friedkiwi/ibm-information-center
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
master
ibm-information-center/dist/eclipse/plugins/i5OS.ic.rzamm_5.4.0.1/rzammxmpportesso.htm

329 lines
23 KiB
HTML
Raw Permalink Normal View History

Add readme and dist folders
2024-04-02 14:02:31 +00:00
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en-us" xml:lang="en-us">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="security" content="public" />
<meta name="Robots" content="index,follow" />
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
<meta name="DC.Type" content="task" />
<meta name="DC.Title" content="Configure WebSphere Portal - Express for Multiplatforms V5.0.2 (iSeries) with Single sign-on" />
<meta name="abstract" content="This example is for users that are not familiar with the Web serving environment. It describes all the steps necessary to get iSeries Access for Web running in a WebSphere Portal web serving environment with single sign-on (SSO) enabled. It also describes how to verify that the setup is working." />
<meta name="description" content="This example is for users that are not familiar with the Web serving environment. It describes all the steps necessary to get iSeries Access for Web running in a WebSphere Portal web serving environment with single sign-on (SSO) enabled. It also describes how to verify that the setup is working." />
<meta name="DC.Relation" scheme="URI" content="rzammpxmpbeg.htm" />
<meta name="DC.Relation" scheme="URI" content="../clfinder/finder.htm" />
<meta name="DC.Relation" scheme="URI" content="rzammsso.htm" />
<meta name="copyright" content="(C) Copyright IBM Corporation 2003, 2006" />
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 2003, 2006" />
<meta name="DC.Format" content="XHTML" />
<meta name="DC.Identifier" content="rzammxmpportesso" />
<meta name="DC.Language" content="en-us" />
<!-- All rights reserved. Licensed Materials Property of IBM -->
<!-- US Government Users Restricted Rights -->
<!-- Use, duplication or disclosure restricted by -->
<!-- GSA ADP Schedule Contract with IBM Corp. -->
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
<link rel="stylesheet" type="text/css" href="./ic.css" />
<title>Configure WebSphere Portal - Express for Multiplatforms V5.0.2
(iSeries)
with Single sign-on</title>
</head>
<body id="rzammxmpportesso"><a name="rzammxmpportesso"><!-- --></a>
<img src="./delta.gif" alt="Start of change" /><!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
<h1 class="topictitle1">Configure WebSphere Portal - Express for Multiplatforms V5.0.2
(iSeries)
with Single sign-on</h1>
<div><p>This example is for users that are not familiar with the Web serving
environment. It describes all the steps necessary to get iSeries™ Access
for Web running in a WebSphere<sup>®</sup> Portal web serving environment with single
sign-on (SSO) enabled. It also describes how to verify that the setup is working. </p>
<div class="section"><p>When configuration is completed, the default setting for the iSeries Access
portlets authentication option is <span class="uicontrol">Use authenticated WebSphere credential</span>.
This option enables iSeries Access portlets to automatically access i5/OS™ resources
using the authenticated WebSphere Portal user. It is not necessary to configure i5/OS credentials
(user profile name and password) for each of the iSeries Access portlets when this type
of SSO environment is enabled. iSeries Access portlets use Enterprise
Identity Mapping (EIM) to map the authenticated WebSphere Portal user to an i5/OS user profile.
The mapped i5/OS user
profile is used to authorize the user to i5/OS resources using standard i5/OS object
level security.</p>
Configuring your portal environment consists of these steps:<ul><li>Configure the EIM environment. See the "<a href="rzammeimconfig.htm">Configure Enterprise Identity Mapping</a>"
topic for information about how to do this.</li>
<li>Start the IBM<sup>®</sup> Web
Administration for iSeries interface (also known as IBM HTTP Server
for iSeries).
See step <a href="#rzammxmpportesso__strtwbadmnsso">1</a>.</li>
<li>Create an HTTP Web server, create a WebSphere Application Server V5.0
for iSeries Web
application server, and deploy WebSphere Portal. See step <a href="#rzammxmpportesso__crtwbsvrsso">2</a>.</li>
<li>Configure iSeries Access
for Web. See step <a href="#rzammxmpportesso__confgiawsso">3</a>.</li>
<li>Use a browser to access iSeries Access for Web. See step <a href="#rzammxmpportesso__acciawsso">4</a>.</li>
</ul>
<strong>Steps to configure the portlet environment:</strong></div>
<ol><li id="rzammxmpportesso__strtwbadmnsso"><a name="rzammxmpportesso__strtwbadmnsso"><!-- --></a><span>Start the IBM Web Administration for iSeries interface. </span><ol type="a"><li><span>Start a 5250 session to the server.</span></li>
<li><span>Sign on with a user profile that has at least these special
authorities:  *ALLOBJ, *IOSYSCFG, *JOBCTL, and *SECADM.</span></li>
<li><span>Run the following server command to start the web administration
interface job: STRTCPSVR SERVER(*HTTP) HTTPSVR(*ADMIN)</span></li>
<li><span>Minimize the 5250 session.</span></li>
</ol>
</li>
<li id="rzammxmpportesso__crtwbsvrsso"><a name="rzammxmpportesso__crtwbsvrsso"><!-- --></a><span>Create an HTTP web server, create a WebSphere Application
Server V5.0 for iSeries Web
application server, and deploy WebSphere Portal:</span><ol type="a"><li class="substepexpand"><span>Open a browser to: http://&lt;<em>server_name</em>&gt;:2001</span></li>
<li class="substepexpand"><span>Log in with a user profile that has, at least these special
authorities:  *ALLOBJ, *IOSYSCFG, *JOBCTL, and *SECADM.</span></li>
<li class="substepexpand"><span>Select <span class="uicontrol">IBM Web Administration for iSeries</span>.</span></li>
<li class="substepexpand"><span>Select the <span class="uicontrol">Setup</span> tabbed page.</span></li>
<li class="substepexpand"><span>Under Common Tasks and Wizards, select <span class="uicontrol">Create WebSphere
Portal</span>.</span></li>
<li class="substepexpand"><span>The Create WebSphere Portal page opens. Select <span class="uicontrol">Next</span>.</span></li>
<li class="substepexpand"><span>The Create a WebSphere Application Server for the Portal - Specify
Name page opens. In the <span class="uicontrol">Application server name</span> field,
enter <samp class="codeph">iwawps5sso</samp>, then select <span class="uicontrol">Next</span>.</span></li>
<li class="substepexpand"><span>The Select HTTP Server Type page opens. Select <span class="uicontrol">Create
a new HTTP server (powered by Apache)</span>, then select <span class="uicontrol">Next</span>.</span></li>
<li class="substepexpand"><span>The Create a new HTTP server (powered by Apache) page opens.
      </span> <ul><li>For <span class="uicontrol">HTTP server name</span>, specify <samp class="codeph">IWAWPS5SSO</samp>.
  </li>
<li>For <span class="uicontrol">Port</span>, specify <samp class="codeph">4038</samp>.</li>
</ul>
 After entering the values, select <span class="uicontrol">Next</span>.</li>
<li class="substepexpand"><span>The Specify Internal Ports Used by the Application Server page
opens. For <span class="uicontrol">First port in range</span>, change the default
value to 41038, then select <span class="uicontrol">Next</span>. </span></li>
<li class="substepexpand"><span>The Create DB2<sup>®</sup> Database for Portal page opens. Select <span class="uicontrol">Next</span>.</span></li>
<li class="substepexpand"><span>The Specify User to Own the Portal Database page opens. The
page defaults to use an existing user profile, <samp class="codeph">wpsdbuser</samp>.</span> <ul><li>If you know the password for this user profile, enter it.</li>
<li>Otherwise, select <span class="uicontrol">Create a new user on this local system</span> and
follow the prompts. </li>
</ul>
In this example, we assume you use the existing user (default option).
After specifying the user profile, select <span class="uicontrol">Next</span>.</li>
<li class="substepexpand"><span>The <span class="q">"Create a default URL path, portal path, and personalized
path"</span> page opens. Leave the default values for the fields displayed. Select <span class="uicontrol">Next</span>.</span></li>
<li class="substepexpand"><span>The Configure Proxy Information for Content Access Service page
opens. Select <span class="uicontrol">Next</span>.</span></li>
<li class="substepexpand"><span>The Deploy Default Portlets page opens. Select <span class="uicontrol">Business
portlets</span> for deployment.  De-select all other optional portlets,
including <span class="uicontrol">iSeries Access portlets</span>. Select <span class="uicontrol">Next</span>.</span></li>
<li class="substepexpand"><span>The Secure Application Server and WebSphere Portal with LDAP page opens.
Select <span class="uicontrol">Yes, secure this server using LDAP</span>, then specify
these values:</span> <ul><li>For LDAP server host name, specify the fully qualified host name of the
LDAP server to contain the WebSphere active user registry. For example, <samp class="codeph">MYISERIES.MYCOMPANY.COM</samp></li>
<li>For LDAP Port, specify the port number of the LDAP server to contain the WebSphere active
user registry. For example, <samp class="codeph">389</samp>.</li>
</ul>
Select <span class="uicontrol">Next</span>.</li>
<li class="substepexpand"><span>The LDAP Authentication page opens. Specify these values:</span> <ul><li>For LDAP administrator DN, specify the distinguished name of the LDAP
administrator. For example: <samp class="codeph">cn=administrator</samp></li>
<li>For LDAP administrator password, specify the password of the LDAP administrator.
For example, <samp class="codeph">myadminpwd</samp>. </li>
</ul>
Select <span class="uicontrol">Next</span>.</li>
<li class="substepexpand"><span>The LDAP Configuration Parameters page opens. Select <span class="uicontrol">Next</span>.</span></li>
<li class="substepexpand"><span>The LDAP Administrative Group and Administrative User page opens. </span> For <span class="uicontrol">Password</span> and <span class="uicontrol">Confirm Password</span>,
enter the desired password for the portal administrator user id. <p>Select <span class="uicontrol">Next</span>.</p>
</li>
<li class="substepexpand"><span>The Web Server Single Signon (SSO) Configuration Parameters
page opens. Specify one of these:</span> <ul><li> If no other servers are part of the SSO domain, select <span class="uicontrol">Limit
SSO domain to this Web server's hostname</span>. </li>
<li>If other servers are part of the SSO domain, select <span class="uicontrol">Include
other Web servers in your SSO environment</span> and provide your SSO
domain name, for example, <samp class="codeph">MYCOMPANY.COM</samp>. </li>
</ul>
Select <span class="uicontrol">Next</span>.</li>
<li class="substepexpand"><span>If an SSO domain name was provided on the previous page, the <span class="q">"Configure
Lightweight Third Party Authentication (LTPA) for Web Server Single Signon
(SSO) Environment"</span> page opens. For <span class="uicontrol">LTPA password</span> and <span class="uicontrol">Confirm
Password</span>, enter the desired password for LTPA authentication. </span> <p>Select <span class="uicontrol">Next</span>.</p>
</li>
<li class="substepexpand"><span>The Configure Identity Token SSO for Web to i5/OS Access
page opens. Select <span class="uicontrol">Configure Identity Tokens</span> then specify
the following values:</span> <ul><li>For <span class="uicontrol">LDAP server host name</span>, specify the fully qualified
host name of the LDAP server hosting the EIM domain created during EIM setup.
For example, <samp class="codeph">MYISERIES.MYCOMPANY.COM</samp>.</li>
<li>For <span class="uicontrol">LDAP Port</span>, specify the port number of the LDAP
server hosting the EIM domain created during EIM setup. For example, <samp class="codeph">389</samp>.</li>
<li>For <span class="uicontrol">LDAP administrator DN</span>, specify the distinguished
name of the LDAP administrator. For example: <samp class="codeph">cn=administrator</samp>.</li>
<li>For <span class="uicontrol">LDAP administrator password</span>, specify the password
of the LDAP administrator. For example, <samp class="codeph">myadminpwd</samp>. </li>
</ul>
Select <span class="uicontrol">Next</span>.</li>
<li class="substepexpand"><span>The Configure Identity Token EIM Domain Information page opens.
Specify these values:</span> <ul><li>For <span class="uicontrol">EIM Domain Name</span>, select the name of the EIM
domain created during EIM setup. For example,  <samp class="codeph">EimDomain</samp>.
</li>
<li>For <span class="uicontrol">Source Registry Name</span>, select the name of the
EIM source registry created during EIM setup. For example,  <samp class="codeph">WebSphereUserRegistry</samp>. </li>
</ul>
Select <span class="uicontrol">Next</span>. </li>
<li class="substepexpand"><span>The Configure Look-Aside Database page opens. Select <span class="uicontrol">Next</span>. </span></li>
<li class="substepexpand"><span>The Summary page opens. Select <span class="uicontrol">Finish</span>.</span></li>
<li class="substepexpand"><span>The Web page is re-displayed.  The <span class="menucascade"><span class="uicontrol">Manage</span> &gt; <span class="uicontrol">Application Servers</span></span> tabbed page is active. </span> Under Instance/Server, iwawps5sso/iwawps5sso WAS, V5 (portal) is listed
with a status of Creating. From this Web page, you can manage the WebSphere application
server. <p>Use the refresh icon next to the Creating status to refresh the
page, if the page does not periodically refresh.</p>
<p>When the process completes,
the status is updated to Running. </p>
<p>Minimize the browser window.</p>
</li>
</ol>
</li>
<li id="rzammxmpportesso__confgiawsso"><a name="rzammxmpportesso__confgiawsso"><!-- --></a><span>Configure iSeries Access for Web</span><ol type="a"><li class="substepexpand"><span>Restore the 5250 session window. </span></li>
<li class="substepexpand"><span>To see the WebSphere application server running, Enter this
server command: WRKACTJOB SBS(QEJBAS5)</span></li>
<li class="substepexpand"><span>Verify that IWAWPS5SSO is listed as a job running under the
QEJBAS5 subsystem.  iSeries Access for Web requires WebSphere Portal
to be running before it can be configured.</span></li>
<li class="substepexpand"><span>To see the HTTP server running, run this server command:  
WRKACTJOB SBS(QHTTPSVR)</span></li>
<li class="substepexpand"><span>Verify that IWAWPS5SSO is listed as a running job.  There
will likely be multiple jobs of this name running. </span></li>
<li class="substepexpand"><span>iSeries Access
for Web portlets are configured using a command provided by the software product. 
Two different commands are provided, a CL command and a QShell script command. 
Both commands provide and perform the same function.  Use the command
you prefer. </span> <ul><li><strong>To use the CL command, follow these steps:</strong><ol type="i"><li>Configure iSeries Access
for Web portlets using the following command:   <pre>CFGACCWEB2 APPSVRTYPE (*WP50) WASINST(iwawps5sso)
WPUSRID(wpsadmin) WPPWD(wpsadmin)
WPURL('&lt;<em>server_name</em>&gt;:4038/wps/config') WPDFTPAG(*CREATE)</pre>
These
are the parameters used: <dl><dt class="dlterm">APPSVRTYPE</dt>
<dd>Tells the command which Web application server environment to configure. </dd>
<dt class="dlterm">WASINST</dt>
<dd>Tells the command which instance of the Web application server to configure.</dd>
<dt class="dlterm">WPUSRID</dt>
<dd>Tells the command what WebSphere Portal administrative user ID to use
to make the configuration change.</dd>
<dt class="dlterm">WPPWD</dt>
<dd>The password for the user ID entered with the WPUSRID parameter.</dd>
<dt class="dlterm">WPURL</dt>
<dd>Access the WebSphere Portal
configuration servlet so that the configuration changes can be made.</dd>
<dt class="dlterm">WPDFTPAG</dt>
<dd>Tells the command to create the default iSeries Access portlet pages and deploy
portlets to those pages.</dd>
</dl>
For help on this command and the parameters, press F1.</li>
<li>Several messages similar to these will be displayed:   <ul class="simple"><li><tt class="msgph">Configuring iSeries Access for Web. </tt></li>
<li><tt class="msgph">Preparing to perform the configuration changes. </tt></li>
<li><tt class="msgph">Calling WebSphere to perform the configuration changes.</tt></li>
<li><tt class="msgph">iSeries Access for Web command has completed.</tt></li>
<li><tt class="msgph">Refer to the following log file for additional success/failure
information:  /QIBM/UserData/Access/Web2/wp50/iwawps5sso/logs/cfgwps50iwa.log</tt><tt class="msgph">Refer
to the following log file for additional success/failure information: 
/QIBM/UserData/Access/Web2/wp50/iwawps5sso/logs/cfgwps50iwapage.log </tt></li>
<li><tt class="msgph">iSeries Access for Web command has completed.</tt></li>
</ul>
     </li>
<li>Press F3 or Enter when the command completes to exit the display session.</li>
</ol>
</li>
<li><strong>To use the QShell script command, follow these steps:</strong><ol type="i"><li>Start the QShell environment using the following server command: QSH</li>
<li>Make the iSeries Access
for Web directory the current directory.  Run this server command:  
<pre>cd /QIBM/ProdData/Access/Web2/install </pre>
</li>
<li>Configure iSeries Access
for Web portlets using the following command:   <pre>cfgaccweb2 -appsvrtype *WP50 -wasinst iwawps5sso wpusrid wpsadmin
-wppwd <var class="varname">wpsadmin</var> wpurl &lt;<em>server_name</em>&gt;:4038/wps/config
-wpdftpag *CREATE</pre>
These are the parameters used: <dl><dt class="dlterm">-appsvrtype</dt>
<dd>Tells the command which Web application server environment to configure. </dd>
<dt class="dlterm">-wasinst</dt>
<dd>Tells the command which instance of the Web application server to configure.</dd>
<dt class="dlterm">wpusrid</dt>
<dd>Tells the command what WebSphere Portal administrative user ID to use
to make the configuration change.</dd>
<dt class="dlterm">-wppwd</dt>
<dd>The password for the user ID entered with the WPUSRID parameter.</dd>
<dt class="dlterm">wpurl</dt>
<dd>Access the WebSphere Portal
configuration servlet so that the configuration changes can be made.</dd>
<dt class="dlterm">-wpdftpag</dt>
<dd>Tells the command to create the default iSeries Access portlet pages and deploy
portlets to those pages.</dd>
</dl>
For help on this command and the parameters, specify the -?
parameter. </li>
<li>Several messages similar to these will be displayed:   <ul class="simple"><li><tt class="msgph">Configuring iSeries Access for Web. </tt></li>
<li><tt class="msgph">Preparing to perform the configuration changes. </tt></li>
<li><tt class="msgph">Calling WebSphere to perform the configuration changes.</tt></li>
<li><tt class="msgph">iSeries Access for Web command has completed.</tt></li>
<li><tt class="msgph">Refer to the following log file for additional success/failure
information:  /QIBM/UserData/Access/Web2/wp50/iwawps5sso/logs/cfgwps50iwa.log</tt><tt class="msgph">Refer
to the following log file for additional success/failure information: 
/QIBM/UserData/Access/Web2/wp50/iwawps5sso/logs/cfgwps50iwapage.log </tt></li>
<li><tt class="msgph">iSeries Access for Web command has completed.</tt></li>
</ul>
     </li>
<li>Press F3 when the command completes to exit the QShell session.</li>
</ol>
</li>
</ul>
</li>
<li class="substepexpand"><span>If the command were to fail or indicate an error, refer to the
log files:</span> <dl><dt class="dlterm">/QIBM/UserData/Access/Web2/logs/cmds.log</dt>
<dd>High level, cause and recovery information; translated</dd>
<dt class="dlterm">/QIBM/UserData/Access/Web2/logs/cmdstrace.log</dt>
<dd>Detailed command flow for IBM Software Service; English only </dd>
<dt class="dlterm">/QIBM/UserData/Access/Web2/wp50/iwawps5sso/logs/cfgwps50iwa.log</dt>
<dd>Details deploying portlets. <div class="note"><span class="notetitle">Note:</span> This file might be in EBCDIC.</div>
</dd>
<dt class="dlterm">/QIBM/UserData/Access/Web2/wp50/iwawps5sso/logs/cfgwps50iwapage.log</dt>
<dd>Details creating portal pages. <div class="note"><span class="notetitle">Note:</span> This file might be in EBCDIC.</div>
</dd>
</dl>
</li>
<li class="substepexpand"><span>Signoff the 5250 session window.</span></li>
<li class="substepexpand"><span>Close the 5250 session window.</span></li>
</ol>
</li>
<li id="rzammxmpportesso__acciawsso"><a name="rzammxmpportesso__acciawsso"><!-- --></a><span>Use a browser to access iSeries Access for Web</span><ol type="a"><li><span>Open a web browser to the following addresses to access WebSphere Portal
and iSeries Access
for Web portlets:   http://&lt;<var class="varname">server_name</var>&gt;:4038/wps/portal.</span></li>
<li><span>Log in to WebSphere Portal using the wpsadmin for the user
ID and password.</span></li>
<li><span>The Portal page opens. Select the My iSeries tabbed page.  You might
need to move the tab bar to the right to see the My iSeries tab.</span></li>
<li><span>Navigate to the various sub-pages of the My iSeries tabbed
page.</span></li>
<li><span>Close the browser window.</span></li>
</ol>
</li>
</ol>
<div class="section">By following these steps, you completed these tasks:<ul><li>Configured an EIM environment to enable mapping of WebSphere Portal user identities to i5/OS user
profiles.</li>
<li>Created a WebSphere application
server named iwawps5sso.</li>
<li>Deployed the WebSphere Portal to the iwawps5sso WebSphere Web
application server.</li>
<li>Created an HTTP server named IWAWPS5SSO.</li>
<li>Configured iSeries Access
for Web portlets to WebSphere Portal.</li>
<li>Verified that iSeries Access for Web portlets can be accessed from
a web browser.</li>
</ul>
<p><img src="./delta.gif" alt="Start of change" />In this example, only the <span class="cmdname">CFGACCWEB2</span> command
is used to configure iSeries Access for Web. For more information about
using all the iSeries Access
for Web CL commands, use the CL command finder. <img src="./deltaend.gif" alt="End of change" /></p>
</div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzammpxmpbeg.htm" title="You must setup an HTTP server and portal server before configuring iSeries Access for Web on the iSeries server.">Examples for configuring a new portal environment</a></div>
</div>
<div class="relconcepts"><strong>Related concepts</strong><br />
<div><a href="rzammsso.htm" title="This topic lists considerations for Single sign-on (SSO) with iSeries Access for Web in the Web application server and portal environments.">Single sign-on considerations</a></div>
</div>
<div class="relinfo"><strong>Related information</strong><br />
<div><a href="../clfinder/finder.htm">CL command finder</a></div>
</div>
</div>
<img src="./deltaend.gif" alt="End of change" /></body>
</html>
Reference in New Issue Copy Permalink