How to configure the Dynamic Workload Console and the master domain manager for Single Sign-On
Configure the Dynamic Workload Console and the master domain manager for Single Sign-On.
About this task
Note: When implementing a configuration in Single Sign-On, ensure you have not specified the
engine credentials in the Manage Engine section.
To enable Single Sign-On between the Dynamic Workload Console and master domain manager, perform the following steps:
Procedure
- Configure the Lightweight Directory Access Protocol (LDAP) for the Dynamic Workload Console as explained in Configuring LDAP.
-
Create the Access Control list for the LDAP group. For example, to give full access on domain
and folders to the LDAP group perform the following steps:
- From the Dynamic Workload Console open the Manage Workload Security panel and select Give access to users and groups.
- Select the LDAP group from the drop-down list and FULLCONTROL in the field Role.
- Select Domain and assign ALLOBJECTS.
- Save and create new
- Select the LDAP group from the drop-down list and FULLCONTROL in the field Role.
- Select Folder and assign the root by clicking
/
. - Save
-
On the workstation where the master domain manager is installed, copy the template file located in the following directory to a temporary
directory:
TWA_home/usr/servers/engineServer/configDropins/templates
- Edit the template file with the information about your LDAP server.
-
Make a backup copy of the existing
authentication_config.xml
file located in the following path:- On UNIX operating systems
-
- master domain manager
-
TWA_DATA_DIR/usr/servers/engineServer/configDropins/overrides
- On Windows operating systems
-
- master domain manager
-
TWA_home\usr\servers\engineServer\configDropins\overrides
-
Replace the existing
authentication_config.xml
file with the template you updated with the information about your LDAP server. Ensure the file permissions and ownership are correct. -
Ensure that the ltpa.keys file on both the Dynamic Workload Console and the master domain manager are identical, copying the file from one
instance to the other. The file is located as follows:
- Dynamic Workload Console
-
DWC_home/usr/servers/dwcServer/resources/security
- master domain manager
-
TWA_home/usr/servers/engineServer/resources/security
- Restart WebSphere Application Server Liberty Base on both the master domain manager and the Dynamic Workload Console by running stopAppServer and startAppServer.