Configuring single sign-on
Enabling single sign-on (SSO) preserves user authentication when the user switches between HCL Commerce and HCL Digital Experience.
About this task
Before you can use single sign-on for the HCL Commerce and HCL Digital Experience integration, you must complete the following tasks:
- Install and configure an LDAP server. To configure an LDAP server see Configuring directory services (LDAP) with HCL Commerce.
- Enable WebSphere Application Server security with Federated Repositories.
- Enable single sign-on.
Procedure
To enable single sign-on between the HCL Commerce Authoring
server and HCL Digital Experience Authoring Server, complete the following
steps:
- Manually create a group under the HCL Commerce root organization to contain HCL Digital Experience groups. For example, cn=groups, o=root organization.
- Log in to the HCL Digital Experience Configuration Wizard to setup LDAP (Federated Repositories) using the following link: https://<hostname>/hcl/wizard.
-
Follow the instructions provided in the HCL Digital Experience
documentation: https://help.hcltechsw.com/digital-experience/8.5/config/cw_overview.html
-
Change the federated repository name for HCL Digital Experience Auth to the
same realm name as HCL Commerce Auth.
- Go to the HCL Digital Experience Auth WebSphere Application Server Administration console.
- Go to Global security and click Federated repositories > Configure.
- Change the Realm name to the HCL Commerce federated repositories realm name. For example: myrealm.
-
Enable single sign-on for HCL Digital Experience Auth server by following
the instructions provided in the WebSphere Application Server documentation: https://www.ibm.com/support/knowledgecenter/SSEQTP_9.0.5/com.ibm.websphere.base.doc/ae/usec_sso.html
- Log in to the Auth HCL Digital Experience IBM console: https://<hostname>/ibm/console.
- Go to Security > Global Security > Web and SIP security > Single sign-on (SSO).
- Select Require SSL.
- Enter the domain name.
- Click Apply and Save.
-
Export the LTPA token from the HCL Commerce Auth
ts-app container.
-
Import the LTPA token to the HCL Digital Experience Auth container by
following the instructions in the WebSphere Application Server documentation: https://www.ibm.com/support/knowledgecenter/SSEQTP_9.0.5/com.ibm.websphere.base.doc/ae/tsec_altpaimp.html