WebSphere

Configuring SSO and SSL for widgets in WebSphere Portal

The first task for configuring Business Space widgets to work in WebSphere® Portal is to set up single sign-on (SSO) with WebSphere Portal and your Business Space server and to make sure the Secure Sockets Layer (SSL) certificates are exchanged between the servers for WebSphere Portal and Business Space.

Before you begin

Topic scope: This topic applies to the following products:
  • WebSphere Business Modeler Publishing Server
  • WebSphere Enterprise Service Bus
  • WebSphere Process Server

About this task

If WebSphere Portal and your product (WebSphere Business Modeler Publishing Server, WebSphere Process Server, or WebSphere Enterprise Service Bus) reside in separate cells, you must configure single sign-on between the two servers.

Your product offers Representational State Transfer (REST) APIs that can be accessed through the REST gateway. By default, the REST gateway is configured to accept only HTTPS connections. Because some widgets access these REST APIs, WebSphere Portal requires the SSL certificate imported from your product.

For the servers for both WebSphere Portal and your product, you must use the same user name and password to log on to the administrative console.

Procedure
  1. Set up single sign-on with the WebSphere Portal server. For a clustered environment, complete this step on the administrative console of the deployment manager.
    1. Log on to the WebSphere Portal administrative console for the WebSphere_Portal server.
    2. Navigate to Security > Secure administration, applications and infrastructure.
    3. Click Authentication Mechanism and Expiration. In the Cross-cell single sign-on section, type a password (this is only for encryption of the key file) and an absolute path for a key file.
    4. Click Export keys. The key file is generated.
    For a clustered environment, make sure to select Synchronize changes with Nodes on the Console Preferences page. (Navigate to System administration > Console Preferences.)
  2. Set up single sign-on with the Business Space server. For a clustered environment, complete this step on the administrative console of the deployment manager.
    1. Log on to the administrative console of your product (WebSphere Business Modeler Publishing Server, WebSphere Process Server, or WebSphere Enterprise Service Bus).
    2. Navigate to Security > Secure administration, applications and infrastructure.
    3. Click Authentication Mechanism and Expiration. In the Cross-cell single sign-on section, enter the password from step 1.c. and the absolute path to the key file.
    4. Click Import keys.
    5. Restart the Business Space server.
    For a clustered environment, make sure to select Synchronize changes with Nodes on the Console Preferences page. After single sign-on is configured, you can delete the key file.
  3. Set up the Secure Sockets Layer (SSL) certificates so that they are exchanged between the WebSphere Portal and Business Space servers.
    1. Log on to the administrative console of WebSphere Portal.
    2. Navigate to Security > SSL certificates and key management
    3. Under Related Items, click SSL configuration and select NodeDefaultSSLSettings.
    4. Under Related Items, click Key stores and certificates and select NodeDefaultTrustStore.

      If you use z/OS keyrings instead of the NodeDefaultTrustStore, see the related information "Importing a signer certificate from a truststore to a z/OS keyring."

    5. Under Additional Properties, click Signer Certificates.
    6. Make sure that your product server is running, click Retrieve from Port, and enter the correct host name and the HTTPS port of the default_host (default is 9443) in the two fields. You can select your own alias.
    7. Click Retrieve signer information. WebSphere Portal loads the certificate and displays its information. If the certificate is not loaded, check the connection properties.
    8. Click OK and save the configuration.

task Task topic

Terms of use | Feedback


Timestamp icon Last updated: 22 June 2010


http://publib.boulder.ibm.com/infocenter/dmndhelp/v6r2mx/topic/com.ibm.websphere.wbpm.bspace.config.620.doc/doc/tcfg_bsp_portal_sso.html
Copyright IBM Corporation 2005, 2010. All Rights Reserved.
This information center is powered by Eclipse technology (http://www.eclipse.org).