cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SSO to Websphere

Former Member

on ‎03-17-2005 3:02 PM

0 Kudos

Can somebody direct me to a document/note with instruction to achieve SSO websphere? Is LTPA token the only way to achieve SSO to websphere?

Help would be really appreciated.

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (3)

Answers (3)

Former Member
‎06-23-2005 1:22 PM
0 Kudos

Hi,

Form based authentication (j_security_check) and LTPA is used for authenticating the userID and Password in my application. Now i am facing very weird situation. Sometimes it happens that even on giving the correct/valid userID and Password, the users gets the message that "Entered UserID/Password is not valid". But it should not be the case, the user should get this error message only when he/she enters wrong or invalid ID/Password. But it happens even on giving correct/valid UserID/password. Though it happens very rarely but it does happen. If anybody has some solution to this problem or idea that how to resolve or debugged the same, Please let me know ASAP. Please mail at my ID Also... id is shikha828@yahoo.co.in. It is urgently required.

Thanks in advance..

Shikha

Show replies
Show replies
MichaelSambeth
Advisor
Advisor
‎03-22-2005 12:50 PM
0 Kudos

Hello Madhavi,

the problem is, that there are no released APIs for LtpaToken by IBM. So the only way to work with the Ltpa Token is to post it to some IBM or Lotus System for validation and user extraction. SAP WebAS JAVA cannot validate a Ltpa token itself.

Other alternatives are to make IBM trust the SAP Logon Ticket. Since SAP Logon Ticket are based on released APIs it is fairly easy to enable non-SAP JAVA systems with SAP Logon Ticket processing. Please see:

https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/com.sap.km.cm.docs/documents/a1-8-4/enabling single sign-on from sap j2ee engine to non-sap java applications.article

and

https://media.sdn.sap.com/javadocs/NW04/SP9/ume/index.html

https://media.sdn.sap.com/javadocs/NW04/SP9/ume/com/sap/security/api/ticket/TicketVerifier.html

SAP Logon Tickets work with all SAP WebAS releases (6.10, 6.20 and 6.40 and...)

Another way would be using a HTTP reverse proxy for authentication and make the SAP portal as well as IBM trust this proxy authentication.

Regards

Michael

Show replies
Show replies
Former Member
‎03-22-2005 6:33 PM
0 Kudos

I've implemented this once, but then we had domino and websphere using the same LTPA tokens (trusting each other).

We then installed domino ticket verifier on the domino servers, so that you can convert a SAP logon ticket to an LTPA token. Since there is no equivalent on websphere, we included an invisible iview in the portal framework which got the LTPA token from domino at logon time. This ticket could then be used against websphere.

Kerberos with SPENGO will be supported in websphere 7 , but that might be a bit too long to wait.

Former Member
‎04-13-2005 2:43 PM
0 Kudos

Hi,

we write a guide for SSO between IBM WebSphere and SAP Portal. It is here in SDN aviable at:

https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/com.sap.km.cm.docs/library/uuid/85ca1a18-0301...

This Guide explains the SSO Solution for IBM WebSphere Portal is the Umbrella Portal. That means the First login of the User is on the IBM Portal.

For scenarions where SAP Portal make the SAP Logon Ticket aviable on the IBM Websphere Portal via an TAI Modul an the SAP Logon Ticket Librarys.

Best regards,

Patrick

http://www.unternehmensportale.biz

Former Member
‎03-21-2005 9:39 PM
0 Kudos

Hi,

LTPA would be the preferred way. However there is (to my knowledge) no easy way to generate an LTPA token with freely chosen content (i.e. for a given user ID). Alternatively, you could try using SAP's sap logon ticket verification libraries. Lastly, usermapping (i.e storing user id and password for websphere access) is always possible with EP.

Hope it helps,

Dominik

...and:


if(helpful) {
  points++;
}
// :-)

Show replies
Show replies
Ask a Question