137 lines
9.8 KiB
HTML
137 lines
9.8 KiB
HTML
|
<?xml version="1.0" encoding="UTF-8"?>
|
||
|
<!DOCTYPE html
|
||
|
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
|
||
|
<html lang="en-us" xml:lang="en-us">
|
||
|
<head>
|
||
|
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
|
||
|
<meta name="security" content="public" />
|
||
|
<meta name="Robots" content="index,follow" />
|
||
|
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
|
||
|
<meta name="DC.Type" content="concept" />
|
||
|
<meta name="DC.Title" content="Single sign-on considerations" />
|
||
|
<meta name="abstract" content="This topic lists considerations for Single sign-on (SSO) with iSeries Access for Web in the Web application server and portal environments." />
|
||
|
<meta name="description" content="This topic lists considerations for Single sign-on (SSO) with iSeries Access for Web in the Web application server and portal environments." />
|
||
|
<meta name="DC.Relation" scheme="URI" content="rzammsecurity.htm" />
|
||
|
<meta name="DC.Relation" scheme="URI" content="rzammeimconfig.htm" />
|
||
|
<meta name="DC.Relation" scheme="URI" content="rzammportletsRefIFrame.htm" />
|
||
|
<meta name="DC.Relation" scheme="URI" content="rzammlogintemplate.htm" />
|
||
|
<meta name="DC.Relation" scheme="URI" content="../rzalv/rzalvmst.htm" />
|
||
|
<meta name="DC.Relation" scheme="URI" content="rzammiawconfig.htm" />
|
||
|
<meta name="DC.Relation" scheme="URI" content="rzammdefaultpg.htm" />
|
||
|
<meta name="DC.Relation" scheme="URI" content="portconfig.htm" />
|
||
|
<meta name="DC.Relation" scheme="URI" content="rzammconfigapsrvsso.htm" />
|
||
|
<meta name="DC.Relation" scheme="URI" content="rzammxmpportesso.htm" />
|
||
|
<meta name="copyright" content="(C) Copyright IBM Corporation 2003, 2006" />
|
||
|
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 2003, 2006" />
|
||
|
<meta name="DC.Format" content="XHTML" />
|
||
|
<meta name="DC.Identifier" content="rzammsso.dita" />
|
||
|
<meta name="DC.Language" content="en-us" />
|
||
|
<!-- All rights reserved. Licensed Materials Property of IBM -->
|
||
|
<!-- US Government Users Restricted Rights -->
|
||
|
<!-- Use, duplication or disclosure restricted by -->
|
||
|
<!-- GSA ADP Schedule Contract with IBM Corp. -->
|
||
|
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
|
||
|
<link rel="stylesheet" type="text/css" href="./ic.css" />
|
||
|
<title>Single sign-on considerations</title>
|
||
|
</head>
|
||
|
<body id="rzammsso.dita"><a name="rzammsso.dita"><!-- --></a>
|
||
|
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
|
||
|
<h1 class="topictitle1">Single sign-on considerations</h1>
|
||
|
<div><p>This topic lists considerations for Single sign-on (SSO) with iSeries™ Access
|
||
|
for Web in the Web application server and portal environments.</p>
|
||
|
<p>iSeries Access
|
||
|
for Web supports participating in WebSphere<sup>®</sup> SSO environments. When enabled,
|
||
|
users provide WebSphere credentials
|
||
|
when accessing i5/OS™ resources
|
||
|
with iSeries Access
|
||
|
for Web. The user is authenticated with the active WebSphere user registry and Enterprise
|
||
|
Identity Mapping (EIM) is used to map the authenticated WebSphere user
|
||
|
identity to an i5/OS user
|
||
|
profile. The i5/OS user
|
||
|
profile is used to authorize access to the requested i5/OS resources. Single sign-on with WebSphere is
|
||
|
supported in both the Web application server and portal environments.</p>
|
||
|
<div class="p">SSO with WebSphere and iSeries Access
|
||
|
for Web require the following configurations: <ul><li>WebSphere Application
|
||
|
Server with global security enabled and an active user registry to authenticate
|
||
|
users. </li>
|
||
|
<li>An EIM domain configuration to enable mapping of WebSphere user identities to i5/OS user profiles.
|
||
|
</li>
|
||
|
<li>The EIM Identity Token Connector (resource adapter) installed and configured
|
||
|
into WebSphere Application
|
||
|
Server. </li>
|
||
|
</ul>
|
||
|
</div>
|
||
|
<div class="section"><h4 class="sectiontitle">WebSphere global
|
||
|
security</h4><p>For information on WebSphere global security, search
|
||
|
for "Configuring global security" in the appropriate version of the WebSphere Application
|
||
|
Server information center. Links to the WebSphere information centers are
|
||
|
in the <a href="http://www.ibm.com/servers/eserver/iseries/software/websphere/wsappserver/" target="_blank">IBM<sup>®</sup> WebSphere Application Server documentation</a>.</p>
|
||
|
</div>
|
||
|
<div class="section"><h4 class="sectiontitle">EIM domain configuration</h4><p>For information on EIM
|
||
|
domain configuration, see the "Configure Enterprise Identity Mapping" topic. </p>
|
||
|
</div>
|
||
|
<div class="section"><h4 class="sectiontitle">EIM Identity Token Connector</h4><p>The EIM Identity Token
|
||
|
Connector is a resource adapter that must be installed and configured into WebSphere when
|
||
|
enabling iSeries Access
|
||
|
for Web for WebSphere SSO.
|
||
|
The iSeries Access
|
||
|
for Web application and portal application request identity tokens from the
|
||
|
connector. Identity tokens are encrypted data strings that represent the currently
|
||
|
authenticated WebSphere user.
|
||
|
Identity tokens are input to EIM lookup operations, which map an authenticated WebSphere user
|
||
|
identity to an i5/OS user
|
||
|
profile. </p>
|
||
|
<p>The connector supports J2C connection factories with JNDI
|
||
|
names <span class="uicontrol">eis/IdentityToken</span> and <span class="uicontrol">eis/iwa_IdentityToken</span>.
|
||
|
By default, iSeries Access
|
||
|
for Web attempts to use configuration values from the factory defined with
|
||
|
JNDI name <span class="uicontrol">eis/iwa_IdentityToken</span>. If this factory is
|
||
|
not found, configuration values from the factory defined with JNDI name <span class="uicontrol">eis/IdentityToken</span> are
|
||
|
used. </p>
|
||
|
<p>For information on EIM Identity Token Connector configuration,
|
||
|
follow this path in the <a href="http://publib.boulder.ibm.com/infocenter/wasinfo/v6r0/index.jsp" target="_blank">WebSphere Application Server for OS/400<sup>®</sup>, Version
|
||
|
6 Information Center</a>: <span class="menucascade"><span class="uicontrol">Securing applications
|
||
|
and their environment</span> > <span class="uicontrol">Integrating IBM WebSphere Application
|
||
|
Server security with existing security systems</span> > <span class="uicontrol">Configure
|
||
|
the EIM Identity Token Connection Factory</span></span>.</p>
|
||
|
</div>
|
||
|
<div class="section"><img src="./delta.gif" alt="Start of change" /><h4 class="sectiontitle">Configuration examples</h4>See "WebSphere Application
|
||
|
Server V6.0 for OS/400 with
|
||
|
Single sign-on" topic for an example of configuring iSeries Access for Web with SSO in a
|
||
|
Web application server environment. <p>See "WebSphere Portal - Express for Multiplatforms
|
||
|
V5.0.2 (iSeries)
|
||
|
with Single sign-on" topic for an example of configuring iSeries Access
|
||
|
for Web with SSO in a portal application environment.</p>
|
||
|
<img src="./deltaend.gif" alt="End of change" /></div>
|
||
|
</div>
|
||
|
<div>
|
||
|
<ul class="ullinks">
|
||
|
<li class="ulchildlink"><strong><a href="rzammeimconfig.htm">Configure Enterprise Identity Mapping</a></strong><br />
|
||
|
In order to enable Single sign-on (SSO) with WebSphere and iSeries Access
|
||
|
for Web, you must configure Enterprise Identity Mapping (EIM). This topic
|
||
|
provides an overview of the steps to configure EIM. These steps are intended
|
||
|
as a guide to administrators when planning and configuring the EIM environment. </li>
|
||
|
</ul>
|
||
|
|
||
|
<div class="familylinks">
|
||
|
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzammsecurity.htm" title="Learn about security considerations with iSeries Access for Web.">Security considerations</a></div>
|
||
|
</div>
|
||
|
<div class="relconcepts"><strong>Related concepts</strong><br />
|
||
|
<div><a href="rzammportletsRefIFrame.htm" title="The iSeries Access for Web IFrame portlet provides the ability to access iSeries Access for Web servlet functions from a portal environment.">IFrame</a></div>
|
||
|
<div><a href="rzammlogintemplate.htm" title="The main page is displayed when the iSeries Access for Web main page address is accessed without any parameters.">Login template</a></div>
|
||
|
<div><a href="rzammdefaultpg.htm" title="iSeries Access for Web generates most of its page content dynamically in response to user actions. The remainder of the content is retrieved from static HTML files. A style sheet is also used to control certain aspects of the content's appearance.">Default page content</a></div>
|
||
|
</div>
|
||
|
<div class="reltasks"><strong>Related tasks</strong><br />
|
||
|
<div><a href="rzammconfigapsrvsso.htm" title="This example is for users that are not familiar with the Web serving environment. It describes all the steps necessary to get iSeries Access for Web running in a WebSphere Application Server V6.0 for OS/400 environment with single sign-on (SSO) enabled. It also describes how to verify that the setup is working.">Configure WebSphere Application Server V6.0 for OS/400 with Single sign-on</a></div>
|
||
|
<div><a href="rzammxmpportesso.htm" title="This example is for users that are not familiar with the Web serving environment. It describes all the steps necessary to get iSeries Access for Web running in a WebSphere Portal web serving environment with single sign-on (SSO) enabled. It also describes how to verify that the setup is working.">Configure WebSphere Portal - Express for Multiplatforms V5.0.2 (iSeries) with Single sign-on</a></div>
|
||
|
</div>
|
||
|
<div class="relref"><strong>Related reference</strong><br />
|
||
|
<div><a href="rzammiawconfig.htm" title="Installing iSeries Access for Web to the iSeries server does not make it available for use. To use iSeries Access for Web, it must be configured to the Web application server (WebSphere or ASF Tomcat).">Configure iSeries Access for Web in a Web application server environment</a></div>
|
||
|
<div><a href="portconfig.htm" title="Follow the steps necessary configure iSeries Access for Web in a portal environment.">Configure iSeries Access for Web in a portal environment</a></div>
|
||
|
</div>
|
||
|
<div class="relinfo"><strong>Related information</strong><br />
|
||
|
<div><a href="../rzalv/rzalvmst.htm">Enterprise Identity Mapping</a></div>
|
||
|
</div>
|
||
|
</div>
|
||
|
</body>
|
||
|
</html>
|