Prerequisites for Single Sign-On (SSO)
There are several prerequisites for configuring single sign-on (SSO) between the WebSphere® Application Servers that underlie the IBM® Connections and ECM servers.
Before configuring SSO between the IBM® Connections and ECM servers, ensure that:
- The two instances of WebSphere® Application Server use the same LDAP directory for authentication.
- The two instances of WebSphere® Application
Server specify the same domain name (for example,
.example.com
) for all the single sign-on hosts.To verify the domain name, follow these steps to navigate to the single sign-on settings pages for the IBM® Connections and ECM WebSphere® Application Server instances:
On each server, complete the following steps:- Open the WebSphere® Application Server administration console.
- Click Security > Global security.
- Click Web and SIP security.
- Click Single sign-on (SSO)
- See the value in the Domain name field.
- Application security is enabled.
Application security, including authentication and role-based authorization, is not enforced unless Global Security is active. Note that Global Security is enabled by default during the installation of IBM® Connections. Thus, application security is enabled on IBM® Connections, by default. Also, the fact that the two instances of WebSphere® Application Server use the same LDAP server for authentication ensures that application security is enabled on the IBM® Connections server. You need to perform the following steps only if Application security has been disabled for some reason.
On the IBM® Connections server and on the ECM server, complete the following steps:- Open the WebSphere® Application Server administration console.
- Expand Security > Global security.
- Select the Enable application security check box. See information on enabling security in the WebSphere® Application Server Knowledge Center.
- Click Apply.
- Click Save.