGO (and Kerberos optionally) on WebSphere Application Server.
  3. Synchronize to all nodes first and restart all servers, including node agent, Deployment Manager, Connections, and Docs servers.