To enable Kerberos under WebSphere, you must set up a special
Engine Kerberos Service Authentication Provider.
About this task
To set up the special Engine Kerberos Service Authentication
Provider:
Procedure
- Copy the Engine-authn.jar to the following
location:
Option |
Description |
Windows |
%WAS_HOME%\lib |
UNIX |
${WAS_HOME}/lib |
This JAR file can be found in the Content Platform Engine installation directory,
such as Program Files\FileNet\ContentEngine\Kerberos for
Windows or installdir/FileNet/ContentEngine/Kerberos for
UNIX.
- Start the WebSphere server and run the administrative console.
- In the page, select Trust all realms (including
those external to this cell).
- In the page, click Java
Authentication and Authorization Service, to show the
items underneath, then click Application Logins.
- Create FileNetP8KerberosService configuration in the Application
Logins. If Content Platform Engine is
configured using Configuration Manager, then a FileNetP8KerberosService
is already created, and there is no need to add this again. Otherwise,
click New and follow instruction to add FileNetP8KerberosService
login configuration.
- Once FileNetP8KerberosService configuration is created,
click FileNetP8KerberosService, and follow
the steps to add three login modules.
- Click New and in Module Classname enter: com.filenet.engine.authentication.kerberos.login.KrbServiceLoginModule
Leave
other fields as is. Click OK
- If desired, add any options by clicking the new KrbServerLoginModule entry,
click Custom Properties, then New,
and then enter the option name (for example, debug)
and its value (for example, true). Click OK and
then click JAAS Login Modules.
- Click New and in Module Classname
enter: com.ibm.ws.security.server.lm.ltpaLoginModule
Leave
other fields as is. Click OK
- Click New and in Module Classname
enter: com.ibm.ws.security.server.lm.wsMapDefaultInboundLoginModule
Leave
other fields as is. Click OK
- Save the changes.