Configuring an IBM Tivoli Directory Server

Enable web single sign-on and use IBM Tivoli Directory Server as an identity provider.

About this task

Client applications, for example, the Dynamic Workload Console, can verify the identity of a user by relying on authentication from IBM Tivoli Directory Server. You can configure the WebSphere Application Server Liberty Base server to function as IBM Tivoli Directory Server to take advantage of web single sign-on and to use IBM Tivoli Directory Server as an identity provider.

To simply the configuration of the WebSphere Application Server Liberty Base server, a sample configuration file in XML format is provided named auth_IDS_config.xml.

Procedure

Update the configuration file with the details about your identity provider.
  1. Copy the template file to a working directory. The template is located in the following path:
    UNIX
    DWC_DATA_dir/usr/servers/dwcServer/configDropins/templates/authentication
    Windows
    DWC_home\usr\servers\dwcServer\configDropins\templates\authentication
  2. Edit the template file in the working directory with the desired configuration.
  3. Optionally, create a backup copy of the configuration file authentication_config.xml present in the overrides directory in a different directory.
    Ensure you do not copy the backup file in the path where the template files are located.
  4. The overrides directory is located in the following path:
    UNIX
    DWC_DATA_dir/usr/servers/dwcServer/configDropins/overrides
    Windows
    DWC_home\usr\servers\dwcServer\configDropins\overrides
  5. Copy the updated template file to the overrides directory, renaming it to authentication_config.xml to override the original authentication_config.xml file.
    Alternatively, if you prefer maintaining the original name of the template, ensure you delete authentication_config.xml after you have copied the updated template file to the overrides directory to avoid conflicts.
  6. Stop and restart WebSphere Application Server Liberty Base using the stopappserver and startappserver commands located in TWA_home/appservertools.

What to do next

For more detailed information about the IBM Tivoli Directory Server parameters and values to configure in the auth_IDS_config.xml file, see the related WebSphere Application Server Liberty Base documentation at Configuring LDAP user registries in Liberty.