How to configure the Dynamic Workload Console and the master domain manager for Single Sign-On

Configure the Dynamic Workload Console and the master domain manager for Single Sign-On.

About this task

Note: When implementing a configuration in Single Sign-On, ensure you have not specified the engine credentials in the Manage Engine section.

To enable Single Sign-On between the Dynamic Workload Console and master domain manager, perform the following steps:

Procedure

  1. Configure the Lightweight Directory Access Protocol (LDAP) for the Dynamic Workload Console as explained in Configuring LDAP.
  2. Create the Access Control list for the LDAP group. For example, to give full access on domain and folders to the LDAP group perform the following steps:
    1. From the Dynamic Workload Console open the Manage Workload Security panel and select Give access to users and groups.
    2. Select the LDAP group from the drop-down list and FULLCONTROL in the field Role.
    3. Select Domain and assign ALLOBJECTS.
    4. Save and create new
    5. Select the LDAP group from the drop-down list and FULLCONTROL in the field Role.
    6. Select Folder and assign the root by clicking /.
    7. Save
  3. On the workstation where the master domain manager is installed, copy the template file located in the following directory to a temporary directory: 
    TWA_home/usr/servers/engineServer/configDropins/templates
  4. Edit the template file with the information about your LDAP server.
  5. Make a backup copy of the existing authentication_config.xml file located in the following path:
    On UNIX operating systems
    master domain manager
    TWA_DATA_DIR/usr/servers/engineServer/configDropins/overrides
    On Windows operating systems
    master domain manager
    TWA_home\usr\servers\engineServer\configDropins\overrides
  6. Replace the existing authentication_config.xml file with the template you updated with the information about your LDAP server. Ensure the file permissions and ownership are correct.
  7. Ensure that the ltpa.keys file on both the Dynamic Workload Console and the master domain manager are identical, copying the file from one instance to the other. The file is located as follows:
    Dynamic Workload Console
    DWC_home/usr/servers/dwcServer/resources/security
    master domain manager
    TWA_home/usr/servers/engineServer/resources/security
  8. Restart WebSphere Application Server Liberty Base on both the master domain manager and the Dynamic Workload Console by running stopAppServer and startAppServer.