How to configure the Dynamic Workload Console and the master domain manager for Single Sign-On

Configure the Dynamic Workload Console and the master domain manager for Single Sign-On.

About this task

You can configure Single Sign-On using a Lightweight Third-Party Authentication (LTPA) token or an MP-JWT token.

Note: When implementing a configuration in Single Sign-On, ensure you have not specified the engine credentials in the Manage Engine section.

Configuring the Dynamic Workload Console for Single-Sign-On with an LTPA token

About this task

To enable Single Sign-On between the Dynamic Workload Console and master domain manager, perform the following steps:

Procedure

  1. Configure an authentication provider for the Dynamic Workload Console as explained in Configuring a user registry.
  2. Create the Access Control list for the authentication provider user or group. For example, to give full access on domain and folders to the LDAP group perform the following steps:
    1. From the Dynamic Workload Console open the Manage Workload Security panel and select Give access to users and groups.
    2. Select the LDAP group from the drop-down list and FULLCONTROL in the field Role.
    3. Select Domain and assign ALLOBJECTS.
    4. Save and create new
    5. Select the LDAP group from the drop-down list and FULLCONTROL in the field Role.
    6. Select Folder and assign the root by clicking /.
    7. Save
  3. Ensure that the ltpa.keys file on both the Dynamic Workload Console and the master domain manager are identical, copying the file from one instance to the other. The file is located as follows:
    Dynamic Workload Console
    DWC_home/usr/servers/dwcServer/resources/security
    master domain manager
    TWA_home/usr/servers/engineServer/resources/security
  4. Restart WebSphere Application Server Liberty Base on both the master domain manager and the Dynamic Workload Console by running stopAppServer and startAppServer.

Configuring the Dynamic Workload Console for Single Sign-On with an MP-JWT token

About this task

Perform the following steps:

Procedure

  1. Configure an authentication provider for the Dynamic Workload Console as explained in Configuring a user registry.
  2. Create the Access Control list for the authentication provider user or group. For example, to give full access on folders to an LDAP group perform the following steps:
    1. From the Dynamic Workload Console open the Manage Workload Security panel and select Give access to users and groups.
    2. Select the LDAP group from the drop-down list and FULL_CONTROL in the field Role.
    3. Select Folder and assign the root by clicking /.
    4. Save