Prerequisites for Single Sign-On (SSO)

There are several prerequisites for configuring single sign-on (SSO) between the WebSphere® Application Servers that underlie the IBM® Connections and ECM servers.

Before configuring SSO between the IBM® Connections and ECM servers, ensure that:

  • The two instances of WebSphere® Application Server use the same LDAP directory for authentication.
  • The two instances of WebSphere® Application Server specify the same domain name (for example, .example.com) for all the single sign-on hosts.

    To verify the domain name, follow these steps to navigate to the single sign-on settings pages for the IBM® Connections and ECM WebSphere® Application Server instances:

    On each server, complete the following steps:
    1. Open the WebSphere® Application Server administration console.
    2. Click Security > Global security.
    3. Click Web and SIP security.
    4. Click Single sign-on (SSO)
    5. See the value in the Domain name field.
  • Application security is enabled.

    Application security, including authentication and role-based authorization, is not enforced unless Global Security is active. Note that Global Security is enabled by default during the installation of IBM® Connections. Thus, application security is enabled on IBM® Connections, by default. Also, the fact that the two instances of WebSphere® Application Server use the same LDAP server for authentication ensures that application security is enabled on the IBM® Connections server. You need to perform the following steps only if Application security has been disabled for some reason.

    On the IBM® Connections server and on the ECM server, complete the following steps:
    1. Open the WebSphere® Application Server administration console.
    2. Expand Security > Global security.
    3. Select the Enable application security check box. See information on enabling security in the WebSphere® Application Server Knowledge Center.
    4. Click Apply.
    5. Click Save.